master/vpn_builder
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add dns leaks fixes

Browse Source
This commit is contained in:
Master
2025-03-22 19:01:28 +00:00
parent ab1d8e822b
commit 7e2a01532d
1 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
setup_openvpn.sh
View File

@ -83,10 +83,11 @@ key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp" push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120 keepalive 10 120
cipher AES-256-CBC cipher AES-256-GCM
user nobody user nobody
group nogroup group nogroup
persist-key persist-key
@ -137,9 +138,13 @@ echo "Starting OpenVPN service..."
systemctl start openvpn@server systemctl start openvpn@server
systemctl enable openvpn@server systemctl enable openvpn@server
# Verify the service is running
echo "Verifying OpenVPN service status..."
systemctl status openvpn@server || true
# Create client certificate generation script # Create client certificate generation script
echo "Creating client certificate generation script..." echo "Creating client certificate generation script..."
cat > /etc/openvpn/server/generate-client.sh << 'EOF' cat > /etc/openvpn/server/generate-client.sh << 'ENDOFFILE'
#!/bin/bash #!/bin/bash
if [ -z "$1" ]; then if [ -z "$1" ]; then
@ -160,39 +165,33 @@ mkdir -p /etc/openvpn/client
# Create client configuration # Create client configuration
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
client client
proto udp
dev tun dev tun
explicit-exit-notify proto udp
remote $(curl -s ifconfig.me) 1194 remote \$(curl -s ifconfig.me) 1194
resolv-retry infinite resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
remote-cert-tls server remote-cert-tls server
auth-user-pass auth.txt cipher AES-256-GCM
cipher AES-256-CBC data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
block-outside-dns
verb 3 verb 3
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
<ca> <ca>
$(cat /etc/openvpn/server/ca.crt) \$(cat /etc/openvpn/server/ca.crt)
</ca> </ca>
<cert> <cert>
$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt) \$(cat /etc/openvpn/server/easy-rsa/pki/issued/\$CLIENT_NAME.crt)
</cert> </cert>
<key> <key>
$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key) \$(cat /etc/openvpn/server/easy-rsa/pki/private/\$CLIENT_NAME.key)
</key> </key>
EOL EOL
# Create auth.txt file echo "Client configuration created: /etc/openvpn/client/\$CLIENT_NAME.ovpn"
cat > /etc/openvpn/client/auth.txt << EOL ENDOFFILE
# Add your username and password here if needed
# username
# password
EOL
echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
echo "Don't forget to configure auth.txt with your credentials if needed"
EOF
chmod +x /etc/openvpn/server/generate-client.sh chmod +x /etc/openvpn/server/generate-client.sh