Compare commits
2 Commits
ab1d8e822b
...
f30687d059
| Author | SHA1 | Date | |
|---|---|---|---|
| f30687d059 | |||
| 7e2a01532d |
52
generate-client.sh
Executable file
52
generate-client.sh
Executable file
@ -0,0 +1,52 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Check if running as root
|
||||||
|
if [ "$EUID" -ne 0 ]; then
|
||||||
|
echo "Please run as root"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "Usage: $0 <client-name>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
CLIENT_NAME=$1
|
||||||
|
cd /etc/openvpn/server/easy-rsa
|
||||||
|
|
||||||
|
# Generate client certificate and key
|
||||||
|
./easyrsa gen-req $CLIENT_NAME nopass
|
||||||
|
./easyrsa sign-req client $CLIENT_NAME
|
||||||
|
|
||||||
|
# Make sure client directory exists
|
||||||
|
mkdir -p /etc/openvpn/client
|
||||||
|
|
||||||
|
# Create client configuration
|
||||||
|
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
|
||||||
|
client
|
||||||
|
dev tun
|
||||||
|
proto udp
|
||||||
|
remote $(curl -s ifconfig.me) 1194
|
||||||
|
resolv-retry infinite
|
||||||
|
nobind
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
remote-cert-tls server
|
||||||
|
cipher AES-256-GCM
|
||||||
|
data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
|
||||||
|
block-outside-dns
|
||||||
|
verb 3
|
||||||
|
dhcp-option DNS 1.1.1.1
|
||||||
|
dhcp-option DNS 1.0.0.1
|
||||||
|
<ca>
|
||||||
|
$(cat /etc/openvpn/server/ca.crt)
|
||||||
|
</ca>
|
||||||
|
<cert>
|
||||||
|
$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
|
||||||
|
</cert>
|
||||||
|
<key>
|
||||||
|
$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
|
||||||
|
</key>
|
||||||
|
EOL
|
||||||
|
|
||||||
|
echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
|
||||||
@ -83,10 +83,11 @@ key /etc/openvpn/server/server.key
|
|||||||
dh /etc/openvpn/server/dh.pem
|
dh /etc/openvpn/server/dh.pem
|
||||||
server 10.8.0.0 255.255.255.0
|
server 10.8.0.0 255.255.255.0
|
||||||
push "redirect-gateway def1 bypass-dhcp"
|
push "redirect-gateway def1 bypass-dhcp"
|
||||||
push "dhcp-option DNS 8.8.8.8"
|
push "dhcp-option DNS 1.1.1.1"
|
||||||
push "dhcp-option DNS 8.8.4.4"
|
push "dhcp-option DNS 1.0.0.1"
|
||||||
|
push "block-outside-dns"
|
||||||
keepalive 10 120
|
keepalive 10 120
|
||||||
cipher AES-256-CBC
|
cipher AES-256-GCM
|
||||||
user nobody
|
user nobody
|
||||||
group nogroup
|
group nogroup
|
||||||
persist-key
|
persist-key
|
||||||
@ -137,9 +138,13 @@ echo "Starting OpenVPN service..."
|
|||||||
systemctl start openvpn@server
|
systemctl start openvpn@server
|
||||||
systemctl enable openvpn@server
|
systemctl enable openvpn@server
|
||||||
|
|
||||||
|
# Verify the service is running
|
||||||
|
echo "Verifying OpenVPN service status..."
|
||||||
|
systemctl status openvpn@server || true
|
||||||
|
|
||||||
# Create client certificate generation script
|
# Create client certificate generation script
|
||||||
echo "Creating client certificate generation script..."
|
echo "Creating client certificate generation script..."
|
||||||
cat > /etc/openvpn/server/generate-client.sh << 'EOF'
|
cat > /etc/openvpn/server/generate-client.sh << 'ENDOFFILE'
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
@ -160,39 +165,33 @@ mkdir -p /etc/openvpn/client
|
|||||||
# Create client configuration
|
# Create client configuration
|
||||||
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
|
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
|
||||||
client
|
client
|
||||||
proto udp
|
|
||||||
dev tun
|
dev tun
|
||||||
explicit-exit-notify
|
proto udp
|
||||||
remote $(curl -s ifconfig.me) 1194
|
remote \$(curl -s ifconfig.me) 1194
|
||||||
resolv-retry infinite
|
resolv-retry infinite
|
||||||
nobind
|
nobind
|
||||||
persist-key
|
persist-key
|
||||||
persist-tun
|
persist-tun
|
||||||
remote-cert-tls server
|
remote-cert-tls server
|
||||||
auth-user-pass auth.txt
|
cipher AES-256-GCM
|
||||||
cipher AES-256-CBC
|
data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
|
||||||
|
block-outside-dns
|
||||||
verb 3
|
verb 3
|
||||||
|
dhcp-option DNS 1.1.1.1
|
||||||
|
dhcp-option DNS 1.0.0.1
|
||||||
<ca>
|
<ca>
|
||||||
$(cat /etc/openvpn/server/ca.crt)
|
\$(cat /etc/openvpn/server/ca.crt)
|
||||||
</ca>
|
</ca>
|
||||||
<cert>
|
<cert>
|
||||||
$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
|
\$(cat /etc/openvpn/server/easy-rsa/pki/issued/\$CLIENT_NAME.crt)
|
||||||
</cert>
|
</cert>
|
||||||
<key>
|
<key>
|
||||||
$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
|
\$(cat /etc/openvpn/server/easy-rsa/pki/private/\$CLIENT_NAME.key)
|
||||||
</key>
|
</key>
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
# Create auth.txt file
|
echo "Client configuration created: /etc/openvpn/client/\$CLIENT_NAME.ovpn"
|
||||||
cat > /etc/openvpn/client/auth.txt << EOL
|
ENDOFFILE
|
||||||
# Add your username and password here if needed
|
|
||||||
# username
|
|
||||||
# password
|
|
||||||
EOL
|
|
||||||
|
|
||||||
echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
|
|
||||||
echo "Don't forget to configure auth.txt with your credentials if needed"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod +x /etc/openvpn/server/generate-client.sh
|
chmod +x /etc/openvpn/server/generate-client.sh
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user