pir2/openvpn-install.sh

## openvpn-install.sh
#!/bin/bash
#OpenVPN Installer for Centos 5 & 6
#Prequisites
#Known issues Centos 6 isnt currently working due to ca.crt error
#Written by Onessa credits to Keith from SaveSrv.net for tutorial I used as base Original Tutorial > https://safesrv.net/install-openvpn-on-centos/
if [ $USER != 'root' ]
then
echo "REQUIRES ROOT"
exit 0
fi

read -p "Which IP do you want to use [I,E]?" IPADDRESSCHOICE
echo $IPADDRESSCHOICE

if [[ "$IPADDRESSCHOICE" = "E" || "$IPADDRESSCHOICE" = "e" ]]
then
    ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
elif [[ "$IPADDRESSCHOICE" = "I" || "$IPADDRESSCHOICE" = "i" ]]
then
    ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:1 | awk -F= '{print $2}'`
fi

externalip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`

echo "externalip: " $externalip
echo "selected IP: " $ip

###Determine OS Version and Architecture
read -p "What version of Centos are you Running? [5,6]?" VERSION
echo $VERSION
ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/')

###Determine Server IP
yum install wget -y

###Installing OpenVpn Dependicies
echo Installing OpenVpn Dependicies
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

###Download LZO RPM and Configure RPMForge Repo
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
echo Downloaded LZO RPM

##Download RPMForge Repo
if [[ "$VERSION" = "5" && "$ARCH" = "32" ]]
then
    wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
elif [[ "$VERSION" = "5" && "$ARCH" = "64" ]]
then
    wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
elif [[ "$VERSION" = "6" && "$ARCH" = "32" ]]
then
    wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm
elif [[ "$VERSION" = "6" && "$ARCH" = "64" ]]
then
    wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
fi

echo Downloaded Centos $VERSION $ARCH Rpmforge RPM

###Build the rpm packages
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*
echo rpm packages built

###Install OpenVPN
yum -y install openvpn openssl openssl-devel
echo Openvpn installed

###Copy the easy-rsa folder to /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
echo easy-rsa copied to /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
./vars
source ./vars
./clean-all

###CentOS 6 patch for /etc/openvpn/easy-rsa/2.0/vars
#OLDRSA="export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`"
#NEWRSA="export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf"
if [ ["$VERSION" = "6" ];
then
    sed -i 's/export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`/export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf/g'  /etc/openvpn/easy-rsa/2.0/vars
fi
echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/

client="
client
remote $externalip 1194
dev tun
comp-lzo
cipher AES-256-CBC
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
verb 3"

echo "$client" > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn='
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
cipher AES-256-CBC
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon'

echo "$opvpn" > /etc/openvpn/openvpn.conf

###Save it and start OpenVPN
service openvpn start

read -p "Do you want to install Webmin, and MTR? [y,n]?" Yourchoice
echo $Yourchoice

if [[ "$Yourchoice" = "Y" || "$Yourchoice" = "y" ]]
then
    yum -y install perl-Net-SSLeay
    cd /usr/src
    wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm
    rpm -i webmin-1.510-1.noarch.rpm
    yum install mtr -y
elif [[ "$Yourchoice" = "N" || "$Yourchoice" = "n" ]]
then
    exit
fi

###enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
sysctl -p
echo ipv4 forwarding enabled

###Route Iptables
echo iptables setup
iptables -F
read -p "What type of Virtualization are you using? [openvz,xen,kvm]?" VMVIRTTYPE
echo $VMVIRTTYPE

if [ "$VMVIRTTYPE" = "openvz" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $ip
      #iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source $ip
elif [ "$VMVIRTTYPE" = "xen" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
elif [ "$VMVIRTTYPE" = "kvm" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
fi
service iptables save
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo iptables configured and saved

echo "OpenVPN has been installed
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
Start openvpn-gui, right click the tray icon go to vpn and click connect
For support/bug reports email us at support@vpsnoc.com"
	#!/bin/bash
	#OpenVPN Installer for Centos 5 & 6
	#Prequisites
	#Known issues Centos 6 isnt currently working due to ca.crt error
	#Written by Onessa credits to Keith from SaveSrv.net for tutorial I used as base Original Tutorial > https://safesrv.net/install-openvpn-on-centos/
	if [ $USER != 'root' ]
	then
	echo "REQUIRES ROOT"
	exit 0
	fi

	read -p "Which IP do you want to use [I,E]?" IPADDRESSCHOICE
	echo $IPADDRESSCHOICE

	if [[ "$IPADDRESSCHOICE" = "E" \|\| "$IPADDRESSCHOICE" = "e" ]]
	then
	ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 \| awk -F= '{print $2}'`
	elif [[ "$IPADDRESSCHOICE" = "I" \|\| "$IPADDRESSCHOICE" = "i" ]]
	then
	ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:1 \| awk -F= '{print $2}'`
	fi

	externalip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 \| awk -F= '{print $2}'`

	echo "externalip: " $externalip
	echo "selected IP: " $ip

	###Determine OS Version and Architecture
	read -p "What version of Centos are you Running? [5,6]?" VERSION
	echo $VERSION
	ARCH=$(uname -m \| sed 's/x86_//;s/i[3-6]86/32/')

