Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Indent case and other improvements

Browse source
This commit is contained in:
angristan 2018-09-17 15:07:18 +02:00
parent fa7df5dca4
commit 3fc3fa42ab
1 changed files with 134 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

266
openvpn-install.sh
View file

@ -89,7 +89,7 @@ function installEasyRsa () {
rm -f ~/EasyRSA-${version}.tgz rm -f ~/EasyRSA-${version}.tgz
} }
function newclient () { function newClient () {
echo "" echo ""
echo "Do you want to protect the configuration file with a password?" echo "Do you want to protect the configuration file with a password?"
echo "(e.g. encrypt the private key with a password)" echo "(e.g. encrypt the private key with a password)"
@ -111,11 +111,11 @@ function newclient () {
cd /etc/openvpn/easy-rsa/ || return cd /etc/openvpn/easy-rsa/ || return
case $pass in case $pass in
1) 1)
./easyrsa build-client-full $client nopass ./easyrsa build-client-full $client nopass
;; ;;
2) 2)
echo "⚠️ You will be asked for the client password below ⚠️" echo "⚠️ You will be asked for the client password below ⚠️"
./easyrsa build-client-full $client ./easyrsa build-client-full $client
;; ;;
esac esac
@ -253,117 +253,119 @@ if [[ -e /etc/openvpn/server.conf ]]; then
case $option in case $option in
1) 1)
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient newclient
;; ;;
2) 2)
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
echo ""
echo "You have no existing clients!"
exit 5
fi
echo "" echo ""
echo "You have no existing clients!" echo "Select the existing client certificate you want to revoke"
exit 5 tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
fi if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
read -rp "Select one client [1]: " CLIENTNUMBER
else
read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
fi
echo "" CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
echo "Select the existing client certificate you want to revoke" cd /etc/openvpn/easy-rsa/
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' ./easyrsa --batch revoke $CLIENT
if [[ "$NUMBEROFCLIENTS" = '1' ]]; then EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
read -rp "Select one client [1]: " CLIENTNUMBER rm -f pki/reqs/$CLIENT.req
else rm -f pki/private/$CLIENT.key
read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER rm -f pki/issued/$CLIENT.crt
fi rm -f /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem
rm -f $(find /home -maxdepth 2 | grep $CLIENT.ovpn) 2>/dev/null
rm -f /root/$CLIENT.ovpn 2>/dev/null
CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) echo ""
cd /etc/openvpn/easy-rsa/ echo "Certificate for client $CLIENT revoked"
./easyrsa --batch revoke $CLIENT echo "Exiting..."
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl exit
rm -f pki/reqs/$CLIENT.req
rm -f pki/private/$CLIENT.key
rm -f pki/issued/$CLIENT.crt
rm -f /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem
rm -f $(find /home -maxdepth 2 | grep $CLIENT.ovpn) 2>/dev/null
rm -f /root/$CLIENT.ovpn 2>/dev/null
echo ""
echo "Certificate for client $CLIENT revoked"
echo "Exiting..."
exit
;; ;;
3) 3)
echo "" echo ""
read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -i n REMOVE
if [[ "$REMOVE" = 'y' ]]; then if [[ "$REMOVE" = 'y' ]]; then
PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2) PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
# Remove ipatbles rules related to the script # Remove ipatbles rules related to the script
systemctl stop iptables-openvpn systemctl stop iptables-openvpn
# Cleanup # Cleanup
systemctl disable iptables-openvpn systemctl disable iptables-openvpn
rm /etc/systemd/system/iptables-openvpn.service rm /etc/systemd/system/iptables-openvpn.service
systemctl daemon-reload systemctl daemon-reload
rm /etc/iptables/add-openvpn-rules.sh rm /etc/iptables/add-openvpn-rules.sh
rm /etc/iptables/rm-openvpn-rules.sh rm /etc/iptables/rm-openvpn-rules.sh
if hash sestatus 2>/dev/null; then if hash sestatus 2>/dev/null; then
if sestatus | grep "Current mode" | grep -qs "enforcing"; then if sestatus | grep "Current mode" | grep -qs "enforcing"; then
if [[ "$PORT" != '1194' ]]; then if [[ "$PORT" != '1194' ]]; then
semanage port -d -t openvpn_port_t -p udp $PORT semanage port -d -t openvpn_port_t -p udp $PORT
fi
fi fi
fi fi
fi if [[ "$OS" = 'debian' ]]; then
if [[ "$OS" = 'debian' ]]; then apt-get autoremove --purge -y openvpn
apt-get autoremove --purge -y openvpn
else
yum remove openvpn -y
fi
OVPNS=$(ls /etc/openvpn/easy-rsa/pki/issued | awk -F "." {'print $1'})
for i in $OVPNS;do
