Script to setup OpenVPN server and keys

openvpn_setup.sh

# Create nologin openvpn user
adduser --system --shell /usr/sbin/nologin --no-create-home openvpn
apt install openvpn easy-rsa
apt install iptables-persistent
# Enable IPv4 forwarding
# Optional disable a bunch of IPv6 related stuff
vi /etc/sysctl.d/99-sysctl.conf
sysctl -p
# Create Cert directory
make-cadir /etc/openvpn/certs
# Create Client directory for ovpn clients
mkdir /etc/openvpn/clients
# Config openvpn
cd /etc/openvpn/certs
ln -s openssl-1.0.0.cnf openssl.cnf
export KEY_SIZE=4096
# Edit vars
source ./vars
./clean-all
./build-ca
./build-key-server server
# following line takes a looooog time, enough to brew a cup of fresh coffee!
openssl dhparam 4096 > /etc/openvpn/dh4096.pem
openvpn --genkey --secret /etc/openvpn/certs/keys/ta.key
# Create/edit server config
vi /etc/openvpn/server.conf
systemctl start openvpn
systemctl start openvpn@server
systemctl enable openvpn
systemctl enable openvpn@server
# Verify status of server
systemctl status openvpn*.service

# Create OVPN clients
source ./vars
cd /etc/openvpn/clients
./build-key jpn-hy-ip7
./build-ovpn.sh jpn-hy-ip7