Last active
December 2, 2016 03:44
-
-
Save sakadon/29a786be5dab25d8640109db35b14f46 to your computer and use it in GitHub Desktop.
Serverman@VPSでOpenVPNを作ってくれるbash ref: http://qiita.com/sakadon/items/e0040255e37f5dca648f
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
cat <<__EOC__ | |
OpenVPN install script for Serversman@VPS | |
__EOC__ | |
# 実行時に指定された引数の数、つまり変数 $# の値が 2 でなければエラー終了。 | |
if [ $# -ne 2 ]; then | |
echo "引数がたりません" | |
echo "sudo ./openvpninstaller.sh [SetUsername] [SetPassword]" | |
exit 1 | |
fi | |
#ipの取得 | |
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'` | |
#取得結果を出す | |
cat <<__EOT__ | |
Set Username: $1 | |
Set Password: $2 | |
IP Address: $ip | |
__EOT__ | |
#スタートして良いか判定 | |
echo -n "Start? [Y/n]:" | |
read start | |
case "$start" in | |
y | yes | Y ) echo "OK Starting." ;; | |
* ) exit ;; | |
esac | |
#ユーザーの作成 | |
useradd $1 | |
echo "Created user account [$1]" | |
echo $1":"$2 | chpasswd | |
#lzoとrpmforgeのインストールなど | |
yum install -y zip yum-cron gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel bridge-utils | |
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm | |
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm | |
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm | |
rpm -Uvh lzo-*.rpm | |
rpm -Uvh rpmforge-release* | |
#必要なもののインストール・アップデート | |
yum update -y | |
yum install -y dnsmasq openvpn | |
#OpenVPN設定 | |
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/ | |
sed -i -e 's;KEY_CONFIG=.$EASY_RSA/whichopensslcnf $EASY_RSA.;KEY_CONFIG=/etc/openvpn/easy-rsa/2\.0/openssl-1\.0\.0\.cnf;g' /etc/openvpn/easy-rsa/2.0/vars | |
cd /etc/openvpn/easy-rsa/2.0 | |
chmod 755 * | |
source ./vars | |
./vars | |
./clean-all | |
./build-ca | |
./build-key-server server | |
./build-dh | |
#サーバーコンフィグ | |
serverconf=' port 1194 | |
proto udp | |
dev tun | |
tun-mtu 1500 | |
tun-mtu-extra 32 | |
mssfix 1450 | |
reneg-sec 0 | |
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt | |
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt | |
key /etc/openvpn/easy-rsa/2.0/keys/server.key | |
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem | |
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login | |
client-cert-not-required | |
username-as-common-name | |
ifconfig-pool-persist ipp.txt | |
server 10.8.0.0 255.255.255.0 | |
push "route 10.8.0.0 255.255.255.0" | |
push "redirect-gateway def1 bypass-dhcp" | |
push "dhcp-option DNS 8.8.8.8" | |
push "dhcp-option DNS 8.8.4.4" | |
keepalive 5 30 | |
client-to-client | |
duplicate-cn | |
comp-lzo | |
persist-key | |
persist-tun | |
status 1194.log | |
verb 3' | |
echo "$serverconf" > /etc/openvpn/server.conf | |
#sysctl書き換え | |
sed -i -e 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf | |
echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf | |
echo 'net.ipv4.conf.all.accept_redirects = 0' >> /etc/sysctl.conf | |
sysctl -p | |
#iptables書き換え | |
iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT | |
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | |
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source ${ip} | |
iptables-save > /etc/sysconfig/iptables | |
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables | |
#.ca .ovpnの書き出し | |
cd ~ | |
vpndir=vpn-${1} | |
mkdir $vpndir | |
echo "Make directory [${vpndir}]" | |
cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt ${vpndir}/ca-${1}.crt | |
echo "Copy certification file: [${vpndir}/ca-${1}.crt]" | |
vpnfile=' client | |
dev tun | |
proto udp | |
remote '${ip}' 1194 | |
resolv-retry infinite | |
nobind | |
tun-mtu 1500 | |
tun-mtu-extra 32 | |
mssfix 1450 | |
persist-key | |
persist-tun | |
ca ca-'${1}'.crt | |
auth-user-pass | |
comp-lzo | |
reneg-sec 0 | |
verb 3' | |
echo "${vpnfile}" > ${vpndir}/vpn-${1}.ovpn | |
echo "Make OpenVPN config file: [${vpndir}/vpn-${1}.ovpn]" | |
zip -r ~/${vpndir}.zip ${vpndir} | |
#インストールしたサービスのON | |
service yum-cron start | |
chkconfig yum-cron on | |
service openvpn start | |
chkconfig openvpn on | |
service dnsmasq start | |
chkconfig dnsmasq on | |
cat <<__EOC__ | |
Finished install OpenVPN! | |
__EOC__ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment