Init

2025-03-19 19:27:42 -05:00
commit 135626f4a0
2 changed files with 224 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,80 @@
 # OpenVPN Server Setup Script
 This script automates the process of setting up an OpenVPN server on a VPS running Ubuntu/Debian. It handles the installation, certificate generation, and configuration of OpenVPN.
 ## Prerequisites
 - A VPS running Ubuntu/Debian
 - Root access to the server
 - OpenSSH access to the server
 ## Installation
 1. Copy the `setup_openvpn.sh` script to your server
 2. Make the script executable:
   ```bash
   chmod +x setup_openvpn.sh
   ```
 3. Run the script as root:
   ```bash
   sudo ./setup_openvpn.sh
   ```
 ## What the Script Does
 1. Updates the system
 2. Installs OpenVPN and required packages
 3. Sets up the PKI (Public Key Infrastructure)
 4. Generates server certificates and keys
 5. Configures the OpenVPN server
 6. Sets up firewall rules
 7. Creates a client certificate generation script
 ## Generating Client Certificates
 After the server is set up, you can generate client certificates using the provided script:
 ```bash
 sudo /etc/openvpn/server/generate-client.sh <client-name>
 ```
 This will create a client configuration file in `/etc/openvpn/client/<client-name>.ovpn`
 ## Connecting to the VPN
 1. Copy the generated `.ovpn` file from `/etc/openvpn/client/` to your local machine
 2. Install OpenVPN client on your local machine
 3. Import the `.ovpn` file into your OpenVPN client
 4. Connect to the VPN
 ## Security Notes
 - The script uses UDP port 1194 (default OpenVPN port)
 - AES-256-CBC encryption is used
 - The server uses Google DNS (8.8.8.8 and 8.8.4.4)
 - The VPN subnet is set to 10.8.0.0/24
 - The script enables IP forwarding and configures the firewall
 ## Troubleshooting
 If you encounter any issues:
 1. Check the OpenVPN server logs:
   ```bash
   sudo journalctl -u openvpn@server
   ```
 2. Verify the firewall rules:
   ```bash
   sudo ufw status
   ```
 3. Check if the OpenVPN service is running:
   ```bash
   sudo systemctl status openvpn@server
   ```
 ## Important Files
 - Server configuration: `/etc/openvpn/server/server.conf`
 - Client configurations: `/etc/openvpn/client/`
 - Server certificates: `/etc/openvpn/server/`
 - Client certificate generation script: `/etc/openvpn/server/generate-client.sh` 
--- a/setup_openvpn.sh
+++ b/setup_openvpn.sh
@ -0,0 +1,144 @@
 #!/bin/bash
 # Exit on error
 set -e
 # Check if running as root
 if [ "$EUID" -ne 0 ]; then 
    echo "Please run as root"
    exit 1
 fi
 # Update system
 echo "Updating system..."
 apt-get update
 apt-get upgrade -y
 # Install OpenVPN and required packages
 echo "Installing OpenVPN and required packages..."
 apt-get install -y openvpn easy-rsa ufw
 # Create directory for OpenVPN
 echo "Creating OpenVPN directory..."
 mkdir -p /etc/openvpn/server
 mkdir -p /etc/openvpn/client
 # Copy easy-rsa files
 echo "Setting up easy-rsa..."
 cp -r /usr/share/easy-rsa/* /etc/openvpn/server/easy-rsa/
 cd /etc/openvpn/server/easy-rsa/
 # Initialize PKI
 echo "Initializing PKI..."
 ./easyrsa init-pki
 # Build CA
 echo "Building CA..."
 ./easyrsa build-ca nopass
 # Generate server certificate and key
 echo "Generating server certificate and key..."
 ./easyrsa gen-req server nopass
 ./easyrsa sign-req server server
 # Generate Diffie-Hellman parameters
 echo "Generating Diffie-Hellman parameters..."
 ./easyrsa gen-dh
 # Copy server certificates and keys
 echo "Copying server certificates and keys..."
 cp pki/ca.crt /etc/openvpn/server/
 cp pki/issued/server.crt /etc/openvpn/server/
 cp pki/private/server.key /etc/openvpn/server/
 cp pki/dh.pem /etc/openvpn/server/
 # Create server configuration
 echo "Creating server configuration..."
 cat > /etc/openvpn/server/server.conf << EOF
 port 1194
 proto udp
 dev tun
 ca ca.crt
 cert server.crt
 key server.key
 dh dh.pem
 server 10.8.0.0 255.255.255.0
 push "redirect-gateway def1 bypass-dhcp"
 push "dhcp-option DNS 8.8.8.8"
 push "dhcp-option DNS 8.8.4.4"
 keepalive 10 120
 cipher AES-256-CBC
 user nobody
 group nogroup
 persist-key
 persist-tun
 status openvpn-status.log
 verb 3
 EOF
 # Enable IP forwarding
 echo "Enabling IP forwarding..."
 echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-openvpn.conf
 sysctl --system
 # Configure firewall
 echo "Configuring firewall..."
 ufw allow 1194/udp
 ufw allow OpenSSH
 echo "y" | ufw enable
 # Start OpenVPN service
 echo "Starting OpenVPN service..."
 systemctl start openvpn@server
 systemctl enable openvpn@server
 # Create client certificate generation script
 echo "Creating client certificate generation script..."
 cat > /etc/openvpn/server/generate-client.sh << 'EOF'
 #!/bin/bash
 if [ -z "$1" ]; then
    echo "Usage: $0 <client-name>"
    exit 1
 fi
 CLIENT_NAME=$1
 cd /etc/openvpn/server/easy-rsa
 # Generate client certificate and key
 ./easyrsa gen-req $CLIENT_NAME nopass
 ./easyrsa sign-req client $CLIENT_NAME
 # Create client configuration
 cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
 client
 proto udp
 explicit-exit-notify
 remote $(curl -s ifconfig.me) 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 remote-cert-tls server
 auth-user-pass auth.txt
 cipher AES-256-CBC
 verb 3
 <ca>
 $(cat /etc/openvpn/server/ca.crt)
 </ca>
 <cert>
 $(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
 </cert>
 <key>
 $(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
 </key>
 EOL
 echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
 EOF
 chmod +x /etc/openvpn/server/generate-client.sh
 echo "OpenVPN server setup completed!"
 echo "To generate a client certificate, run: /etc/openvpn/server/generate-client.sh <client-name>"
 echo "The client configuration file will be created in /etc/openvpn/client/"