OpenVPN router setup

ovpn_router.sh

#!/usr/bin/env bash
#
# openvpn router setup:
# Small utility to set up an OpenVPN router
#
# Author: Alejandro Ricoveri <[email protected]>

# network interfaces
i_lan=eth0
i_vpn=tun0 # OpenVPN TUN interface

ovpn_setup() {
    # start the openvpn service
    service openvpn start &> /dev/null

    # Set up IP forwarding
    iptables -I FORWARD -i $i_lan -o $i_vpn -j ACCEPT &> /dev/null
    iptables -I FORWARD -i $i_vpn -o $i_lan -m state -j ACCEPT \
        --state RELATED,ESTABLISHED &> /dev/null
    [ $(sysctl -n net.ipv4.ip_forward) -eq 0 ] \
        && sysctl net.ipv4.ip_forward=1 > /dev/null

    # set up NAT  on outgoing interface
    iptables -t nat -I POSTROUTING -o $i_vpn -j MASQUERADE &> /dev/null
}

ovpn_teardown() {
    # stop the service, first of all
    service openvpn stop &> /dev/null

    # purge any ip forwarding settings (if any)
    iptables -D FORWARD -i $i_lan -o $i_vpn -j ACCEPT &> /dev/null || true
    iptables -D FORWARD -i $i_vpn -o $i_lan -m state -j ACCEPT \
        --state RELATED,ESTABLISHED &> /dev/null || true
    iptables -t nat -D POSTROUTING -o $i_vpn -j MASQUERADE &> /dev/null || true
}

ovpn_help() {
    echo "Usage: $0 (setup|teardown)"
}

# Check for root
[ $(whoami) != "root" ] && echo "I need to have superuser privileges!" && exit 0

# Main decision are taken in here
case $1 in
    setup)
        echo "Setting up OpenVPN ..."
        ovpn_teardown && ovpn_setup ;;
    teardown)
        echo "Tear down OpenVPN ..."
        ovpn_teardown ;;
    *) ovpn_help
esac

exit 0