rm $(find /home -maxdepth 2 | grep $i.ovpn) 2>/dev/null
rm /root/$i.ovpn 2>/dev/null
done
rm -rf /etc/openvpn
rm -rf /usr/share/doc/openvpn*
rm -f /etc/sysctl.d/20-openvpn.conf
if [[ -e /etc/unbound/openvpn.conf ]]; then
# Remove OpenVPN-related config
sed -i 's|include: \/etc\/unbound\/openvpn.conf||' /etc/unbound/unbound.conf
rm /etc/unbound/openvpn.conf
service unbound restart
until [[ $REMOVE_UNBOUND == "y" || $REMOVE_UNBOUND == "n" ]]; do
echo ""
echo "If you were already using Unbound before installing OpenVPN, I removed the configuration related to OpenVPN."
echo "You can keep using Unbound as before."
read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
done
if [[ "$REMOVE_UNBOUND" = 'y' ]]; then
if [[ "$OS" = 'debian' ]]; then
apt-get autoremove --purge -y unbound
else
yum remove unbound -y
fi
echo ""
echo "Unbound removed!"
else else
echo "" yum remove openvpn -y
echo "Unbound not removed!"
fi fi
OVPNS=$(ls /etc/openvpn/easy-rsa/pki/issued | awk -F "." {'print $1'})
for i in $OVPNS;do
rm $(find /home -maxdepth 2 | grep $i.ovpn) 2>/dev/null
rm /root/$i.ovpn 2>/dev/null
done
rm -rf /etc/openvpn
rm -rf /usr/share/doc/openvpn*
rm -f /etc/sysctl.d/20-openvpn.conf
if [[ -e /etc/unbound/openvpn.conf ]]; then
# Remove OpenVPN-related config
sed -i 's|include: \/etc\/unbound\/openvpn.conf||' /etc/unbound/unbound.conf
rm /etc/unbound/openvpn.conf
service unbound restart
until [[ $REMOVE_UNBOUND == "y" || $REMOVE_UNBOUND == "n" ]]; do
echo ""
echo "If you were already using Unbound before installing OpenVPN, I removed the configuration related to OpenVPN."
echo "You can keep using Unbound as before."
read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
done
if [[ "$REMOVE_UNBOUND" = 'y' ]]; then
if [[ "$OS" = 'debian' ]]; then
apt-get autoremove --purge -y unbound
else
yum remove unbound -y
fi
echo ""
echo "Unbound removed!"
else
echo ""
echo "Unbound not removed!"
fi
fi
echo ""
echo "OpenVPN removed!"
else
echo ""
echo "Removal aborted!"
fi fi
echo "" exit
echo "OpenVPN removed!" ;;
else 4)
echo "" exit
echo "Removal aborted!"
fi
exit
;; ;;
4) exit;;
esac esac
done done
else else
@ -482,25 +484,25 @@ else
done done
case $CIPHER in case $CIPHER in
1) 1)
CIPHER="cipher AES-128-CBC" CIPHER="cipher AES-128-CBC"
;; ;;
2) 2)
CIPHER="cipher AES-192-CBC" CIPHER="cipher AES-192-CBC"
;; ;;
3) 3)
CIPHER="cipher AES-256-CBC" CIPHER="cipher AES-256-CBC"
;; ;;
4) 4)
CIPHER="cipher CAMELLIA-128-CBC" CIPHER="cipher CAMELLIA-128-CBC"
;; ;;
5) 5)
CIPHER="cipher CAMELLIA-192-CBC" CIPHER="cipher CAMELLIA-192-CBC"
;; ;;
6) 6)
CIPHER="cipher CAMELLIA-256-CBC" CIPHER="cipher CAMELLIA-256-CBC"
;; ;;
7) 7)
CIPHER="cipher SEED-CBC" CIPHER="cipher SEED-CBC"
;; ;;
esac esac
echo "" echo ""
@ -513,13 +515,13 @@ else
done done
case $DH_KEY_SIZE in case $DH_KEY_SIZE in
1) 1)
DH_KEY_SIZE="2048" DH_KEY_SIZE="2048"
;; ;;
2) 2)
DH_KEY_SIZE="3072" DH_KEY_SIZE="3072"
;; ;;
3) 3)
DH_KEY_SIZE="4096" DH_KEY_SIZE="4096"
;; ;;
esac esac
echo "" echo ""
@ -532,13 +534,13 @@ else
done done
case $RSA_KEY_SIZE in case $RSA_KEY_SIZE in
1) 1)
RSA_KEY_SIZE="2048" RSA_KEY_SIZE="2048"
;; ;;
2) 2)
RSA_KEY_SIZE="3072" RSA_KEY_SIZE="3072"
;; ;;
3) 3)
RSA_KEY_SIZE="4096" RSA_KEY_SIZE="4096"
;; ;;
esac esac
echo "" echo ""
@ -726,41 +728,41 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
done done
;; ;;
2) 2)
# Install Unbound # Install Unbound
installLocalDNS installLocalDNS
echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
;; ;;
3) # Cloudflare 3) # Cloudflare
echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf
;; ;;
4) # Quad9 4) # Quad9
echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 149.112.112.112"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 149.112.112.112"' >> /etc/openvpn/server.conf
;; ;;
5) # FDN 5) # FDN
echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf
;; ;;
6) # DNS.WATCH 6) # DNS.WATCH
echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
;; ;;
7) # OpenDNS 7) # OpenDNS
echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
;; ;;
8) # Google 8) # Google
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
;; ;;
9) # Yandex Basic 9) # Yandex Basic
echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
;; ;;
10) # AdGuard DNS 10) # AdGuard DNS
echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
;; ;;
esac esac
echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf
@ -882,4 +884,4 @@ verb 3" >> /etc/openvpn/client-template.txt
newclient newclient
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, you simply need to run this script another time!"
fi fi
exit 0; exit 0