Add IPTables fixes

setup_openvpn.sh

@@ -11,6 +11,7 @@ fi
 
 # Clean up any existing installation
 echo "Cleaning up any existing installation..."
+systemctl stop openvpn@server || true
 rm -rf /etc/openvpn/server/easy-rsa
 rm -rf /etc/openvpn/server/pki
 rm -f /etc/openvpn/server/*.crt
@@ -18,6 +19,14 @@ rm -f /etc/openvpn/server/*.key
 rm -f /etc/openvpn/server/*.pem
 rm -f /etc/openvpn/server/server.conf
 rm -f /etc/openvpn/server/generate-client.sh
+rm -rf /etc/openvpn/client/*
+rm -f /etc/openvpn/server.conf
+
+# Verify cleanup
+if [ -d "/etc/openvpn/server/easy-rsa" ]; then
+    echo "Failed to remove easy-rsa directory. Please check permissions and try again."
+    exit 1
+fi
 
 # Update system
 echo "Updating system..."
@@ -35,7 +44,7 @@ mkdir -p /etc/openvpn/client
 
 # Copy easy-rsa files
 echo "Setting up easy-rsa..."
-make-cadir /etc/openvpn/server/easy-rsa
+cp -r /usr/share/easy-rsa/* /etc/openvpn/server/easy-rsa/
 cd /etc/openvpn/server/easy-rsa/
 
 # Initialize PKI
@@ -68,10 +77,10 @@ cat > /etc/openvpn/server/server.conf << EOF
 port 1194
 proto udp
 dev tun
-ca ca.crt
-cert server.crt
-key server.key
-dh dh.pem
+ca /etc/openvpn/server/ca.crt
+cert /etc/openvpn/server/server.crt
+key /etc/openvpn/server/server.key
+dh /etc/openvpn/server/dh.pem
 server 10.8.0.0 255.255.255.0
 push "redirect-gateway def1 bypass-dhcp"
 push "dhcp-option DNS 8.8.8.8"
@@ -82,10 +91,19 @@ user nobody
 group nogroup
 persist-key
 persist-tun
-status openvpn-status.log
+status /var/log/openvpn/openvpn-status.log
+log-append /var/log/openvpn/openvpn.log
 verb 3
 EOF
 
+# Make sure log directory exists
+echo "Creating log directory..."
+mkdir -p /var/log/openvpn
+
+# Copy server.conf to the correct location for systemd
+echo "Copying server.conf to the correct location for systemd..."
+cp /etc/openvpn/server/server.conf /etc/openvpn/server.conf
+
 # Enable IP forwarding
 echo "Enabling IP forwarding..."
 echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-openvpn.conf
@@ -95,6 +113,23 @@ sysctl --system
 echo "Configuring firewall..."
 ufw allow 1194/udp
 ufw allow OpenSSH
+
+# Set up NAT for VPN clients
+echo "Setting up NAT for VPN clients..."
+# Get the primary network interface
+PRIMARY_NIC=$(ip route | grep default | awk '{print $5}')
+echo "Primary network interface: $PRIMARY_NIC"
+
+# Add NAT rules
+iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $PRIMARY_NIC -j MASQUERADE
+iptables -A FORWARD -s 10.8.0.0/24 -m state --state NEW -j ACCEPT
+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Make NAT rules persistent
+echo "Making NAT rules persistent..."
+apt-get install -y iptables-persistent
+echo "y" | netfilter-persistent save
+
 echo "y" | ufw enable
 
 # Start OpenVPN service
@@ -119,10 +154,14 @@ cd /etc/openvpn/server/easy-rsa
 ./easyrsa gen-req $CLIENT_NAME nopass
 ./easyrsa sign-req client $CLIENT_NAME
 
+# Make sure client directory exists
+mkdir -p /etc/openvpn/client
+
 # Create client configuration
 cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
 client
 proto udp
+dev tun
 explicit-exit-notify
 remote $(curl -s ifconfig.me) 1194
 resolv-retry infinite
@@ -144,7 +183,15 @@ $(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
 </key>
 EOL
 
+# Create auth.txt file
+cat > /etc/openvpn/client/auth.txt << EOL
+# Add your username and password here if needed
+# username
+# password
+EOL
+
 echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
+echo "Don't forget to configure auth.txt with your credentials if needed"
 EOF
 
 chmod +x /etc/openvpn/server/generate-client.sh