Skip to content

Instantly share code, notes, and snippets.

@openoms
Last active January 2, 2023 03:09
Embed
What would you like to do?
A script to connect to sa shared VPN service with openvpn + set up a killswitch with UFW
#!/bin/bash
sudo apt update
sudo apt install openvpn -y
## define config filename and credentials
echo "# Type or paste the config filename and press ENTER:"
read config; echo $config; echo
#config="VPNconfig"
echo "# Type or paste the VPN username and press ENTER:"
read username; echo $username, echo
echo "# Type or paste the VPN password and press ENTER:"
read password; echo $password, echo
# /home/admin/config.scripts/blitz.setconf.sh "/etc/openvpn/$config.conf" "root"
touch $config.conf
sudo chmod 600 $config.conf
# instal dialog
sudo apt install dialog -y
# open dialog
dialog --clear \
--title "Paste the contents of ${config}.conf" \
--editbox "./${config}.conf" 200 200 2> "${config}.conf"
# move file
sudo mv $config.conf /etc/openvpn/$config.conf
sudo chown root:root /etc/openvpn/$config.conf
echo "\
$username
$password
" | sudo tee /etc/openvpn/auth.txt
sudo chmod 600 /etc/openvpn/auth.txt
sudo sed -i 's/auth-user-pass/auth-user-pass auth.txt/g' /etc/openvpn/auth.txt
## test
time curl https://api.ipify.org
time curl https://api.ipify.org
time curl https://api.ipify.org
## Autostart
#sudo cp $your_config.ovpn autostart.conf
#sudo sed -i "s/#AUTOSTART=\"all\"/AUTOSTART=\"autostart\"/g" /etc/default/openvpn
#sudo systemctl daemon-reload
#sudo systemctl restart openvpn
#sudo mv /etc/openvpn/$config.ovpn /etc/openvpn/$config.conf
sudo systemctl start openvpn@$config
## test
sleep 10
time curl https://api.ipify.org
## disable IPv6
echo "\
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
if grep 1 < /proc/sys/net/ipv6/conf/all/disable_ipv6 ;then
echo "# Successfully disabled IPv6"
fi
sudo sed -i "s/IPV6=yes/IPV6=no/g" /etc/default/ufw
sudo ufw disable
## Killswitch
## https://www.comparitech.com/blog/vpn-privacy/how-to-make-a-vpn-kill-switch-in-linux-with-ufw/
## collect data
domain=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $2}')
echo $domain
port=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $3}')
echo $port
subnet=$(hostname -I | awk '{print $1}' | cut -d"." -f1-3)
echo $subnet
## UFW
sudo ufw allow in to $subnet.0/24
sudo ufw allow out to $subnet.0/24
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
for i in $(host $domain | awk '{print $4}' );do
echo "# Allowing $i"
sudo ufw allow out to $i port $port proto udp
done
sudo ufw --force enable
## test
sleep 10
time curl https://api.ipify.org
time curl https://api.ipify.org
sleep 10
time torsocks curl https://api.ipify.org
time torsocks curl https://api.ipify.org
@m00ninite
Copy link

Just a little note on this, my raspiblitz was missing the tun0 interface, so I had to add it and reboot before anything would work.
sudo openvpn --mktun --dev -tun0
Might be wise to put this line toward the top of the script

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment