WaaromZoMoeilijk/vpnserver1.sh

## vpnserver1.sh
#!/bin/sh
NAMECRT='Pi.crt'
NAMEKEY='Pi.key'
IP='192.168.1.109'
DNS='8.26.56.26'
IFACE=$(/sbin/ip -o link show | awk '{print $2,$9}' | grep "UP" | cut -d ":" -f 1)

# Check if root
        if [ "$(whoami)" != "root" ]; then
        echo
        echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash vpnserver1.sh"
        echo
        exit 1
fi

apt-get update
apt-get upgrade -y
apt-get install openvpn git -y
git clone https://github.com/OpenVPN/easy-rsa.git
cd easy-rsa
git checkout 2.2.2
sleep 3
cp -r easy-rsa/2.0/ /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
sed -i 's|export EASY_RSA="`pwd`"|export EASY_RSA="/etc/openvpn/easy-rsa" |g' /etc/openvpn/easy-rsa/vars
source ./vars
./clean-all
./build-ca
./build-key-server Pi
./build-key-pass User1
cd keys
openssl rsa -in User1.key -des3 -out User1.3des.key
cd ..
./build-dh
openvpn --genkey --secret keys/ta.key
cat <<-SERVER > "/etc/openvpn/server.conf"
local $IP # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/$NAMECRT # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/$NAMEKEY # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route $IP 255.255.255.255" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS $DNS" # This should match your router's IP address.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
SERVER
sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1 |g' /etc/sysctl.conf
sysctl -p
sleep 3
cat <<-RULES > "/etc/firewall-openvpn-rules.sh"
#!/bin/sh

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $IFACE -j SNAT --to-source $IP
RULES
chmod 700 /etc/firewall-openvpn-rules.sh
chown root /etc/firewall-openvpn-rules.sh
echo "        pre-up /etc/firewall-openvpn-rules.sh" >> /etc/network/interfaces
reboot
	#!/bin/sh
	NAMECRT='Pi.crt'
	NAMEKEY='Pi.key'
	IP='192.168.1.109'
	DNS='8.26.56.26'
	IFACE=$(/sbin/ip -o link show \| awk '{print $2,$9}' \| grep "UP" \| cut -d ":" -f 1)

	# Check if root
	if [ "$(whoami)" != "root" ]; then
	echo
	echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash vpnserver1.sh"
	echo
	exit 1
	fi

	apt-get update
	apt-get upgrade -y
	apt-get install openvpn git -y
	git clone https://github.com/OpenVPN/easy-rsa.git
	cd easy-rsa
	git checkout 2.2.2
	sleep 3
	cp -r easy-rsa/2.0/ /etc/openvpn/easy-rsa
	cd /etc/openvpn/easy-rsa
	sed -i 's\|export EASY_RSA="`pwd`"\|export EASY_RSA="/etc/openvpn/easy-rsa" \|g' /etc/openvpn/easy-rsa/vars
	source ./vars
	./clean-all
	./build-ca
	./build-key-server Pi
	./build-key-pass User1
	cd keys
	openssl rsa -in User1.key -des3 -out User1.3des.key
	cd ..
	./build-dh
	openvpn --genkey --secret keys/ta.key
	cat <<-SERVER > "/etc/openvpn/server.conf"
	local $IP # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
	dev tun
	proto udp #Some people prefer to use tcp. Don't change it if you don't know.
	port 1194
	ca /etc/openvpn/easy-rsa/keys/ca.crt
	cert /etc/openvpn/easy-rsa/keys/$NAMECRT # SWAP WITH YOUR CRT NAME
	key /etc/openvpn/easy-rsa/keys/$NAMEKEY # SWAP WITH YOUR KEY NAME
	dh /etc/openvpn/easy-rsa/keys/dh2048.pem
	server 10.8.0.0 255.255.255.0
	# server and remote endpoints
	ifconfig 10.8.0.1 10.8.0.2
	# Add route to Client routing table for the OpenVPN Server
	push "route 10.8.0.1 255.255.255.255"
	# Add route to Client routing table for the OpenVPN Subnet
	push "route 10.8.0.0 255.255.255.0"
	# your local subnet
	push "route $IP 255.255.255.255" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
	# Set primary domain name server address to the SOHO Router
	# If your router does not do DNS, you can use Google DNS 8.8.8.8
	push "dhcp-option DNS $DNS" # This should match your router's IP address.
	# Override the Client default gateway by using 0.0.0.0/1 and
	# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
	# overriding but not wiping out the original default gateway.
	push "redirect-gateway def1"
	client-to-client
	duplicate-cn
	keepalive 10 120
	tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
	cipher AES-128-CBC
	comp-lzo
	user nobody
	group nogroup
	persist-key
	persist-tun
	status /var/log/openvpn-status.log 20
	log /var/log/openvpn.log
	verb 1
	SERVER
	sed -i 's\|#net.ipv4.ip_forward=1\|net.ipv4.ip_forward=1 \|g' /etc/sysctl.conf
	sysctl -p
	sleep 3
	cat <<-RULES > "/etc/firewall-openvpn-rules.sh"
	#!/bin/sh

	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $IFACE -j SNAT --to-source $IP
	RULES
	chmod 700 /etc/firewall-openvpn-rules.sh
	chown root /etc/firewall-openvpn-rules.sh
	echo " pre-up /etc/firewall-openvpn-rules.sh" >> /etc/network/interfaces
	reboot