yasyf/openvpn-install.sh

## openvpn-install.sh
#!/bin/bash
#OpenVPN Server on CentOS OpenVZ VPS Script by Yasyf Mohamedali (http://blog.yasyf.com/2012/08/01/openvpn-server-on-a-centos-openvz-vps)
#Adapted from various scripts around the net, including http://www.openvz.ca/blog/2010/11/18/setup-tuntap-openvpn-server-openvz-5-minutes/
#https://gist.github.com/3230440
tunstate=`cat /dev/net/tun`
	if [ "$tunstate" = "cat: /dev/net/tun: Permission denied" ]
	then
	clear
	echo "Sorry, but it seems that TUN/TAP is not enabled on your VPS."
	exit
	fi
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
yum install -y gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl openssl-devel
cd /etc/yum.repos.d
wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-CentOS6-snapshots.repo
yum update
yum -y install openvpn
cd /etc/openvpn/
rsaLoc="$(cd /usr/share/doc/openvpn-2.*/easy-rsa/;pwd)/"
cp -R $rsaLoc /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
source ./vars
echo "####################################"
echo "If you set a passphrase during this step you will need to"
echo "type a password each time openvpn starts."
echo "Accepting the default values (just press enter at each step) will also work."
echo "####################################"
./clean-all
./build-ca
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
echo "####################################"
echo "Accepting the default values (just press enter at each step) will also work."
echo "This is your client key, you may set a passphrase here but it's not required"
echo "If you do set a password here, you will need to enter it each time you use it on your machine to connect"
echo "####################################"
./build-key client1
cd keys/
client="
client
remote $ip 1194
dev tun
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 10.10.10.1
verb 3"
echo "$client" > $HOSTNAME.ovpn
tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv openvpn-keys.tgz ~

ovpnsettings='
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
server 10.8.0.0 255.255.255.0
dh dh1024.pem
ifconfig-pool-persist ipp.txt
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
verb 1
mute 10
ccd-exclusive
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
push "redirect-gateway def1 bypass-dhcp"
ping-timer-rem
daemon'
echo "$ovpnsettings" > /etc/openvpn/openvpn.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source $ip
iptables-save > /etc/sysconfig/iptables
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
yum install dnsmasq
/etc/init.d/dnsmasq start
chkconfig dnsmasq on
/etc/init.d/openvpn start
chkconfig openvpn on
echo "OpenVPN has been installed
Download ~/openvpn-keys.tgz archive and open the .ovpn file inside it in an OpenVPN Client Application"
echo "Adapted and Published By Yasyf Mohamedali (http://www.yasyf.com) at http://blog.yasyf.com/coding/openvpn-server-on-a-centos-openvz-vps"
echo "If you found this useful, feel free to donate at http://blog.yasyf.com/donate"
	#!/bin/bash
	#OpenVPN Server on CentOS OpenVZ VPS Script by Yasyf Mohamedali (http://blog.yasyf.com/2012/08/01/openvpn-server-on-a-centos-openvz-vps)
	#Adapted from various scripts around the net, including http://www.openvz.ca/blog/2010/11/18/setup-tuntap-openvpn-server-openvz-5-minutes/
	#https://gist.github.com/3230440
	tunstate=`cat /dev/net/tun`
	if [ "$tunstate" = "cat: /dev/net/tun: Permission denied" ]
	then
	clear
	echo "Sorry, but it seems that TUN/TAP is not enabled on your VPS."
	exit
	fi
	ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 \| awk -F= '{print $2}'`
	yum install -y gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl openssl-devel
	cd /etc/yum.repos.d
	wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-CentOS6-snapshots.repo
	yum update
	yum -y install openvpn
	cd /etc/openvpn/
	rsaLoc="$(cd /usr/share/doc/openvpn-2.*/easy-rsa/;pwd)/"
	cp -R $rsaLoc /etc/openvpn/
	cd /etc/openvpn/easy-rsa/2.0/
	chmod +rwx *
	source ./vars
	echo "####################################"
	echo "If you set a passphrase during this step you will need to"
	echo "type a password each time openvpn starts."
	echo "Accepting the default values (just press enter at each step) will also work."
	echo "####################################"
	./clean-all
	./build-ca
	./build-key-server server
	./build-dh
	cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
	echo "####################################"
	echo "Accepting the default values (just press enter at each step) will also work."
	echo "This is your client key, you may set a passphrase here but it's not required"
	echo "If you do set a password here, you will need to enter it each time you use it on your machine to connect"
	echo "####################################"
	./build-key client1
	cd keys/
	client="
	client
	remote $ip 1194
	dev tun
	comp-lzo
	ca ca.crt
	cert client1.crt
	key client1.key
	route-delay 2
	route-method exe
	redirect-gateway def1
	dhcp-option DNS 10.10.10.1
	verb 3"
	echo "$client" > $HOSTNAME.ovpn
	tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
	mv openvpn-keys.tgz ~

	ovpnsettings='
	port 1194
	proto tcp
	dev tun
	ca ca.crt
	cert server.crt
	key server.key
	server 10.8.0.0 255.255.255.0
	dh dh1024.pem
	ifconfig-pool-persist ipp.txt
	comp-lzo
	keepalive 10 60
	ping-timer-rem
	persist-tun
	persist-key
	verb 1
	mute 10
	ccd-exclusive
	push "route 10.8.0.0 255.255.255.0"
	push "dhcp-option DNS 10.8.0.1"
	push "redirect-gateway def1 bypass-dhcp"
	ping-timer-rem
	daemon'
	echo "$ovpnsettings" > /etc/openvpn/openvpn.conf
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
	iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
	iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source $ip
	iptables-save > /etc/sysconfig/iptables
	sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
	yum install dnsmasq
	/etc/init.d/dnsmasq start
	chkconfig dnsmasq on
	/etc/init.d/openvpn start
	chkconfig openvpn on
	echo "OpenVPN has been installed
	Download ~/openvpn-keys.tgz archive and open the .ovpn file inside it in an OpenVPN Client Application"
	echo "Adapted and Published By Yasyf Mohamedali (http://www.yasyf.com) at http://blog.yasyf.com/coding/openvpn-server-on-a-centos-openvz-vps"
	echo "If you found this useful, feel free to donate at http://blog.yasyf.com/donate"