139 lines
2.9 KiB
Bash
Executable File
139 lines
2.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
STARTDIR=$(pwd)
|
|
|
|
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
|
|
source $DIR/env.sh
|
|
|
|
if [[ "$EUID" -ne 0 ]]; then
|
|
echo "Sorry, you need to run this as root"
|
|
exit 1
|
|
fi
|
|
|
|
echo
|
|
echo "Installing OpenVPN..."
|
|
apt-get install openvpn easy-rsa
|
|
|
|
echo
|
|
echo "Configuring routing..."
|
|
$DIR/sysctl.sh
|
|
|
|
echo
|
|
echo "Installing configuration files..."
|
|
yes | cp -rf $DIR/openvpn-server.conf.dist $OPENVPNCONFIG
|
|
|
|
sed -i -e "s@CADIR@$CADIR@g" $OPENVPNCONFIG
|
|
sed -i -e "s@LOCALPREFIX@$LOCALPREFIX@g" $OPENVPNCONFIG
|
|
sed -i -e "s@NOBODYGROUP@$NOBODYGROUP@g" $OPENVPNCONFIG
|
|
|
|
echo
|
|
echo "Configuring iptables firewall..."
|
|
$DIR/iptables-setup.sh
|
|
|
|
echo
|
|
echo "Do you want to create routing or bridging OpenVPN mode? "
|
|
echo "More information at: https://community.openvpn.net/openvpn/wiki/309-what-is-the-difference-between-bridging-and-routing"
|
|
echo " 1) routing"
|
|
echo " 2) bridging"
|
|
echo
|
|
read -p "Your choice [1 or 2]: " -e -i 1 MODE
|
|
case $MODE in
|
|
1)
|
|
DEVICE="tun"
|
|
sed -i -e "s/DEVICE/tun/g" $OPENVPNCONFIG
|
|
sed -i -e "/server-bridge/d" $OPENVPNCONFIG
|
|
;;
|
|
2)
|
|
DEVICE="tap"
|
|
sed -i -e "s/DEVICE/tap/g" $OPENVPNCONFIG
|
|
sed -i -e "/server /d" $OPENVPNCONFIG
|
|
;;
|
|
*)
|
|
echo "Hm... Strange answer..."
|
|
exit
|
|
;;
|
|
esac
|
|
|
|
echo
|
|
echo "Configuring DNS parameters..."
|
|
$DIR/dns.sh
|
|
|
|
echo
|
|
echo "Creating server keys..."
|
|
make-cadir $CADIR
|
|
cd $CADIR
|
|
source ./vars
|
|
./clean-all
|
|
./build-ca
|
|
./build-key-server --batch openvpn-server
|
|
./build-dh
|
|
openvpn --genkey --secret ta.key
|
|
|
|
ADDUSER="no"
|
|
ANSUSER="yes"
|
|
|
|
echo
|
|
echo "Configuring VPN users..."
|
|
while [ "$ANSUSER" != "$ADDUSER" ];
|
|
do
|
|
while [[ -z "$LOGIN" ]];
|
|
do
|
|
read -p "Enter name: " LOGIN
|
|
done
|
|
|
|
./build-key --batch $LOGIN
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
# copy files and OVPN config
|
|
mkdir "$STARTDIR/$LOGIN"
|
|
cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$STARTDIR/$LOGIN/"
|
|
|
|
DIST="$STARTDIR/$LOGIN/openvpn-server.ovpn"
|
|
cp $DIR/openvpn-server.ovpn.dist $DIST
|
|
sed -i -e "s@LOGIN@$LOGIN@g" $DIST
|
|
sed -i -e "s@IP@$IP@g" $DIST
|
|
sed -i -e "s@DEVICE@$DEVICE@g" $DIST
|
|
|
|
SRC="$STARTDIR/$LOGIN"
|
|
DIST="$STARTDIR/$LOGIN/openvpn-server-embedded.ovpn"
|
|
cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
|
|
sed -i -e "s@IP@$IP@g" $DIST
|
|
sed -i -e "s@DEVICE@$DEVICE@g" $DIST
|
|
|
|
echo "<ca>" >> $DIST
|
|
cat $SRC/ca.crt >> $DIST
|
|
echo "</ca>" >> $DIST
|
|
|
|
echo "<cert>" >> $DIST
|
|
cat $SRC/$LOGIN.crt >> $DIST
|
|
echo "</cert>" >> $DIST
|
|
|
|
echo "<key>" >> $DIST
|
|
cat $SRC/$LOGIN.key >> $DIST
|
|
echo "</key>" >> $DIST
|
|
|
|
echo "<tls-auth>" >> $DIST
|
|
cat $SRC/ta.key >> $DIST
|
|
echo "</tls-auth>" >> $DIST
|
|
|
|
echo
|
|
echo "Created directory $STARTDIR/$LOGIN with necessary files."
|
|
USERNAME=${SUDO_USER:-$USER}
|
|
chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
|
|
|
|
fi
|
|
|
|
read -p "Would you want add another user? [no] " ANSUSER
|
|
: ${ANSUSER:=$ADDUSER}
|
|
done
|
|
|
|
echo
|
|
echo "Starting OpenVPN..."
|
|
systemctl enable openvpn
|
|
service openvpn restart
|
|
|
|
echo
|
|
echo "Installation script completed!"
|
|
|