Skip to content

Instantly share code, notes, and snippets.

@catchdave
Last active December 28, 2022 03:21
Show Gist options
  • Save catchdave/f13650c981576a7cabc9 to your computer and use it in GitHub Desktop.
Save catchdave/f13650c981576a7cabc9 to your computer and use it in GitHub Desktop.
CLI script to install Private Internet Access VPN on a ubuntu server
#!/bin/bash
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
set -o nounset
set -o errexit
error_exit()
{
echo "${LOG_NAME}Error $1, exiting"
exit 1
}
# Init
VPNDIR=/etc/openvpn
VPN_FILES=${VPNDIR}/*.ovpn
PASS_FILE=${VPNDIR}/con.txt
LOG_NAME="[INSTALL PIA] "
# Packages
echo "${LOG_NAME}Installing openvpn and unzip..."
apt-get install openvpn || error_exit "installing openvpn"
apt-get install unzip || error_exit "installing unzip"
# Install configs
echo
echo "${LOG_NAME}Retreiving config from PIA..."
wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip -P $VPNDIR/ || error_exit "retreiving openvpn.zip from PIA"
unzip -qo $VPNDIR/openvpn.zip -d $VPNDIR/ || error_exit "unziping config"
rm $VPNDIR/openvpn.zip
echo "${LOG_NAME}Found VPN connections: `ls $VPN_FILES | wc -l`"
# Make password-less
echo
echo "${LOG_NAME}Creating user/pass file as $PASS_FILE"
touch $PASS_FILE || error_exit "creating '$PASS_FILE' file"
chmod 600 $PASS_FILE
echo -n "${LOG_NAME}Enter PIA username: "
read username
echo -n "${LOG_NAME}Enter PIA password: "
read -s password
echo $username > $PASS_FILE
echo $password >> $PASS_FILE
echo
password=
username=
# Setup password file for all openvpn connections and absolute paths
echo
echo "Saving credentials to VPN configs..."
find $VPN_FILES -print0 | while read -d $'\0' file; do
echo "auth-user-pass $PASS_FILE" >> "$file" || error_exit "appending auth-user-pass"
sed -i -e 's:\(ca.crt\|crl.pem\):/etc/openvpn/\1:' "$file" || error_exit "altering relative paths"
done
#Test
killall openvpn 2>1 > /dev/null || true # Turn off VPN if it was running from a previous install
FIRST=$(ls $VPNDIR/*.ovpn | head -1)
echo -e "\n${LOG_NAME}Testing with first VPN connection '$FIRST'..."
echo "${LOG_NAME}output redirected to: ${VPNDIR}/openvpn.log"
ORIGINAL_IP=$(wget http://ipinfo.io/ip -qO -)
openvpn "$FIRST" >> ${VPNDIR}/openvpn.log &
echo "${LOG_NAME}Sleeping 10s for VPN to initialize"
sleep 10
NEW_IP=$(wget http://ipinfo.io/ip -qO -)
echo "${LOG_NAME}Killing VPN"
killall openvpn >> $VPNDIR/openvpn.log
# Results
echo "${LOG_NAME}Actual IP: $ORIGINAL_IP."
echo "${LOG_NAME}IP address under VPN: $NEW_IP"
echo
if [ "$ORIGINAL_IP" = "$NEW_IP" ]; then
echo "${LOG_NAME}FAIL! Looks like the IP address did not change!"
else
echo "${LOG_NAME}SUCCESS. Ip address different"
fi
sleep 2
@LarsNorgaard
Copy link

The script doesn't prevent DNS leaking.

Could be fixed by adding:

script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .

We need openvpn-systemd-resolved for that to work though.

And guess having so it doesn't save the username/password in memory would be nice:

auth-nocache

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment