#!/bin/bash

# Update System
sudo apt-get update && sudo apt-get upgrade -y

# Install OpenVPN and Easy-RSA
sudo apt-get install openvpn easy-rsa -y

# Make Easy-RSA directory and set up variables
make-cadir ~/openvpn-ca
cd ~/openvpn-ca

# Build the Certificate Authority (CA)
source vars
./clean-all
./build-ca --batch

# Generate server certificate and key
./build-key-server --batch server

# Generate Diffie-Hellman parameters
./build-dh

# Generate HMAC signature to strengthen the server's TLS integrity verification capabilities
openvpn --genkey --secret keys/ta.key

# Copy the needed keys and certificates to OpenVPN directory
sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn

# Copy the sample server configuration
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

# Configure OpenVPN with Cloudflare DNS
echo 'push "dhcp-option DNS 1.1.1.1"' | sudo tee -a /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 1.0.0.1"' | sudo tee -a /etc/openvpn/server.conf

# Enable IP forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Start and enable OpenVPN service
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

echo "OpenVPN installation and configuration complete."