You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

106 lines
3.0 KiB

  1. #!/bin/bash
  2. #
  3. BORDER=">>>>>>>>>>>>>>"
  4. printf "$BORDER Installing openvpn and EasyRSA $BORDER \n\n"
  5. sudo apt-get update -y
  6. sudo apt-get install openvpn easy-rsa -y
  7. printf "$BORDER Setting default openvpn vars $BORDER \n\n"
  8. make-cadir ~/openvpn-ca
  9. cd ~/openvpn-ca
  10. sed -i "s/KEY_PROVINCE=\"CA\"/KEY_PROVINCE=\"NM\"/g" vars
  11. sed -i "s/KEY_CITY=\"SanFrancisco\"/KEY_CITY=\"Albuquerque\"/g" vars
  12. sed -i "s/KEY_ORG=\"Fort-Funston\"/KEY_ORG=\"BreakpointingBad\"/g" vars
  13. sed -i "s/KEY_NAME=\"EasyRSA\"/KEY_NAME=\"server\"/g" vars
  14. cd ~/openvpn-ca
  15. source vars
  16. printf "$BORDER Building the certificate authority $BORDER \n\n"
  17. ./clean-all
  18. ./build-ca
  19. printf "$BORDER Creating the server certificate $BORDER \n\n"
  20. ./build-key-server server
  21. printf "$BORDER Generating Diffie-Hellman keys to use during key exchange $BORDER \n\n"
  22. ./build-dh
  23. printf "$BORDER Generating HMAC signature to strengthen the server’s TLS integrity verification"
  24. openvpn --genkey --secret keys/ta.key
  25. printf "$BORDER Generating client certificate and key pair $BORDER \n\n"
  26. cd ~/openvpn-ca
  27. source vars
  28. ./build-key client1
  29. printf "$BORDER Configuring the openvpn service using generated keys + certs $BORDER \n\n"
  30. cd ~/openvpn-ca/keys
  31. sudo cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn
  32. gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf
  33. sudo sed -i "s/;tls-auth ta.key 0/tls-auth ta.key 0/g" /etc/openvpn/server.conf
  34. sudo sed -i "s/;cipher AES-128-CBC/cipher AES-128-CBC/g" /etc/openvpn/server.conf
  35. sudo sed -i "s/;user nobody/user nobody/g" /etc/openvpn/server.conf
  36. sudo sed -i "s/;group nogroup/group nogroup/g" /etc/openvpn/server.conf
  37. #sudo sed -i "s/;push \"redirect-gateway def1 bypass-dhcp\"/push \"redirect-gateway def1 bypass-dhcp\"/g" /etc/openvpn/server.conf
  38. #sudo sed -i "s/;push \"dhcp-option DNS 208.67.222.222\"/push \"dhcp-option DNS 208.67.222.222\"/g" /etc/openvpn/server.conf
  39. #sudo sed -i "s/;push \"dhcp-option DNS 208.67.220.220\"/push \"dhcp-option DNS 208.67.220.220\"/g" /etc/openvpn/server.conf
  40. sudo bash -c 'cat >> /etc/openvpn/server.conf << EOF
  41. auth SHA256
  42. EOF'
  43. sudo sed -i "s/port 1194/port 443/g" /etc/openvpn/server.conf
  44. sudo sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf
  45. printf "$BORDER Adjusting the servers network config to allow for vpn things $BORDER \n\n"
  46. sudo sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/sysctl.conf
  47. sudo sysctl -p
  48. sudo bash -c 'cat >> /etc/ufw/before.rules << EOF
  49. # START OPENVPN RULES
  50. # NAT table rules
  51. *nat
  52. :POSTROUTING ACCEPT [0:0]
  53. # Allow traffic from OpenVPN client to enp0s8
  54. -A POSTROUTING -s 10.8.0.0/8 -o enp0s8 -j MASQUERADE
  55. COMMIT
  56. # END OPENVPN RULES
  57. EOF'
  58. sudo sed -i "s/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g" /etc/default/ufw
  59. sudo ufw allow 443/tcp
  60. sudo ufw allow OpenSSH
  61. sudo ufw disable
  62. sudo ufw enable
  63. printf "$BORDER Enabling the openvpn service $BORDER \n\n"
  64. sudo systemctl start openvpn@server
  65. sudo systemctl enable openvpn@server