#!/bin/bash # BORDER=">>>>>>>>>>>>>>" printf "$BORDER Installing openvpn and EasyRSA $BORDER \n\n" sudo apt-get update -y sudo apt-get install openvpn easy-rsa -y printf "$BORDER Setting default openvpn vars $BORDER \n\n" make-cadir ~/openvpn-ca cd ~/openvpn-ca sed -i "s/KEY_PROVINCE=\"CA\"/KEY_PROVINCE=\"NM\"/g" vars sed -i "s/KEY_CITY=\"SanFrancisco\"/KEY_CITY=\"Albuquerque\"/g" vars sed -i "s/KEY_ORG=\"Fort-Funston\"/KEY_ORG=\"BreakpointingBad\"/g" vars sed -i "s/KEY_NAME=\"EasyRSA\"/KEY_NAME=\"server\"/g" vars cd ~/openvpn-ca source vars printf "$BORDER Building the certificate authority $BORDER \n\n" ./clean-all ./build-ca printf "$BORDER Creating the server certificate $BORDER \n\n" ./build-key-server server printf "$BORDER Generating Diffie-Hellman keys to use during key exchange $BORDER \n\n" ./build-dh printf "$BORDER Generating HMAC signature to strengthen the server’s TLS integrity verification" openvpn --genkey --secret keys/ta.key printf "$BORDER Generating client certificate and key pair $BORDER \n\n" cd ~/openvpn-ca source vars ./build-key client1 printf "$BORDER Configuring the openvpn service using generated keys + certs $BORDER \n\n" cd ~/openvpn-ca/keys sudo cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf sudo sed -i "s/;tls-auth ta.key 0/tls-auth ta.key 0/g" /etc/openvpn/server.conf sudo sed -i "s/;cipher AES-128-CBC/cipher AES-128-CBC/g" /etc/openvpn/server.conf sudo sed -i "s/;user nobody/user nobody/g" /etc/openvpn/server.conf sudo sed -i "s/;group nogroup/group nogroup/g" /etc/openvpn/server.conf #sudo sed -i "s/;push \"redirect-gateway def1 bypass-dhcp\"/push \"redirect-gateway def1 bypass-dhcp\"/g" /etc/openvpn/server.conf #sudo sed -i "s/;push \"dhcp-option DNS 208.67.222.222\"/push \"dhcp-option DNS 208.67.222.222\"/g" /etc/openvpn/server.conf #sudo sed -i "s/;push \"dhcp-option DNS 208.67.220.220\"/push \"dhcp-option DNS 208.67.220.220\"/g" /etc/openvpn/server.conf sudo bash -c 'cat >> /etc/openvpn/server.conf << EOF auth SHA256 EOF' sudo sed -i "s/port 1194/port 443/g" /etc/openvpn/server.conf sudo sed -i "s/proto udp/proto tcp/g" /etc/openvpn/server.conf printf "$BORDER Adjusting the servers network config to allow for vpn things $BORDER \n\n" sudo sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/sysctl.conf sudo sysctl -p sudo bash -c 'cat >> /etc/ufw/before.rules << EOF # START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to enp0s8 -A POSTROUTING -s 10.8.0.0/8 -o enp0s8 -j MASQUERADE COMMIT # END OPENVPN RULES EOF' sudo sed -i "s/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g" /etc/default/ufw sudo ufw allow 443/tcp sudo ufw allow OpenSSH sudo ufw disable sudo ufw enable printf "$BORDER Enabling the openvpn service $BORDER \n\n" sudo systemctl start openvpn@server sudo systemctl enable openvpn@server