furlongm · November 20, 2019 21:52
diff --git a/configure-openvpn.sh b/configure-openvpn.sh
 #!/bin/bash

 cadir=/etc/openvpn/easy-rsa/
 openvpn_conf=/etc/openvpn/server.conf

 rm -fr ${cadir}

 grep ID=debian /etc/os-release 2>&1 >/dev/null
 if [ $? -eq 0 ] ; then
  os_family=debian
 fi
 grep -i redhat /etc/os-release 2>&1 >/dev/null
 if [ $? -eq 0 ] ; then
  os_family=redhat
 fi

 if [ "${os_family}" == "debian" ] ; then
  apt-get -y install openvpn easy-rsa
  make-cadir ${cadir}
  gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > ${openvpn_conf}
  pam_module=/usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
 elif [ "${os_family}" == "redhat" ] ; then
  yum -y install epel-release
  yum -y install openvpn easy-rsa policycoreutils-python
  cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf ${openvpn_conf}
  mkdir -p ${cadir}
  cp -a /usr/share/easy-rsa/2.0/* ${cadir}
  setsebool nis_enabled=1
  pam_module=/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
 else
  echo "Unknown OS"
  exit 1
 fi

 cd ${cadir}
 if [ -f easyrsa ] ; then
  echo 'set_var EASYRSA_BATCH = "true"' >> vars
  echo -n yes | ./easyrsa init-pki
  ./easyrsa build-ca nopass
  ./easyrsa build-server-full server nopass
  ./easyrsa gen-dh
  cp pki/dh.pem /etc/openvpn/dh2048.pem
  cp pki/ca.crt /etc/openvpn/
  cp pki/issued/server.crt /etc/openvpn/
  cp pki/private/server.key /etc/openvpn/
 else
  echo 'export KEY_NAME=server' >> vars
  ln -sf openssl-1.0.0.cnf openssl.cnf
  . vars
  ./clean-all
  yes "" | ./build-ca
  (echo -en "\n\n\n\n\n\n\n\n"; sleep 1; echo -en "\n"; sleep 1; echo -en "\n"; sleep 1; echo -en "y\n"; echo -en "y\n") | ./build-key-server server
  ./build-dh
  cd keys
  cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/
 fi

 sed -i -e 's/^;push "re/push "re/' ${openvpn_conf}
 sed -i -e 's/^;user/user/' ${openvpn_conf}
 sed -i -e 's/^;group/group/' ${openvpn_conf}
 sed -i -e 's/^tls/;tls/' ${openvpn_conf}
 sed -i -e 's/^ifconfig/;ifconfig/' ${openvpn_conf}

 echo >> ${openvpn_conf}

 echo 'push "dhcp-option DNS 1.1.1.1"' >> ${openvpn_conf}
 echo 'management 127.0.0.1 5555' >> ${openvpn_conf}
 echo "plugin ${pam_module} login" >> ${openvpn_conf}
 echo 'duplicate-cn' >> ${openvpn_conf}
 echo 'verify-client-cert none' >> ${openvpn_conf}
 echo 'username-as-common-name' >> ${openvpn_conf}
 echo 'compress lz4' >> ${openvpn_conf}

 systemctl enable [email protected]
 systemctl start [email protected]
 systemctl status [email protected]
	#!/bin/bash

	cadir=/etc/openvpn/easy-rsa/
	openvpn_conf=/etc/openvpn/server.conf

	rm -fr ${cadir}

	grep ID=debian /etc/os-release 2>&1 >/dev/null
	if [ $? -eq 0 ] ; then
	os_family=debian
	fi
	grep -i redhat /etc/os-release 2>&1 >/dev/null
	if [ $? -eq 0 ] ; then
	os_family=redhat
	fi

	if [ "${os_family}" == "debian" ] ; then
	apt-get -y install openvpn easy-rsa
	make-cadir ${cadir}
	gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > ${openvpn_conf}
	pam_module=/usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
	elif [ "${os_family}" == "redhat" ] ; then
	yum -y install epel-release
	yum -y install openvpn easy-rsa policycoreutils-python
	cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf ${openvpn_conf}
	mkdir -p ${cadir}
	cp -a /usr/share/easy-rsa/2.0/* ${cadir}
	setsebool nis_enabled=1
	pam_module=/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
	else
	echo "Unknown OS"
	exit 1
	fi

	cd ${cadir}
	if [ -f easyrsa ] ; then
	echo 'set_var EASYRSA_BATCH = "true"' >> vars
	echo -n yes \| ./easyrsa init-pki
	./easyrsa build-ca nopass
	./easyrsa build-server-full server nopass
	./easyrsa gen-dh
	cp pki/dh.pem /etc/openvpn/dh2048.pem
	cp pki/ca.crt /etc/openvpn/
	cp pki/issued/server.crt /etc/openvpn/
	cp pki/private/server.key /etc/openvpn/
	else
	echo 'export KEY_NAME=server' >> vars
	ln -sf openssl-1.0.0.cnf openssl.cnf
	. vars
	./clean-all
	yes "" \| ./build-ca
	(echo -en "\n\n\n\n\n\n\n\n"; sleep 1; echo -en "\n"; sleep 1; echo -en "\n"; sleep 1; echo -en "y\n"; echo -en "y\n") \| ./build-key-server server
	./build-dh
	cd keys
	cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/
	fi

	sed -i -e 's/^;push "re/push "re/' ${openvpn_conf}
	sed -i -e 's/^;user/user/' ${openvpn_conf}
	sed -i -e 's/^;group/group/' ${openvpn_conf}
	sed -i -e 's/^tls/;tls/' ${openvpn_conf}
	sed -i -e 's/^ifconfig/;ifconfig/' ${openvpn_conf}

	echo >> ${openvpn_conf}

	echo 'push "dhcp-option DNS 1.1.1.1"' >> ${openvpn_conf}
	echo 'management 127.0.0.1 5555' >> ${openvpn_conf}
	echo "plugin ${pam_module} login" >> ${openvpn_conf}
	echo 'duplicate-cn' >> ${openvpn_conf}
	echo 'verify-client-cert none' >> ${openvpn_conf}
	echo 'username-as-common-name' >> ${openvpn_conf}
	echo 'compress lz4' >> ${openvpn_conf}

	systemctl enable [email protected]
	systemctl start [email protected]
	systemctl status [email protected]