Skip to content

Instantly share code, notes, and snippets.

@openoms
Last active Jan 3, 2022
Embed
What would you like to do?
A script to connect to sa shared VPN service with openvpn + set up a killswitch with UFW
#!/bin/bash
sudo apt update
sudo apt install openvpn -y
## define config filename and credentials
echo "# Type or paste the config filename and press ENTER:"
read config; echo $config; echo
#config="VPNconfig"
echo "# Type or paste the VPN username and press ENTER:"
read username; echo $username, echo
echo "# Type or paste the VPN password and press ENTER:"
read password; echo $password, echo
# /home/admin/config.scripts/blitz.setconf.sh "/etc/openvpn/$config.conf" "root"
touch $config.conf
sudo chmod 600 $config.conf
# instal dialog
sudo apt install dialog -y
# open dialog
dialog --clear \
--title "Paste the contents of ${config}.conf" \
--editbox "./${config}.conf" 200 200 2> "${config}.conf"
# move file
sudo mv $config.conf /etc/openvpn/$config.conf
sudo chown root:root /etc/openvpn/$config.conf
echo "\
$username
$password
" | sudo tee /etc/openvpn/auth.txt
sudo chmod 600 /etc/openvpn/auth.txt
sudo sed -i 's/auth-user-pass/auth-user-pass auth.txt/g' /etc/openvpn/auth.txt
## test
time curl https://api.ipify.org
time curl https://api.ipify.org
time curl https://api.ipify.org
## Autostart
#sudo cp $your_config.ovpn autostart.conf
#sudo sed -i "s/#AUTOSTART=\"all\"/AUTOSTART=\"autostart\"/g" /etc/default/openvpn
#sudo systemctl daemon-reload
#sudo systemctl restart openvpn
#sudo mv /etc/openvpn/$config.ovpn /etc/openvpn/$config.conf
sudo systemctl start openvpn@$config
## test
sleep 10
time curl https://api.ipify.org
## disable IPv6
echo "\
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
if grep 1 < /proc/sys/net/ipv6/conf/all/disable_ipv6 ;then
echo "# Successfully disabled IPv6"
fi
sudo sed -i "s/IPV6=yes/IPV6=no/g" /etc/default/ufw
sudo ufw disable
## Killswitch
## https://www.comparitech.com/blog/vpn-privacy/how-to-make-a-vpn-kill-switch-in-linux-with-ufw/
## collect data
domain=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $2}')
echo $domain
port=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $3}')
echo $port
subnet=$(hostname -I | awk '{print $1}' | cut -d"." -f1-3)
echo $subnet
## UFW
sudo ufw allow in to $subnet.0/24
sudo ufw allow out to $subnet.0/24
sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any
for i in $(host $domain | awk '{print $4}' );do
echo "# Allowing $i"
sudo ufw allow out to $i port $port proto udp
done
sudo ufw --force enable
## test
sleep 10
time curl https://api.ipify.org
time curl https://api.ipify.org
sleep 10
time torsocks curl https://api.ipify.org
time torsocks curl https://api.ipify.org
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment