-
-
Save verisgit/16825ab5bd1726d5020f8fd7e2672340 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/tcsh | |
# Grab user information. | |
echo "PrivateInternetAccess OpenVPN Setup:" | |
echo " https://www.privateinternetaccess.com/" | |
echo -n "User: " | |
set user = $< | |
echo -n "Pass: " | |
set pass = $< | |
# Get initial IP address. | |
if ( -x "/usr/local/bin/wget" ) then | |
set IP0=`wget -qO- http://wtfismyip.com/text` | |
else if ( -x "/usr/local/bin/curl" ) then | |
set IP0=`curl http://wtfismyip.com/text` | |
else | |
return 0 | |
exit 0 | |
endif | |
# Some directories. | |
set openVPNPort = /usr/ports/security/openvpn | |
set openVPNDir = /usr/local/etc/openvpn | |
# Update & upgrade pkgs | |
/usr/sbin/pkg update -f | |
/usr/sbin/pkg upgrade -y | |
# Fetch & extract ports | |
/usr/sbin/portsnap fetch | |
/usr/sbin/portsnap extract | |
# Go to the OpenVPN directory. | |
cd $openVPNPort | |
# Change this to a 1 == 1 to use the dialog box to set the options | |
if (0 == 1) then | |
/usr/bin/make config-recursive | |
else | |
/bin/mkdir -p /var/db/ports/security_openvpn/ | |
echo "# This file is auto-generated by 'make config'." > /var/db/ports/security_openvpn/options | |
echo "# Options for openvpn-2.3.6_1" >> /var/db/ports/security_openvpn/options | |
echo "_OPTIONS_READ=openvpn-2.3.6_1" >> /var/db/ports/security_openvpn/options | |
echo "_FILE_COMPLETE_OPTIONS_LIST=DOCS EASYRSA EXAMPLES PKCS11 PW_SAVE OPENSSL POLARSSL" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_UNSET+=DOCS" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_SET+=EASYRSA" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_UNSET+=EXAMPLES" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_UNSET+=PKCS11" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_SET+=PW_SAVE" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_SET+=OPENSSL" >> /var/db/ports/security_openvpn/options | |
echo "OPTIONS_FILE_UNSET+=POLARSSL" >> /var/db/ports/security_openvpn/options | |
/bin/mkdir -p /var/db/ports/archivers_lzo2 | |
echo "# This file is auto-generated by 'make config'" > /var/db/ports/archivers_lzo2/options | |
echo "# Options for lzo2-2.08_1" >> /var/db/ports/archivers_lzo2/options | |
echo "_OPTIONS_READ=lzo2-2.08_1" >> /var/db/ports/archivers_lzo2/options | |
echo "_FILE_COMPLETE_OPTIONS_LIST=DOCS EXAMPLES" >> /var/db/ports/archivers_lzo2/options | |
echo "OPTIONS_FILE_UNSET+=DOCS" >> /var/db/ports/archivers_lzo2/options | |
echo "OPTIONS_FILE_UNSET+=EXAMPLES" >> /var/db/ports/archivers_lzo2/options | |
endif | |
# Install & Clean OpenVPN | |
/usr/bin/make install | |
/usr/bin/make clean | |
# Make & Change to the OpenVPN Config Directory | |
/bin/mkdir -p $openVPNDir | |
cd $openVPNDir | |
# Grab PIA's OpenVPN settings | |
if ( -x "/usr/local/bin/wget" ) then | |
/usr/local/bin/wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate | |
else if ( -x "/usr/local/bin/curl" ) then | |
/usr/local/bin/curl -OLk https://www.privateinternetaccess.com/openvpn/openvpn.zip | |
else | |
return 0 | |
endif | |
# Unzip & Delete the file. | |
/usr/bin/unzip -q /usr/local/etc/openvpn/openvpn.zip | |
/bin/rm -f /usr/local/etc/openvpn/openvpn.zip | |
# For each of the ovpn settings. | |
foreach ovpn (*.ovpn) | |
# First add to read in the user's information from pass.txt | |
echo "auth-user-pass $openVPNDir/pass.txt" >> "$ovpn" | |
# Add the full paths to avoid ambiguity. | |
sed -i "" "s/crl\.pem/\/usr\/local\/etc\/openvpn\/crl.pem/g" "$ovpn" | |
sed -i "" "s/ca\.crt/\/usr\/local\/etc\/openvpn\/ca.crt/g" "$ovpn" | |
# Finally replace the spaces in the filename with underscores. | |
set ovpn2 = `echo $ovpn | sed "s/ /_/g"` | |
mv "$ovpn" "$ovpn2" | |
end | |
# Add username and pass to the pass.txt | |
echo $user > "$openVPNDir/pass.txt" | |
echo -n $pass >> "$openVPNDir/pass.txt" | |
# Enable openvpn in rc.conf | |
echo 'openvpn_enable="YES"' >> /etc/rc.conf | |
echo 'openvpn_configfile="/usr/local/etc/openvpn/Israel.ovpn"' >> /etc/rc.conf | |
# Setup IP Tables | |
# Change 192.168.0.0/24 to match your networking requirements | |
# change media to whatever you are running transmission as (default is transmission) | |
echo 'add 00010 allow all from any to any via tun0 uid media' > "$openVPNDir/ipfw_rules" | |
echo 'add 00101 allow all from me to 192.168.1.0/24 via epair* uid media' >> "$openVPNDir/ipfw_rules" | |
echo 'add 00102 allow all from 192.168.1.0/24 to me via epair* uid media' >> "$openVPNDir/ipfw_rules" | |
echo 'add 00107 deny all from any to any uid media' >> "$openVPNDir/ipfw_rules" | |
echo 'add 00001 allow log udp from 192.168.1.0/24 to 8.8.8.8 dst-port 53 keep-state' >> "$openVPNDir/ipfw_rules" | |
echo 'add 00002 allow log udp from 192.168.1.0/24 to 8.8.4.4 dst-port 53 keep-state' >> "$openVPNDir/ipfw_rules" | |
# Enable IPFW | |
echo 'firewall_enable="YES"' >> /etc/rc.conf | |
echo '/media/Downloads/OVPN/ipfw_rules' >> /etc/rc.conf | |
# Setup buffers | |
# can do this under Freenas GUI Tunables > select sysctl as the type | |
# echo 'kern.ipc.maxsockbuf=5242880' >> /etc/sysctl.conf | |
# echo 'net.inet.udp.recvspace=4194304' >> /etc/sysctl.conf | |
# force GoogleDNS | |
# resolves failed hostname lookups | |
echo 'search local' > /etc/sysctl.conf | |
echo 'nameserver 8.8.8.8' >> /etc/sysctl.conf | |
echo 'nameserver 8.8.4.4' >> /etc/sysctl.conf | |
# Start OpenVPN | |
/usr/sbin/service openvpn start | |
echo "Waiting 10 seconds for OpenVPN to spin up" | |
sleep 10 | |
# Get the new IP address. | |
if ( -x "/usr/local/bin/wget" ) then | |
set IP1=`wget -qO- http://wtfismyip.com/text` | |
else if ( -x "/usr/local/bin/curl" ) then | |
set IP1=`curl http://wtfismyip.com/text` | |
else | |
return 0 | |
exit 0 | |
endif | |
# Compare and Contrast. | |
echo "If these are different, OpenVPN is working" | |
echo "Old IP: $IP0" | |
echo "New IP: $IP1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment