Add generate-client.sh script

generate-client.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then 
+    echo "Please run as root"
+    exit 1
+fi
+
+if [ -z "$1" ]; then
+    echo "Usage: $0 <client-name>"
+    exit 1
+fi
+
+CLIENT_NAME=$1
+cd /etc/openvpn/server/easy-rsa
+
+# Generate client certificate and key
+./easyrsa gen-req $CLIENT_NAME nopass
+./easyrsa sign-req client $CLIENT_NAME
+
+# Make sure client directory exists
+mkdir -p /etc/openvpn/client
+
+# Create client configuration
+cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
+client
+dev tun
+proto udp
+remote $(curl -s ifconfig.me) 1194
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+remote-cert-tls server
+cipher AES-256-GCM
+data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
+block-outside-dns
+verb 3
+dhcp-option DNS 1.1.1.1
+dhcp-option DNS 1.0.0.1
+<ca>
+$(cat /etc/openvpn/server/ca.crt)
+</ca>
+<cert>
+$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
+</cert>
+<key>
+$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
+</key>
+EOL
+
+echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn" 

setup_openvpn.sh

@@ -83,10 +83,11 @@ key /etc/openvpn/server/server.key
 dh /etc/openvpn/server/dh.pem
 server 10.8.0.0 255.255.255.0
 push "redirect-gateway def1 bypass-dhcp"
-push "dhcp-option DNS 8.8.8.8"
-push "dhcp-option DNS 8.8.4.4"
+push "dhcp-option DNS 1.1.1.1"
+push "dhcp-option DNS 1.0.0.1"
+push "block-outside-dns"
 keepalive 10 120
-cipher AES-256-CBC
+cipher AES-256-GCM
 user nobody
 group nogroup
 persist-key
@@ -137,9 +138,13 @@ echo "Starting OpenVPN service..."
 systemctl start openvpn@server
 systemctl enable openvpn@server
 
+# Verify the service is running
+echo "Verifying OpenVPN service status..."
+systemctl status openvpn@server || true
+
 # Create client certificate generation script
 echo "Creating client certificate generation script..."
-cat > /etc/openvpn/server/generate-client.sh << 'EOF'
+cat > /etc/openvpn/server/generate-client.sh << 'ENDOFFILE'
 #!/bin/bash
 
 if [ -z "$1" ]; then
@@ -160,39 +165,33 @@ mkdir -p /etc/openvpn/client
 # Create client configuration
 cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
 client
-proto udp
 dev tun
-explicit-exit-notify
-remote $(curl -s ifconfig.me) 1194
+proto udp
+remote \$(curl -s ifconfig.me) 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 remote-cert-tls server
-auth-user-pass auth.txt
-cipher AES-256-CBC
+cipher AES-256-GCM
+data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
+block-outside-dns
 verb 3
+dhcp-option DNS 1.1.1.1
+dhcp-option DNS 1.0.0.1
 <ca>
-$(cat /etc/openvpn/server/ca.crt)
+\$(cat /etc/openvpn/server/ca.crt)
 </ca>
 <cert>
-$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
+\$(cat /etc/openvpn/server/easy-rsa/pki/issued/\$CLIENT_NAME.crt)
 </cert>
 <key>
-$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
+\$(cat /etc/openvpn/server/easy-rsa/pki/private/\$CLIENT_NAME.key)
 </key>
 EOL
 
-# Create auth.txt file
-cat > /etc/openvpn/client/auth.txt << EOL
-# Add your username and password here if needed
-# username
-# password
-EOL
-
-echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
-echo "Don't forget to configure auth.txt with your credentials if needed"
-EOF
+echo "Client configuration created: /etc/openvpn/client/\$CLIENT_NAME.ovpn"
+ENDOFFILE
 
 chmod +x /etc/openvpn/server/generate-client.sh