#!/bin/bash # Interactive OpenVPN install script on a OpenVZ VPS # Tested on CentOS versions 5 to 5.5 # 2011 v1.2 # Author Denis D. # http://bluemodule.com/software/openvpn-install-script-for-openvz-vps/ echo "################################################" echo "Interactive OpenVPN Install Script for OpenVZ VPS Machines v1.2" echo "by Denis D. http://www.bluemodule.com" echo "Should work on various rpm-based Linux distos." echo "Tested on CentOS ditros version 5 to 5.5" echo echo "Make sure to message your provider and have them enable" echo "TUN, PPP, IPtables, and NAT modules prior to setting up OpenVPN." echo echo "You need to set up the server before creating more client keys." echo "A separate client keyset is required per connection or machine." echo "When creating certificated you can put \".\" to skip a field for all fields" echo "except for \"Common Name\" and password fields." echo "################################################" echo echo echo "################################################" echo "Select on option:" echo "1) Set up new OpenVPN server AND create one client" echo "2) Create additional clients" echo "################################################" read x if test $x -eq 1; then echo "Specify server port number that you want the server to use (eg. 54):" read p echo "Enter client username that you want to create (eg. client1):" read c # get the venet0:0 IP ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'` echo echo echo "################################################" echo "Downloading OpenVPN 2.0.9 and LZO compression library" echo "################################################" mkdir /etc/ovpn_install cd /etc/ovpn_install wget http://openvpn.net/release/openvpn-2.0.9.tar.gz wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm echo echo echo "################################################" echo "Downloading and Installing Dependencies" echo "################################################" yum -y install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make gcc echo echo echo "################################################" echo "Building From Source" echo "################################################" rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm rpmbuild -tb openvpn-2.0.9.tar.gz rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm echo echo echo "################################################" echo "Creating Server Config" echo "\"Common Name\" must be filled." echo "Please insert : server" echo "################################################" cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/ # creating server.conf file echo "local $ip" > /etc/openvpn/server.conf echo "port $p" >> /etc/openvpn/server.conf echo "proto udp" >> /etc/openvpn/server.conf echo "dev tun" >> /etc/openvpn/server.conf echo "ca /etc/openvpn/keys/ca.crt" >> /etc/openvpn/server.conf echo "cert /etc/openvpn/keys/server.crt" >> /etc/openvpn/server.conf echo "key /etc/openvpn/keys/server.key" >> /etc/openvpn/server.conf echo "dh /etc/openvpn/keys/dh1024.pem" >> /etc/openvpn/server.conf echo "server 10.9.0.0 255.255.255.0" >> /etc/openvpn/server.conf echo "ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf echo "push \"redirect-gateway def1\" " >> /etc/openvpn/server.conf echo "push \"dhcp-option DNS 208.67.222.222\" " >> /etc/openvpn/server.conf echo "push \"dhcp-option DNS 208.67.220.220\" " >> /etc/openvpn/server.conf echo "keepalive 5 30" >> /etc/openvpn/server.conf echo "comp-lzo" >> /etc/openvpn/server.conf echo "persist-key" >> /etc/openvpn/server.conf echo "persist-tun" >> /etc/openvpn/server.conf echo "status server-tcp.log" >> /etc/openvpn/server.conf echo "verb 3" >> /etc/openvpn/server.conf cd /etc/openvpn/easy-rsa/2.0/ source ./vars ./vars ./clean-all echo echo echo "################################################" echo "Building Certifcate Authority" echo "\"Common Name\" must be filled." echo "################################################" ./build-ca echo echo echo "################################################" echo "Building Server Certificate" echo "\"Common Name\" must be filled." echo "Please insert : server" echo "################################################" ./build-key-server server ./build-dh cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R echo echo echo "################################################" echo "Starting Server" echo "################################################" service openvpn start echo echo echo "################################################" echo "Forwarding IPv4 and Enabling It On-boot" echo "################################################" echo 1 > /proc/sys/net/ipv4/ip_forward # saves ipv4 forwarding and and enables it on-boot sed -e 's/\(net.ipv4.ip_forward =\) 0/\1 1/g' /etc/sysctl.conf > /etc/tempsysclt cat /etc/tempsysclt > /etc/sysctl.conf rm -f /etc/tempsysclt echo echo echo "################################################" echo "Updating IPtables Routing and Enabling It On-boot" echo "################################################" tunip=`/sbin/ifconfig tun0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1` iptables -t nat -A POSTROUTING -s $tunip/24 -j SNAT --to $ip # saves iptables routing rules and enables them on-boot /sbin/service iptables save chkconfig iptables on echo echo echo "################################################" echo "Building certificate for client $c" echo "\"Common Name\" must be filled." echo "Please insert like same cert : $c" echo "################################################" ./build-key $c echo "client " > /etc/openvpn/keys/$c.ovpn echo "dev tun " >> /etc/openvpn/keys/$c.ovpn echo "proto udp " >> /etc/openvpn/keys/$c.ovpn echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn echo "nobind " >> /etc/openvpn/keys/$c.ovpn echo "persist-key " >> /etc/openvpn/keys/$c.ovpn echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys cd /etc/openvpn/keys/ tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn echo echo echo "################################################" echo "OpenVPN server successfully installed." echo "One client keyset for $c generated." echo "To connect:" echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP." echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory" echo "3) Extract the contents of clientkeys.tgz to the VPN folder." echo "4) Start openvpn-gui, right click the tray icon and click Connect." echo echo "To generate additonal client keysets, run the script again with option #2." echo "################################################" # runs this if option 2 is selected elif test $x -eq 2; then echo "Enter client username that you want to create (eg. client2):" read c ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'` p=`grep -n 'port' /etc/openvpn/server.conf | cut -d' ' -f2` echo echo echo "################################################" echo "Building certificate for client $c" echo "\"Common Name\" must be filled." echo "Please insert like same cert : $c" echo "################################################" cd /etc/openvpn/easy-rsa/2.0 source ./vars ./vars ./build-key $c echo "client " > /etc/openvpn/keys/$c.ovpn echo "dev tun " >> /etc/openvpn/keys/$c.ovpn echo "proto udp " >> /etc/openvpn/keys/$c.ovpn echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn echo "nobind " >> /etc/openvpn/keys/$c.ovpn echo "persist-key " >> /etc/openvpn/keys/$c.ovpn echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys cd /etc/openvpn/keys/ tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn echo echo echo "################################################" echo "One client keyset for $c generated." echo "To connect:" echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP." echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory " echo "3) Extract the contents of clientkeys.tgz to the VPN folder." echo "4) Start openvpn-gui, right click the tray icon and click Connect." echo "################################################" else echo "Invalid selection, quitting." exit fi