Skip to content

Instantly share code, notes, and snippets.

@verisgit
Forked from dapperfu/pia.sh
Last active October 5, 2018 11:18
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save verisgit/16825ab5bd1726d5020f8fd7e2672340 to your computer and use it in GitHub Desktop.
Save verisgit/16825ab5bd1726d5020f8fd7e2672340 to your computer and use it in GitHub Desktop.
#!/bin/tcsh
# Grab user information.
echo "PrivateInternetAccess OpenVPN Setup:"
echo " https://www.privateinternetaccess.com/"
echo -n "User: "
set user = $<
echo -n "Pass: "
set pass = $<
# Get initial IP address.
if ( -x "/usr/local/bin/wget" ) then
set IP0=`wget -qO- http://wtfismyip.com/text`
else if ( -x "/usr/local/bin/curl" ) then
set IP0=`curl http://wtfismyip.com/text`
else
return 0
exit 0
endif
# Some directories.
set openVPNPort = /usr/ports/security/openvpn
set openVPNDir = /usr/local/etc/openvpn
# Update & upgrade pkgs
/usr/sbin/pkg update -f
/usr/sbin/pkg upgrade -y
# Fetch & extract ports
/usr/sbin/portsnap fetch
/usr/sbin/portsnap extract
# Go to the OpenVPN directory.
cd $openVPNPort
# Change this to a 1 == 1 to use the dialog box to set the options
if (0 == 1) then
/usr/bin/make config-recursive
else
/bin/mkdir -p /var/db/ports/security_openvpn/
echo "# This file is auto-generated by 'make config'." > /var/db/ports/security_openvpn/options
echo "# Options for openvpn-2.3.6_1" >> /var/db/ports/security_openvpn/options
echo "_OPTIONS_READ=openvpn-2.3.6_1" >> /var/db/ports/security_openvpn/options
echo "_FILE_COMPLETE_OPTIONS_LIST=DOCS EASYRSA EXAMPLES PKCS11 PW_SAVE OPENSSL POLARSSL" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_UNSET+=DOCS" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_SET+=EASYRSA" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_UNSET+=EXAMPLES" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_UNSET+=PKCS11" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_SET+=PW_SAVE" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_SET+=OPENSSL" >> /var/db/ports/security_openvpn/options
echo "OPTIONS_FILE_UNSET+=POLARSSL" >> /var/db/ports/security_openvpn/options
/bin/mkdir -p /var/db/ports/archivers_lzo2
echo "# This file is auto-generated by 'make config'" > /var/db/ports/archivers_lzo2/options
echo "# Options for lzo2-2.08_1" >> /var/db/ports/archivers_lzo2/options
echo "_OPTIONS_READ=lzo2-2.08_1" >> /var/db/ports/archivers_lzo2/options
echo "_FILE_COMPLETE_OPTIONS_LIST=DOCS EXAMPLES" >> /var/db/ports/archivers_lzo2/options
echo "OPTIONS_FILE_UNSET+=DOCS" >> /var/db/ports/archivers_lzo2/options
echo "OPTIONS_FILE_UNSET+=EXAMPLES" >> /var/db/ports/archivers_lzo2/options
endif
# Install & Clean OpenVPN
/usr/bin/make install
/usr/bin/make clean
# Make & Change to the OpenVPN Config Directory
/bin/mkdir -p $openVPNDir
cd $openVPNDir
# Grab PIA's OpenVPN settings
if ( -x "/usr/local/bin/wget" ) then
/usr/local/bin/wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate
else if ( -x "/usr/local/bin/curl" ) then
/usr/local/bin/curl -OLk https://www.privateinternetaccess.com/openvpn/openvpn.zip
else
return 0
endif
# Unzip & Delete the file.
/usr/bin/unzip -q /usr/local/etc/openvpn/openvpn.zip
/bin/rm -f /usr/local/etc/openvpn/openvpn.zip
# For each of the ovpn settings.
foreach ovpn (*.ovpn)
# First add to read in the user's information from pass.txt
echo "auth-user-pass $openVPNDir/pass.txt" >> "$ovpn"
# Add the full paths to avoid ambiguity.
sed -i "" "s/crl\.pem/\/usr\/local\/etc\/openvpn\/crl.pem/g" "$ovpn"
sed -i "" "s/ca\.crt/\/usr\/local\/etc\/openvpn\/ca.crt/g" "$ovpn"
# Finally replace the spaces in the filename with underscores.
set ovpn2 = `echo $ovpn | sed "s/ /_/g"`
mv "$ovpn" "$ovpn2"
end
# Add username and pass to the pass.txt
echo $user > "$openVPNDir/pass.txt"
echo -n $pass >> "$openVPNDir/pass.txt"
# Enable openvpn in rc.conf
echo 'openvpn_enable="YES"' >> /etc/rc.conf
echo 'openvpn_configfile="/usr/local/etc/openvpn/Israel.ovpn"' >> /etc/rc.conf
# Setup IP Tables
# Change 192.168.0.0/24 to match your networking requirements
# change media to whatever you are running transmission as (default is transmission)
echo 'add 00010 allow all from any to any via tun0 uid media' > "$openVPNDir/ipfw_rules"
echo 'add 00101 allow all from me to 192.168.1.0/24 via epair* uid media' >> "$openVPNDir/ipfw_rules"
echo 'add 00102 allow all from 192.168.1.0/24 to me via epair* uid media' >> "$openVPNDir/ipfw_rules"
echo 'add 00107 deny all from any to any uid media' >> "$openVPNDir/ipfw_rules"
echo 'add 00001 allow log udp from 192.168.1.0/24 to 8.8.8.8 dst-port 53 keep-state' >> "$openVPNDir/ipfw_rules"
echo 'add 00002 allow log udp from 192.168.1.0/24 to 8.8.4.4 dst-port 53 keep-state' >> "$openVPNDir/ipfw_rules"
# Enable IPFW
echo 'firewall_enable="YES"' >> /etc/rc.conf
echo '/media/Downloads/OVPN/ipfw_rules' >> /etc/rc.conf
# Setup buffers
# can do this under Freenas GUI Tunables > select sysctl as the type
# echo 'kern.ipc.maxsockbuf=5242880' >> /etc/sysctl.conf
# echo 'net.inet.udp.recvspace=4194304' >> /etc/sysctl.conf
# force GoogleDNS
# resolves failed hostname lookups
echo 'search local' > /etc/sysctl.conf
echo 'nameserver 8.8.8.8' >> /etc/sysctl.conf
echo 'nameserver 8.8.4.4' >> /etc/sysctl.conf
# Start OpenVPN
/usr/sbin/service openvpn start
echo "Waiting 10 seconds for OpenVPN to spin up"
sleep 10
# Get the new IP address.
if ( -x "/usr/local/bin/wget" ) then
set IP1=`wget -qO- http://wtfismyip.com/text`
else if ( -x "/usr/local/bin/curl" ) then
set IP1=`curl http://wtfismyip.com/text`
else
return 0
exit 0
endif
# Compare and Contrast.
echo "If these are different, OpenVPN is working"
echo "Old IP: $IP0"
echo "New IP: $IP1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment