# !/bin/sh

# OPENVPN SERVER CONFIGURATION
echo "####################################"
echo "OPENVPN SERVER CONFIGURATION"
echo "####################################"

NETTYPE=`cat /etc/sysconfig/network |grep 'GATEWAYDEV' |sed 's/GATEWAYDEV=//g;s/"//g'`
if [ "$NETTYPE" = "eth0" ]; then
echo "Sorry, this script doesn't support your vps."
exit 1
fi
if [ "$NETTYPE" = "" ]; then
echo -n "Enter your server IP : "
read -e SERVERIP
fi
if [ "$NETTYPE" = "venet0" ]; then
SERVERIP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
echo "Your server IP is $SERVERIP, Is that right? [y/n]: "
read -e IPSET
fi
if [ "$IPSET" = "n" ]; then
echo -n "Enter your server IP : "
read -e SERVERIP
fi
echo "=================================="
echo Your server IP is "$SERVERIP"
echo "=================================="

SERVERPORT="443"
echo -n "Enter VPN Server Port : "
read -p "(Default : 443):" SERVERPORT
if [ "$SERVERPORT" = "" ]; then
SERVERPORT="443"
fi
echo "=================================="
echo VPN Server Port is "$SERVERPORT"
echo "=================================="

CLIENTNAME="client1"
echo -n "Enter new client name : "
read -p "(Default : client1):" CLIENTNAME
if [ "$CLIENTNAME" = "" ]; then
CLIENTNAME="client1"
fi
echo "=================================="
echo Client Name is "$CLIENTNAME"
echo "=================================="

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.2-2.el5.rf.i386.rpm

yum -y install openssl openssl-devel
yum -y install openvpn
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars

echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key $CLIENTNAME
cd keys/

serverudp="
local $SERVERIP
port $SERVERPORT
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 4.2.2.1\"
keepalive 10 120
comp-lzo
persist-key
persist-tun"

echo "$serverudp" > /etc/openvpn/server-udp.conf

servertcp="
local $SERVERIP
port $SERVERPORT
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.9.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 4.2.2.1\"
keepalive 10 120
comp-lzo
persist-key
persist-tun"

echo "$servertcp" > /etc/openvpn/server-tcp.conf

clientudp="
client
remote $SERVERIP $SERVERPORT
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $CLIENTNAME.crt
key $CLIENTNAME.key
ns-cert-type server
comp-lzo
redirect-gateway def1
route-delay 2
route-method exe
verb 3"

echo "$clientudp" > $CLIENTNAME-udp.ovpn

clienttcp="
client
remote $SERVERIP $SERVERPORT
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $CLIENTNAME.crt
key $CLIENTNAME.key
ns-cert-type server
comp-lzo
redirect-gateway def1
route-delay 2
route-method exe
verb 3"

echo "$clienttcp" > $CLIENTNAME-tcp.ovpn

tar czf keys.tgz ca.crt ca.key $CLIENTNAME.crt $CLIENTNAME.csr $CLIENTNAME.key $CLIENTNAME-tcp.ovpn $CLIENTNAME-udp.ovpn
mv keys.tgz /root/OpenVPN-$CLIENTNAME-tcp-udp.tgz

echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 4.2.2.1" >> /etc/resolv.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $SERVERIP
/sbin/iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -j SNAT --to-source $SERVERIP
iptables-save > /etc/sysconfig/iptables
/etc/rc.d/init.d/iptables save
/etc/init.d/iptables restart
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p

clear

/etc/init.d/openvpn start

echo "OpenVPN has been installed
Download /root/openvpn-client-tcp-udp.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of /root/openvpn-client-tcp-udp.tgz there"

标签: none