-
-
Save alexmerser/b9023679b540042616c3 to your computer and use it in GitHub Desktop.
OpenVPN Server on CentOS OpenVZ VPS v2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#OpenVPN Installer for Centos 5 & 6 | |
#Prequisites | |
#Known issues Centos 6 isnt currently working due to ca.crt error | |
#Written by Onessa credits to Keith from SaveSrv.net for tutorial I used as base Original Tutorial > https://safesrv.net/install-openvpn-on-centos/ | |
if [ $USER != 'root' ] | |
then | |
echo "REQUIRES ROOT" | |
exit 0 | |
fi | |
read -p "Which IP do you want to use [I,E]?" IPADDRESSCHOICE | |
echo $IPADDRESSCHOICE | |
if [[ "$IPADDRESSCHOICE" = "E" || "$IPADDRESSCHOICE" = "e" ]] | |
then | |
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'` | |
elif [[ "$IPADDRESSCHOICE" = "I" || "$IPADDRESSCHOICE" = "i" ]] | |
then | |
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:1 | awk -F= '{print $2}'` | |
fi | |
externalip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'` | |
echo "externalip: " $externalip | |
echo "selected IP: " $ip | |
###Determine OS Version and Architecture | |
read -p "What version of Centos are you Running? [5,6]?" VERSION | |
echo $VERSION | |
ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/') | |
###Determine Server IP | |
yum install wget -y | |
###Installing OpenVpn Dependicies | |
echo Installing OpenVpn Dependicies | |
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y | |
###Download LZO RPM and Configure RPMForge Repo | |
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm | |
echo Downloaded LZO RPM | |
##Download RPMForge Repo | |
if [[ "$VERSION" = "5" && "$ARCH" = "32" ]] | |
then | |
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm | |
elif [[ "$VERSION" = "5" && "$ARCH" = "64" ]] | |
then | |
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm | |
elif [[ "$VERSION" = "6" && "$ARCH" = "32" ]] | |
then | |
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm | |
elif [[ "$VERSION" = "6" && "$ARCH" = "64" ]] | |
then | |
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm | |
fi | |
echo Downloaded Centos $VERSION $ARCH Rpmforge RPM | |
###Build the rpm packages | |
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm | |
rpm -Uvh lzo-*.rpm | |
rpm -Uvh rpmforge-release* | |
echo rpm packages built | |
###Install OpenVPN | |
yum -y install openvpn openssl openssl-devel | |
echo Openvpn installed | |
###Copy the easy-rsa folder to /etc/openvpn/ | |
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/ | |
echo easy-rsa copied to /etc/openvpn/ | |
cd /etc/openvpn/easy-rsa/2.0/ | |
chmod +rwx * | |
./vars | |
source ./vars | |
./clean-all | |
###CentOS 6 patch for /etc/openvpn/easy-rsa/2.0/vars | |
#OLDRSA="export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`" | |
#NEWRSA="export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf" | |
if [ ["$VERSION" = "6" ]; | |
then | |
sed -i 's/export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`/export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf/g' /etc/openvpn/easy-rsa/2.0/vars | |
fi | |
echo -e "\n\n\n\n\n\n\n" | ./build-ca | |
clear | |
echo "####################################" | |
echo "Feel free to accept default values" | |
echo "Wouldn't recommend setting a password here" | |
echo "Then you'd have to type in the password each time openVPN starts/restarts" | |
echo "####################################" | |
./build-key-server server | |
./build-dh | |
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/ | |
clear | |
echo "####################################" | |
echo "Feel free to accept default values" | |
echo "This is your client key, you may set a password here but it's not required" | |
echo "####################################" | |
./build-key client1 | |
cd keys/ | |
client=" | |
client | |
remote $externalip 1194 | |
dev tun | |
comp-lzo | |
cipher AES-256-CBC | |
ca ca.crt | |
cert client1.crt | |
key client1.key | |
route-delay 2 | |
route-method exe | |
redirect-gateway def1 | |
dhcp-option DNS 8.8.8.8 | |
verb 3" | |
echo "$client" > $HOSTNAME.ovpn | |
tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn | |
mv keys.tgz /root | |
opvpn=' | |
dev tun | |
server 10.8.0.0 255.255.255.0 | |
ifconfig-pool-persist ipp.txt | |
cipher AES-256-CBC | |
ca ca.crt | |
cert server.crt | |
key server.key | |
dh dh1024.pem | |
push "route 10.8.0.0 255.255.255.0" | |
push "redirect-gateway def1" | |
comp-lzo | |
keepalive 10 60 | |
ping-timer-rem | |
persist-tun | |
persist-key | |
group nobody | |
daemon' | |
echo "$opvpn" > /etc/openvpn/openvpn.conf | |
###Save it and start OpenVPN | |
service openvpn start | |
read -p "Do you want to install Webmin, and MTR? [y,n]?" Yourchoice | |
echo $Yourchoice | |
if [[ "$Yourchoice" = "Y" || "$Yourchoice" = "y" ]] | |
then | |
yum -y install perl-Net-SSLeay | |
cd /usr/src | |
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm | |
rpm -i webmin-1.510-1.noarch.rpm | |
yum install mtr -y | |
elif [[ "$Yourchoice" = "N" || "$Yourchoice" = "n" ]] | |
then | |
exit | |
fi | |
###enable IP forwarding | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf | |
sysctl -p | |
echo ipv4 forwarding enabled | |
###Route Iptables | |
echo iptables setup | |
iptables -F | |
read -p "What type of Virtualization are you using? [openvz,xen,kvm]?" VMVIRTTYPE | |
echo $VMVIRTTYPE | |
if [ "$VMVIRTTYPE" = "openvz" ] | |
then | |
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $ip | |
#iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source $ip | |
elif [ "$VMVIRTTYPE" = "xen" ] | |
then | |
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | |
elif [ "$VMVIRTTYPE" = "kvm" ] | |
then | |
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | |
fi | |
service iptables save | |
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix | |
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf | |
echo iptables configured and saved | |
echo "OpenVPN has been installed | |
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla | |
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there | |
Start openvpn-gui, right click the tray icon go to vpn and click connect | |
For support/bug reports email us at [email protected]" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment