Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
cd /opt
# Install openvpn
apt-get update
apt-get install openvpn easy-rsa -y
# force vpn server to use amazon's DNS (not dhcp options set)
echo "supersede domain-name-servers 10.0.0.2" >> /etc/dhcp/dhclient.conf
# make a directory for our stuffs
make-cadir certificates && cd certificates
# generate server things
sed -i 's/export KEY_CONFIG.*/export KEY_CONFIG="\$EASY_RSA\/openssl-1.0.0.cnf"/g' vars
source vars
./clean-all
touch keys/index.txt.attr
./pkitool --initca
./pkitool --server server
./build-dh
openvpn --genkey --secret keys/ta.key
cd /opt/certificates/keys
cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn
cd /opt/certificates
echo "port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push \"route 10.0.0.0 255.255.0.0\"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
comp-lzo
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1" > /etc/openvpn/server.conf
IFS=', ' read -r -a domnames <<< "$1"
for element in "${domnames[@]}"
do
echo "push \"dhcp-option DOMAIN $element\"" >> /etc/openvpn/server.conf
done
IFS=', ' read -r -a dnsnames <<< "$2"
for element in "${dnsnames[@]}"
do
echo "push \"dhcp-option DNS $element\"" >> /etc/openvpn/server.conf
done
# allow ip forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "@reboot root iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/crontab
# generate client things
./pkitool client
myip=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
mkdir /opt/client-configs/ && cd /opt/client-configs/
echo "remote $myip 1194
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
mute 20
user nobody
group nogroup
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf" > template.ovpn
cp template.ovpn client.ovpn
echo "<ca>" >> client.ovpn
cat /etc/openvpn/ca.crt >> client.ovpn
echo "</ca>
<cert>" >> client.ovpn
cat /opt/certificates/keys/client.crt >> client.ovpn
echo "</cert>
<key>" >> client.ovpn
cat /opt/certificates/keys/client.key >> client.ovpn
echo "</key>
<tls-auth>" >> client.ovpn
cat /etc/openvpn/ta.key >> client.ovpn
echo "</tls-auth>" >> client.ovpn
# start openvpn
sudo systemctl start openvpn@server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.