	###Determine Server IP
	yum install wget -y

	###Installing OpenVpn Dependicies
	echo Installing OpenVpn Dependicies
	yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

	###Download LZO RPM and Configure RPMForge Repo
	wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
	echo Downloaded LZO RPM

	##Download RPMForge Repo
	if [[ "$VERSION" = "5" && "$ARCH" = "32" ]]
	then
	wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
	elif [[ "$VERSION" = "5" && "$ARCH" = "64" ]]
	then
	wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
	elif [[ "$VERSION" = "6" && "$ARCH" = "32" ]]
	then
	wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm
	elif [[ "$VERSION" = "6" && "$ARCH" = "64" ]]
	then
	wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
	fi

	echo Downloaded Centos $VERSION $ARCH Rpmforge RPM

	###Build the rpm packages
	rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
	rpm -Uvh lzo-*.rpm
	rpm -Uvh rpmforge-release*
	echo rpm packages built

	###Install OpenVPN
	yum -y install openvpn openssl openssl-devel
	echo Openvpn installed

	###Copy the easy-rsa folder to /etc/openvpn/
	cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
	echo easy-rsa copied to /etc/openvpn/
	cd /etc/openvpn/easy-rsa/2.0/
	chmod +rwx *
	./vars
	source ./vars
	./clean-all

	###CentOS 6 patch for /etc/openvpn/easy-rsa/2.0/vars
	#OLDRSA="export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`"
	#NEWRSA="export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf"
	if [ ["$VERSION" = "6" ];
	then
	sed -i 's/export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`/export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf/g' /etc/openvpn/easy-rsa/2.0/vars
	fi
	echo -e "\n\n\n\n\n\n\n" \| ./build-ca
	clear
	echo "####################################"
	echo "Feel free to accept default values"
	echo "Wouldn't recommend setting a password here"
	echo "Then you'd have to type in the password each time openVPN starts/restarts"
	echo "####################################"
	./build-key-server server
	./build-dh
	cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

	clear
	echo "####################################"
	echo "Feel free to accept default values"
	echo "This is your client key, you may set a password here but it's not required"
	echo "####################################"
	./build-key client1
	cd keys/

	client="
	client
	remote $externalip 1194
	dev tun
	comp-lzo
	cipher AES-256-CBC
	ca ca.crt
	cert client1.crt
	key client1.key
	route-delay 2
	route-method exe
	redirect-gateway def1
	dhcp-option DNS 8.8.8.8
	verb 3"

	echo "$client" > $HOSTNAME.ovpn

	tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
	mv keys.tgz /root

	opvpn='
	dev tun
	server 10.8.0.0 255.255.255.0
	ifconfig-pool-persist ipp.txt
	cipher AES-256-CBC
	ca ca.crt
	cert server.crt
	key server.key
	dh dh1024.pem
	push "route 10.8.0.0 255.255.255.0"
	push "redirect-gateway def1"
	comp-lzo
	keepalive 10 60
	ping-timer-rem
	persist-tun
	persist-key
	group nobody
	daemon'

	echo "$opvpn" > /etc/openvpn/openvpn.conf

	###Save it and start OpenVPN
	service openvpn start

	read -p "Do you want to install Webmin, and MTR? [y,n]?" Yourchoice
	echo $Yourchoice

	if [[ "$Yourchoice" = "Y" \|\| "$Yourchoice" = "y" ]]
	then
	yum -y install perl-Net-SSLeay
	cd /usr/src
	wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm
	rpm -i webmin-1.510-1.noarch.rpm
	yum install mtr -y
	elif [[ "$Yourchoice" = "N" \|\| "$Yourchoice" = "n" ]]
	then
	exit
	fi

	###enable IP forwarding
	echo 1 > /proc/sys/net/ipv4/ip_forward
	sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
	sysctl -p
	echo ipv4 forwarding enabled

	###Route Iptables
	echo iptables setup
	iptables -F
	read -p "What type of Virtualization are you using? [openvz,xen,kvm]?" VMVIRTTYPE
	echo $VMVIRTTYPE

	if [ "$VMVIRTTYPE" = "openvz" ]
	then
	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $ip
	#iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source $ip
	elif [ "$VMVIRTTYPE" = "xen" ]
	then
	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
	elif [ "$VMVIRTTYPE" = "kvm" ]
	then
	iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
	fi
	service iptables save
	sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix
	echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
	echo iptables configured and saved

	echo "OpenVPN has been installed
	Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
	Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
	Start openvpn-gui, right click the tray icon go to vpn and click connect
	For support/bug reports email us at support@vpsnoc.com"