Last active
January 2, 2023 03:09
-
-
Save openoms/037bb0e3cccab58bfac5376db37bb57c to your computer and use it in GitHub Desktop.
A script to connect to sa shared VPN service with openvpn + set up a killswitch with UFW
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo apt update | |
| sudo apt install openvpn -y | |
| ## define config filename and credentials | |
| echo "# Type or paste the config filename and press ENTER:" | |
| read config; echo $config; echo | |
| #config="VPNconfig" | |
| echo "# Type or paste the VPN username and press ENTER:" | |
| read username; echo $username, echo | |
| echo "# Type or paste the VPN password and press ENTER:" | |
| read password; echo $password, echo | |
| # /home/admin/config.scripts/blitz.setconf.sh "/etc/openvpn/$config.conf" "root" | |
| touch $config.conf | |
| sudo chmod 600 $config.conf | |
| # instal dialog | |
| sudo apt install dialog -y | |
| # open dialog | |
| dialog --clear \ | |
| --title "Paste the contents of ${config}.conf" \ | |
| --editbox "./${config}.conf" 200 200 2> "${config}.conf" | |
| # move file | |
| sudo mv $config.conf /etc/openvpn/$config.conf | |
| sudo chown root:root /etc/openvpn/$config.conf | |
| echo "\ | |
| $username | |
| $password | |
| " | sudo tee /etc/openvpn/auth.txt | |
| sudo chmod 600 /etc/openvpn/auth.txt | |
| sudo sed -i 's/auth-user-pass/auth-user-pass auth.txt/g' /etc/openvpn/auth.txt | |
| ## test | |
| time curl https://api.ipify.org | |
| time curl https://api.ipify.org | |
| time curl https://api.ipify.org | |
| ## Autostart | |
| #sudo cp $your_config.ovpn autostart.conf | |
| #sudo sed -i "s/#AUTOSTART=\"all\"/AUTOSTART=\"autostart\"/g" /etc/default/openvpn | |
| #sudo systemctl daemon-reload | |
| #sudo systemctl restart openvpn | |
| #sudo mv /etc/openvpn/$config.ovpn /etc/openvpn/$config.conf | |
| sudo systemctl start openvpn@$config | |
| ## test | |
| sleep 10 | |
| time curl https://api.ipify.org | |
| ## disable IPv6 | |
| echo "\ | |
| net.ipv6.conf.all.disable_ipv6=1 | |
| net.ipv6.conf.default.disable_ipv6=1 | |
| net.ipv6.conf.lo.disable_ipv6=1 | |
| " | sudo tee -a /etc/sysctl.conf | |
| sudo sysctl -p | |
| if grep 1 < /proc/sys/net/ipv6/conf/all/disable_ipv6 ;then | |
| echo "# Successfully disabled IPv6" | |
| fi | |
| sudo sed -i "s/IPV6=yes/IPV6=no/g" /etc/default/ufw | |
| sudo ufw disable | |
| ## Killswitch | |
| ## https://www.comparitech.com/blog/vpn-privacy/how-to-make-a-vpn-kill-switch-in-linux-with-ufw/ | |
| ## collect data | |
| domain=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $2}') | |
| echo $domain | |
| port=$(cat /etc/openvpn/$config.conf | grep remote | head -n1 | awk '{print $3}') | |
| echo $port | |
| subnet=$(hostname -I | awk '{print $1}' | cut -d"." -f1-3) | |
| echo $subnet | |
| ## UFW | |
| sudo ufw allow in to $subnet.0/24 | |
| sudo ufw allow out to $subnet.0/24 | |
| sudo ufw default deny outgoing | |
| sudo ufw default deny incoming | |
| sudo ufw allow out on tun0 from any to any | |
| for i in $(host $domain | awk '{print $4}' );do | |
| echo "# Allowing $i" | |
| sudo ufw allow out to $i port $port proto udp | |
| done | |
| sudo ufw --force enable | |
| ## test | |
| sleep 10 | |
| time curl https://api.ipify.org | |
| time curl https://api.ipify.org | |
| sleep 10 | |
| time torsocks curl https://api.ipify.org | |
| time torsocks curl https://api.ipify.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just a little note on this, my raspiblitz was missing the
tun0interface, so I had to add it and reboot before anything would work.sudo openvpn --mktun --dev -tun0Might be wise to put this line toward the top of the script