Remove installing ufw

Force IPV4 over IPV6
Copy client conf to work dir
2025-03-22 22:16:48 +00:00 · 2025-03-22 19:58:05 +00:00 · 2025-03-22 19:03:44 +00:00
2 changed files with 31 additions and 14 deletions
--- a/generate-client.sh
+++ b/generate-client.sh
@ -25,8 +25,8 @@ mkdir -p /etc/openvpn/client
 cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
 client
 dev tun
-proto udp
-remote $(curl -s ifconfig.me) 1194
+proto udp4
+remote $(curl -s -4 ifconfig.me) 1194
 resolv-retry infinite
 nobind
 persist-key
@ -49,4 +49,10 @@ $(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
 </key>
 EOL

+# Copy the configuration file to the current working directory
+WORKING_DIR=$(pwd)
+cp /etc/openvpn/client/$CLIENT_NAME.ovpn $WORKING_DIR/
+chmod 644 $WORKING_DIR/$CLIENT_NAME.ovpn
+
 echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
+echo "A copy has also been saved to: $WORKING_DIR/$CLIENT_NAME.ovpn" 
--- a/setup_openvpn.sh
+++ b/setup_openvpn.sh
@ -35,7 +35,7 @@ apt-get upgrade -y

 # Install OpenVPN and required packages
 echo "Installing OpenVPN and required packages..."
-apt-get install -y openvpn easy-rsa ufw
+apt-get install -y openvpn easy-rsa

 # Create directory for OpenVPN
 echo "Creating OpenVPN directory..."
@ -75,7 +75,7 @@ cp pki/dh.pem /etc/openvpn/server/
 echo "Creating server configuration..."
 cat > /etc/openvpn/server/server.conf << EOF
 port 1194
-proto udp
+proto udp4
 dev tun
 ca /etc/openvpn/server/ca.crt
 cert /etc/openvpn/server/server.crt
@ -112,8 +112,13 @@ sysctl --system

 # Configure firewall
 echo "Configuring firewall..."
-ufw allow 1194/udp
-ufw allow OpenSSH
+# Allow OpenVPN and SSH traffic
+iptables -A INPUT -p udp --dport 1194 -j ACCEPT
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+# Allow established connections
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+# Allow loopback interface
+iptables -A INPUT -i lo -j ACCEPT

 # Set up NAT for VPN clients
 echo "Setting up NAT for VPN clients..."
@ -131,12 +136,12 @@ echo "Making NAT rules persistent..."
 apt-get install -y iptables-persistent
 echo "y" | netfilter-persistent save

-echo "y" | ufw enable
-
-# Start OpenVPN service
-echo "Starting OpenVPN service..."
-systemctl start openvpn@server
+# Start and enable OpenVPN service
+echo "Starting and enabling OpenVPN service..."
+systemctl daemon-reload
 systemctl enable openvpn@server
+systemctl restart openvpn@server
+sleep 2

 # Verify the service is running
 echo "Verifying OpenVPN service status..."
@ -166,8 +171,8 @@ mkdir -p /etc/openvpn/client
 cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
 client
 dev tun
-proto udp
-remote \$(curl -s ifconfig.me) 1194
+proto udp4
+remote \$(curl -s -4 ifconfig.me) 1194
 resolv-retry infinite
 nobind
 persist-key
@ -190,7 +195,13 @@ dhcp-option DNS 1.0.0.1
 </key>
 EOL

+# Copy the configuration file to the current working directory
+WORKING_DIR=\$(dirname \$(readlink -f \$0))
+cp /etc/openvpn/client/\$CLIENT_NAME.ovpn \$WORKING_DIR/
+chmod 644 \$WORKING_DIR/\$CLIENT_NAME.ovpn
+
 echo "Client configuration created: /etc/openvpn/client/\$CLIENT_NAME.ovpn"
+echo "A copy has also been saved to: \$WORKING_DIR/\$CLIENT_NAME.ovpn"
 ENDOFFILE

 chmod +x /etc/openvpn/server/generate-client.sh
Author	SHA1	Message	Date
Master	6371f2e107	Remove installing ufw	2025-03-22 22:16:48 +00:00
Master	0fd6a1c4b5	Force IPV4 over IPV6	2025-03-22 19:58:05 +00:00
Master	9fc465f637	Copy client conf to work dir	2025-03-22 19:03:44 +00:00