#!/bin/bash
# Interactive OpenVPN install script on a OpenVZ VPS
# Tested on CentOS versions 5 to 5.5
# 2011 v1.2
# Author Denis D.
# http://bluemodule.com/software/openvpn-install-script-for-openvz-vps/

echo "################################################"
echo "Interactive OpenVPN Install Script for OpenVZ VPS Machines v1.2"
echo "by Denis D. http://www.bluemodule.com"
echo "Should work on various rpm-based Linux distos."
echo "Tested on CentOS ditros version 5 to 5.5"
echo
echo "Make sure to message your provider and have them enable"
echo "TUN, PPP, IPtables, and NAT modules prior to setting up OpenVPN."
echo
echo "You need to set up the server before creating more client keys."
echo "A separate client keyset is required per connection or machine."
echo "When creating certificated you can put \".\" to skip a field for all fields"
echo "except for \"Common Name\" and password fields."
echo "################################################"
echo
echo
echo "################################################"
echo "Select on option:"
echo "1) Set up new OpenVPN server AND create one client"
echo "2) Create additional clients"
echo "################################################"
read x
if test $x -eq 1; then
echo "Specify server port number that you want the server to use (eg. 54):"
read p
echo "Enter client username that you want to create (eg. client1):"
read c

# get the venet0:0 IP
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`

echo
echo
echo "################################################"
echo "Downloading OpenVPN 2.0.9 and LZO compression library"
echo "################################################"
mkdir /etc/ovpn_install
cd /etc/ovpn_install
wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

echo
echo
echo "################################################"
echo "Downloading and Installing Dependencies"
echo "################################################"
yum -y install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make gcc

echo
echo
echo "################################################"
echo "Building From Source"
echo "################################################"
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
rpmbuild -tb openvpn-2.0.9.tar.gz
rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

echo
echo
echo "################################################"
echo "Creating Server Config"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

# creating server.conf file
echo "local $ip" > /etc/openvpn/server.conf
echo "port $p" >> /etc/openvpn/server.conf
echo "proto udp" >> /etc/openvpn/server.conf
echo "dev tun" >> /etc/openvpn/server.conf
echo "ca /etc/openvpn/keys/ca.crt" >> /etc/openvpn/server.conf
echo "cert /etc/openvpn/keys/server.crt" >> /etc/openvpn/server.conf
echo "key /etc/openvpn/keys/server.key" >> /etc/openvpn/server.conf
echo "dh /etc/openvpn/keys/dh1024.pem" >> /etc/openvpn/server.conf
echo "server 10.9.0.0 255.255.255.0" >> /etc/openvpn/server.conf
echo "ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo "push \"redirect-gateway def1\" " >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 208.67.222.222\" " >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 208.67.220.220\" " >> /etc/openvpn/server.conf
echo "keepalive 5 30" >> /etc/openvpn/server.conf
echo "comp-lzo" >> /etc/openvpn/server.conf
echo "persist-key" >> /etc/openvpn/server.conf
echo "persist-tun" >> /etc/openvpn/server.conf
echo "status server-tcp.log" >> /etc/openvpn/server.conf
echo "verb 3" >> /etc/openvpn/server.conf

cd /etc/openvpn/easy-rsa/2.0/
source ./vars
./vars
./clean-all

echo
echo
echo "################################################"
echo "Building Certifcate Authority"
echo "\"Common Name\" must be filled."
echo "################################################"
./build-ca

echo
echo
echo "################################################"
echo "Building Server Certificate"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
./build-key-server server
./build-dh

cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R

echo
echo
echo "################################################"
echo "Starting Server"
echo "################################################"
service openvpn start

echo
echo
echo "################################################"
echo "Forwarding IPv4 and Enabling It On-boot"
echo "################################################"
echo 1 > /proc/sys/net/ipv4/ip_forward
# saves ipv4 forwarding and and enables it on-boot
sed -e 's/\(net.ipv4.ip_forward =\) 0/\1 1/g' /etc/sysctl.conf > /etc/tempsysclt
cat /etc/tempsysclt > /etc/sysctl.conf
rm -f /etc/tempsysclt

echo
echo
echo "################################################"
echo "Updating IPtables Routing and Enabling It On-boot"
echo "################################################"
tunip=`/sbin/ifconfig tun0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1`
iptables -t nat -A POSTROUTING -s $tunip/24 -j SNAT --to $ip
# saves iptables routing rules and enables them on-boot
/sbin/service iptables save
chkconfig iptables on

echo
echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
./build-key $c

echo "client " > /etc/openvpn/keys/$c.ovpn
echo "dev tun " >> /etc/openvpn/keys/$c.ovpn
echo "proto udp " >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn
echo "nobind " >> /etc/openvpn/keys/$c.ovpn
echo "persist-key " >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn
echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn

cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys

cd /etc/openvpn/keys/
tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn

echo
echo
echo "################################################"
echo "OpenVPN server successfully installed."
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory"
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect."
echo
echo "To generate additonal client keysets, run the script again with option #2."
echo "################################################"

# runs this if option 2 is selected
elif test $x -eq 2; then
echo "Enter client username that you want to create (eg. client2):"
read c

ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
p=`grep -n 'port' /etc/openvpn/server.conf | cut -d' ' -f2`

echo
echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./build-key $c

echo "client " > /etc/openvpn/keys/$c.ovpn
echo "dev tun " >> /etc/openvpn/keys/$c.ovpn
echo "proto udp " >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn
echo "nobind " >> /etc/openvpn/keys/$c.ovpn
echo "persist-key " >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn
echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn

cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys

cd /etc/openvpn/keys/
tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn

echo
echo
echo "################################################"
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory "
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect."
echo "################################################"

else
echo "Invalid selection, quitting."
exit
fi
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

OpenVZ:Templates

Available Templates CentOS 5.5 32bit CentOS is an Enterprise-class Linux Distribution...
PPTP VPN Setup Guide for a Debian OpenVZ VPS

This guide is intended for those who want to set up a PPTP VPN on OpenVZ with Debian or Ubuntu on...