OpenVPN Server on CentOS OpenVZ VPS v2

openvpn-install.sh

#!/bin/bash
#OpenVPN Installer for Centos 5 & 6
#Prequisites
#Known issues Centos 6 isnt currently working due to ca.crt error
#Written by Onessa credits to Keith from SaveSrv.net for tutorial I used as base Original Tutorial > https://safesrv.net/install-openvpn-on-centos/
if [ $USER != 'root' ]
then
echo "REQUIRES ROOT"
exit 0
fi

read -p "Which IP do you want to use [I,E]?" IPADDRESSCHOICE
echo $IPADDRESSCHOICE

if [[ "$IPADDRESSCHOICE" = "E" || "$IPADDRESSCHOICE" = "e" ]]
then
    ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
elif [[ "$IPADDRESSCHOICE" = "I" || "$IPADDRESSCHOICE" = "i" ]]
then
    ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:1 | awk -F= '{print $2}'`
fi

externalip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`

echo "externalip: " $externalip
echo "selected IP: " $ip

###Determine OS Version and Architecture
read -p "What version of Centos are you Running? [5,6]?" VERSION
echo $VERSION
ARCH=$(uname -m | sed 's/x86_//;s/i[3-6]86/32/')

###Determine Server IP
yum install wget -y

###Installing OpenVpn Dependicies
echo Installing OpenVpn Dependicies
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y

###Download LZO RPM and Configure RPMForge Repo
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
echo Downloaded LZO RPM

##Download RPMForge Repo
if [[ "$VERSION" = "5" && "$ARCH" = "32" ]]
then
    wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
elif [[ "$VERSION" = "5" && "$ARCH" = "64" ]]
then
    wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
elif [[ "$VERSION" = "6" && "$ARCH" = "32" ]]
then
    wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm
elif [[ "$VERSION" = "6" && "$ARCH" = "64" ]]
then
    wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
fi

echo Downloaded Centos $VERSION $ARCH Rpmforge RPM

###Build the rpm packages
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*
echo rpm packages built

###Install OpenVPN
yum -y install openvpn openssl openssl-devel
echo Openvpn installed

###Copy the easy-rsa folder to /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
echo easy-rsa copied to /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
./vars
source ./vars
./clean-all

###CentOS 6 patch for /etc/openvpn/easy-rsa/2.0/vars
#OLDRSA="export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`"
#NEWRSA="export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf"
if [ ["$VERSION" = "6" ];
then 
    sed -i 's/export KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`/export KEY_CONFIG=\/etc\/openvpn\/easy-rsa\/2.0\/openssl-1.0.0.cnf/g'  /etc/openvpn/easy-rsa/2.0/vars
fi
echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/

client="
client
remote $externalip 1194
dev tun
comp-lzo
cipher AES-256-CBC
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
verb 3"

echo "$client" > $HOSTNAME.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
mv keys.tgz /root

opvpn='
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
cipher AES-256-CBC
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon'

echo "$opvpn" > /etc/openvpn/openvpn.conf

###Save it and start OpenVPN
service openvpn start

read -p "Do you want to install Webmin, and MTR? [y,n]?" Yourchoice
echo $Yourchoice

if [[ "$Yourchoice" = "Y" || "$Yourchoice" = "y" ]]
then
    yum -y install perl-Net-SSLeay
    cd /usr/src
    wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm
    rpm -i webmin-1.510-1.noarch.rpm
    yum install mtr -y
elif [[ "$Yourchoice" = "N" || "$Yourchoice" = "n" ]]
then
    exit
fi

###enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
sysctl -p
echo ipv4 forwarding enabled

###Route Iptables
echo iptables setup
iptables -F
read -p "What type of Virtualization are you using? [openvz,xen,kvm]?" VMVIRTTYPE
echo $VMVIRTTYPE

if [ "$VMVIRTTYPE" = "openvz" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $ip
      #iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source $ip
elif [ "$VMVIRTTYPE" = "xen" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
elif [ "$VMVIRTTYPE" = "kvm" ]
then
      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
fi
service iptables save
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix 
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo iptables configured and saved

echo "OpenVPN has been installed
Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of keys.tgz there
Start openvpn-gui, right click the tray icon go to vpn and click connect
For support/bug reports email us at [email protected]"