46 lines
1.3 KiB
Bash
Executable File
46 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Update System
|
|
sudo apt-get update && sudo apt-get upgrade -y
|
|
|
|
# Install OpenVPN and Easy-RSA
|
|
sudo apt-get install openvpn easy-rsa -y
|
|
|
|
# Make Easy-RSA directory and set up variables
|
|
make-cadir ~/openvpn-ca
|
|
cd ~/openvpn-ca
|
|
|
|
# Build the Certificate Authority (CA)
|
|
source vars
|
|
./clean-all
|
|
./build-ca --batch
|
|
|
|
# Generate server certificate and key
|
|
./build-key-server --batch server
|
|
|
|
# Generate Diffie-Hellman parameters
|
|
./build-dh
|
|
|
|
# Generate HMAC signature to strengthen the server's TLS integrity verification capabilities
|
|
openvpn --genkey --secret keys/ta.key
|
|
|
|
# Copy the needed keys and certificates to OpenVPN directory
|
|
sudo cp keys/{ca.crt,server.crt,server.key,ta.key,dh2048.pem} /etc/openvpn
|
|
|
|
# Copy the sample server configuration
|
|
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
|
|
|
|
# Configure OpenVPN with Cloudflare DNS
|
|
echo 'push "dhcp-option DNS 1.1.1.1"' | sudo tee -a /etc/openvpn/server.conf
|
|
echo 'push "dhcp-option DNS 1.0.0.1"' | sudo tee -a /etc/openvpn/server.conf
|
|
|
|
# Enable IP forwarding
|
|
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
|
|
sudo sysctl -p
|
|
|
|
# Start and enable OpenVPN service
|
|
sudo systemctl start openvpn@server
|
|
sudo systemctl enable openvpn@server
|
|
|
|
echo "OpenVPN installation and configuration complete."
|