Last active
December 10, 2015 07:18
-
-
Save gamefiend/4400173 to your computer and use it in GitHub Desktop.
example utilities and files to help with openvpn configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| OVPN_HOME="/etc/openvpn/easy-rsa" | |
| BUNDLE="/tmp/$1" | |
| DEFAULT_EMAIL="youraddress@somplace.com" | |
| echo "Creating a bundle" | |
| mkdir $BUNDLE | |
| cp -f $OVPN_HOME/client.ovpn $BUNDLE/$1.ovpn | |
| perl -i~ -pe "s/USER/$1/g" $BUNDLE/$1.ovpn | |
| echo "Copying relevant keys" | |
| if [ -f $OVPN_HOME/keys/$1.key ]; then | |
| cp -f $OVPN_HOME/keys/$1.key $BUNDLE/$1_OA.key | |
| else | |
| echo "$1.key is missing! Please put it back in $OVPN_HOME/keys and run | |
| this again" | |
| exit | |
| fi | |
| if [ -f $OVPN_HOME/keys/$1.crt ]; then | |
| cp -f $OVPN_HOME/keys/$1.crt $BUNDLE/$1_OA.crt | |
| else | |
| echo "$1.crt is missing! Please put it back in $OVPN_HOME/keys and run | |
| this again" | |
| exit | |
| fi | |
| if [ -f $OVPN_HOME/keys/ca.crt ]; then | |
| cp -f $OVPN_HOME/keys/ca.crt $BUNDLE/ca_OA.crt | |
| else | |
| echo "CA.crt is missing! Please put it back in $OVPN_HOME/keys and run | |
| this again" | |
| exit | |
| fi | |
| if [ -f $OVPN_HOME/keys/ta.key ]; then | |
| cp -f $OVPN_HOME/keys/ta.key $BUNDLE/ta.key | |
| else | |
| echo "TA key (used for TLS) is missing! Please put it back in $OVPN_HOME/keys and run this again" | |
| exit | |
| fi | |
| echo "building tarball...." | |
| tar czvf /tmp/bundle_$1.tgz $BUNDLE/ | |
| if [ $2 ]; then | |
| mutt -s "openvpn bundle for $1" -a /tmp/bundle_$1.tgz -- $2 < /dev/null | |
| echo "sending bundle to $2" | |
| else | |
| mutt -s "openvpn bundle for $1" -a /tmp/bundle_$1.tgz -- $DEFAULT_EMAIL < /dev/null | |
| echo "sending bundle to qmurphy@netsuite.com" | |
| fi | |
| echo "Cleaning up..." | |
| rm -rf $BUNDLE | |
| rm -f /tmp/bundle_$1.tgz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # default variables -- tune as needed. | |
| IPTABLE="/sbin/iptables" | |
| TUNNELIP="" | |
| NETWORKIP="" | |
| # You will probably want to | |
| # allow ssh traffic in as you | |
| # set the openvpn up. | |
| ################################ | |
| #$IPTABLE -A INPUT --source <NETWORK>/24 -p tcp --destination-port 22 -j ACCEPT | |
| # Flush out previous information | |
| ################################ | |
| $IPTABLE -F INPUT | |
| $IPTABLE -F FORWARD | |
| $IPTABLE -A INPUT -p tcp --destination-port 1194 -j ACCEPT | |
| # Set up tunnel connectivity | |
| ################################ | |
| $IPTABLE -I FORWARD -i tun0 -o eth1 -s $TUNNELIP/24 -d $NETWORKIP/24 -m conntrack --ctstate NEW -j ACCEPT | |
| $IPTABLE -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment