yasyf · August 1, 2012 20:29 · yasyf · Aug 4, 2012
diff --git a/openvpn-install.sh b/openvpn-install.sh
 #!/bin/bash
 #OpenVPN Server on CentOS OpenVZ VPS Script by Yasyf Mohamedali (http://blog.yasyf.com/2012/08/01/openvpn-server-on-a-centos-openvz-vps)
 #Adapted from various scripts around the net, including http://www.openvz.ca/blog/2010/11/18/setup-tuntap-openvpn-server-openvz-5-minutes/
 #https://gist.github.com/3230440
 tunstate=`cat /dev/net/tun`
 	if [ "$tunstate" = "cat: /dev/net/tun: Permission denied" ]
 	then 
 	clear
 	echo "Sorry, but it seems that TUN/TAP is not enabled on your VPS."
 	exit
 	fi
 ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
 yum install -y gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl openssl-devel
 cd /etc/yum.repos.d
 wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-CentOS6-snapshots.repo
 yum update
 yum -y install openvpn
 cd /etc/openvpn/
 rsaLoc="$(cd /usr/share/doc/openvpn-2.*/easy-rsa/;pwd)/"
 cp -R $rsaLoc /etc/openvpn/
 cd /etc/openvpn/easy-rsa/2.0/
 chmod +rwx *
 source ./vars
 echo "####################################"
 echo "If you set a passphrase during this step you will need to"
 echo "type a password each time openvpn starts."
 echo "Accepting the default values (just press enter at each step) will also work."
 echo "####################################"
 ./clean-all
 ./build-ca
 ./build-key-server server
 ./build-dh
 cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
 echo "####################################"
 echo "Accepting the default values (just press enter at each step) will also work."
 echo "This is your client key, you may set a passphrase here but it's not required"
 echo "If you do set a password here, you will need to enter it each time you use it on your machine to connect"
 echo "####################################"
 ./build-key client1
 cd keys/
 client="
 client
 remote $ip 1194
 dev tun
 comp-lzo
 ca ca.crt
 cert client1.crt
 key client1.key
 route-delay 2
 route-method exe
 redirect-gateway def1
 dhcp-option DNS 10.10.10.1
 verb 3"
 echo "$client" > $HOSTNAME.ovpn
 tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
 mv openvpn-keys.tgz ~

 ovpnsettings='
 port 1194
 proto tcp
 dev tun
 ca ca.crt
 cert server.crt
 key server.key
 server 10.8.0.0 255.255.255.0
 dh dh1024.pem
 ifconfig-pool-persist ipp.txt
 comp-lzo
 keepalive 10 60
 ping-timer-rem
 persist-tun
 persist-key
 verb 1
 mute 10
 ccd-exclusive
 push "route 10.8.0.0 255.255.255.0"
 push "dhcp-option DNS 10.8.0.1"
 push "redirect-gateway def1 bypass-dhcp"
 ping-timer-rem
 daemon'
 echo "$ovpnsettings" > /etc/openvpn/openvpn.conf
 echo 1 > /proc/sys/net/ipv4/ip_forward
 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
 iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT 
 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
 iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source $ip
 iptables-save > /etc/sysconfig/iptables
 sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
 yum install dnsmasq
 /etc/init.d/dnsmasq start
 chkconfig dnsmasq on
 /etc/init.d/openvpn start
 chkconfig openvpn on
 echo "OpenVPN has been installed
 Download ~/openvpn-keys.tgz archive and open the .ovpn file inside it in an OpenVPN Client Application"
 echo "Adapted and Published By Yasyf Mohamedali (http://www.yasyf.com) at http://blog.yasyf.com/coding/openvpn-server-on-a-centos-openvz-vps"
 echo "If you found this useful, feel free to donate at http://blog.yasyf.com/donate"
	#!/bin/bash
	#OpenVPN Server on CentOS OpenVZ VPS Script by Yasyf Mohamedali (http://blog.yasyf.com/2012/08/01/openvpn-server-on-a-centos-openvz-vps)
	#Adapted from various scripts around the net, including http://www.openvz.ca/blog/2010/11/18/setup-tuntap-openvpn-server-openvz-5-minutes/
	#https://gist.github.com/3230440
	tunstate=`cat /dev/net/tun`
	if [ "$tunstate" = "cat: /dev/net/tun: Permission denied" ]
	then
	clear
	echo "Sorry, but it seems that TUN/TAP is not enabled on your VPS."
	exit
	fi
	ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 \| awk -F= '{print $2}'`
	yum install -y gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl openssl-devel
	cd /etc/yum.repos.d
	wget http://repos.openvpn.net/repos/yum/conf/repos.openvpn.net-CentOS6-snapshots.repo
	yum update
	yum -y install openvpn
	cd /etc/openvpn/
	rsaLoc="$(cd /usr/share/doc/openvpn-2.*/easy-rsa/;pwd)/"
	cp -R $rsaLoc /etc/openvpn/
	cd /etc/openvpn/easy-rsa/2.0/
	chmod +rwx *
	source ./vars
	echo "####################################"
	echo "If you set a passphrase during this step you will need to"
	echo "type a password each time openvpn starts."
	echo "Accepting the default values (just press enter at each step) will also work."
	echo "####################################"
	./clean-all
	./build-ca
	./build-key-server server
	./build-dh
	cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
	echo "####################################"
	echo "Accepting the default values (just press enter at each step) will also work."
	echo "This is your client key, you may set a passphrase here but it's not required"
	echo "If you do set a password here, you will need to enter it each time you use it on your machine to connect"
	echo "####################################"
	./build-key client1
	cd keys/
	client="
	client
	remote $ip 1194
	dev tun
	comp-lzo
	ca ca.crt
	cert client1.crt
	key client1.key
	route-delay 2
	route-method exe
	redirect-gateway def1
	dhcp-option DNS 10.10.10.1
	verb 3"
	echo "$client" > $HOSTNAME.ovpn
	tar czf openvpn-keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn
	mv openvpn-keys.tgz ~

	ovpnsettings='
	port 1194
	proto tcp
	dev tun
	ca ca.crt
	cert server.crt
	key server.key
	server 10.8.0.0 255.255.255.0
	dh dh1024.pem
	ifconfig-pool-persist ipp.txt
	comp-lzo
	keepalive 10 60
	ping-timer-rem
	persist-tun
	persist-key
	verb 1
	mute 10
	ccd-exclusive
	push "route 10.8.0.0 255.255.255.0"
	push "dhcp-option DNS 10.8.0.1"
	push "redirect-gateway def1 bypass-dhcp"
	ping-timer-rem
	daemon'
	echo "$ovpnsettings" > /etc/openvpn/openvpn.conf
	echo 1 > /proc/sys/net/ipv4/ip_forward
	echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
	iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
	iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source $ip
	iptables-save > /etc/sysconfig/iptables
	sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
	yum install dnsmasq
	/etc/init.d/dnsmasq start
	chkconfig dnsmasq on
	/etc/init.d/openvpn start
	chkconfig openvpn on
	echo "OpenVPN has been installed
	Download ~/openvpn-keys.tgz archive and open the .ovpn file inside it in an OpenVPN Client Application"
	echo "Adapted and Published By Yasyf Mohamedali (http://www.yasyf.com) at http://blog.yasyf.com/coding/openvpn-server-on-a-centos-openvz-vps"
	echo "If you found this useful, feel free to donate at http://blog.yasyf.com/donate"