Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Just unify the code format

Browse source
This commit is contained in:
xiagw 2018-10-16 21:22:01 +08:00
parent 7cabdf79c6
commit 5cd7cfebc0
1 changed files with 338 additions and 337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
openvpn-install.sh
View file

@ -18,6 +18,7 @@ function tunAvailable () {
function checkOS() { function checkOS() {
if [[ -e /etc/debian_version ]]; then if [[ -e /etc/debian_version ]]; then
OS="debian" OS="debian"
# shellcheck disable=1091
source /etc/os-release source /etc/os-release
if [[ "$ID" == "debian" ]]; then if [[ "$ID" == "debian" ]]; then
@ -30,7 +31,7 @@ function checkOS () {
until [[ $CONTINUE =~ (y|n) ]]; do until [[ $CONTINUE =~ (y|n) ]]; do
read -rp "Continue? [y/n]: " -e CONTINUE read -rp "Continue? [y/n]: " -e CONTINUE
done done
if [[ "$CONTINUE" = "n" ]]; then if [[ "$CONTINUE" == "n" ]]; then
exit 1 exit 1
fi fi
fi fi
@ -45,7 +46,7 @@ function checkOS () {
until [[ $CONTINUE =~ (y|n) ]]; do until [[ $CONTINUE =~ (y|n) ]]; do
read -rp "Continue? [y/n]: " -e CONTINUE read -rp "Continue? [y/n]: " -e CONTINUE
done done
if [[ "$CONTINUE" = "n" ]]; then if [[ "$CONTINUE" == "n" ]]; then
exit 1 exit 1
fi fi
fi fi
@ -61,7 +62,7 @@ function checkOS () {
until [[ $CONTINUE =~ (y|n) ]]; do until [[ $CONTINUE =~ (y|n) ]]; do
read -rp "Continue anyway? [y/n]: " -e CONTINUE read -rp "Continue anyway? [y/n]: " -e CONTINUE
done done
if [[ "$CONTINUE" = "n" ]]; then if [[ "$CONTINUE" == "n" ]]; then
echo "Ok, bye!" echo "Ok, bye!"
exit 1 exit 1
fi fi
@ -101,7 +102,7 @@ hide-version: yes
use-caps-for-id: yes use-caps-for-id: yes
prefetch: yes' >>/etc/unbound/unbound.conf prefetch: yes' >>/etc/unbound/unbound.conf
elif [[ "$OS" = "centos" ]]; then elif [[ "$OS" == "centos" ]]; then
yum install -y unbound yum install -y unbound
# Configuration # Configuration
@ -111,7 +112,7 @@ prefetch: yes' >> /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
elif [[ "$OS" = "fedora" ]]; then elif [[ "$OS" == "fedora" ]]; then
dnf install -y unbound dnf install -y unbound
# Configuration # Configuration
@ -121,7 +122,7 @@ prefetch: yes' >> /etc/unbound/unbound.conf
sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
elif [[ "$OS" = "arch" ]]; then elif [[ "$OS" == "arch" ]]; then
pacman -Syu --noconfirm unbound pacman -Syu --noconfirm unbound
# Get root servers list # Get root servers list
@ -294,7 +295,7 @@ function installQuestions () {
until [[ $CONTINUE =~ (y|n) ]]; do until [[ $CONTINUE =~ (y|n) ]]; do
read -rp "Apply configuration changes to Unbound? [y/n]: " -e CONTINUE read -rp "Apply configuration changes to Unbound? [y/n]: " -e CONTINUE
done done
if [[ $CONTINUE = "n" ]];then if [[ $CONTINUE == "n" ]]; then
# Break the loop and cleanup # Break the loop and cleanup
unset DNS unset DNS
unset CONTINUE unset CONTINUE
@ -560,24 +561,24 @@ function installOpenVPN () {
apt-get update apt-get update
apt-get -y install ca-certificates gnupg apt-get -y install ca-certificates gnupg
# We add the OpenVPN repo to get the latest version. # We add the OpenVPN repo to get the latest version.
if [[ "$VERSION_ID" = "8" ]]; then if [[ "$VERSION_ID" == "8" ]]; then
echo "deb http://build.openvpn.net/debian/openvpn/stable jessie main" >/etc/apt/sources.list.d/openvpn.list echo "deb http://build.openvpn.net/debian/openvpn/stable jessie main" >/etc/apt/sources.list.d/openvpn.list
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add - wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
apt-get update apt-get update
fi fi
if [[ "$VERSION_ID" = "16.04" ]]; then if [[ "$VERSION_ID" == "16.04" ]]; then
echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" >/etc/apt/sources.list.d/openvpn.list echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" >/etc/apt/sources.list.d/openvpn.list
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add - wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
apt-get update apt-get update
fi fi
# Ubuntu > 16.04 and Debian > 8 have OpenVPN >= 2.4 without the need of a third party repository. # Ubuntu > 16.04 and Debian > 8 have OpenVPN >= 2.4 without the need of a third party repository.
apt-get install -y openvpn iptables openssl wget ca-certificates curl apt-get install -y openvpn iptables openssl wget ca-certificates curl
elif [[ "$OS" = 'centos' ]]; then elif [[ "$OS" == 'centos' ]]; then
yum install -y epel-release yum install -y epel-release
yum install -y openvpn iptables openssl wget ca-certificates curl yum install -y openvpn iptables openssl wget ca-certificates curl
elif [[ "$OS" = 'fedora' ]]; then elif [[ "$OS" == 'fedora' ]]; then
dnf install -y openvpn iptables openssl wget ca-certificates curl dnf install -y openvpn iptables openssl wget ca-certificates curl
elif [[ "$OS" = 'arch' ]]; then elif [[ "$OS" == 'arch' ]]; then
echo "" echo ""
echo "WARNING: As you're using ArchLinux, I need to update the packages on your system to install those I need." echo "WARNING: As you're using ArchLinux, I need to update the packages on your system to install those I need."
echo "Not doing that could cause problems between dependencies, or missing files in repositories (Arch Linux does not support partial upgrades)." echo "Not doing that could cause problems between dependencies, or missing files in repositories (Arch Linux does not support partial upgrades)."
@ -588,7 +589,7 @@ function installOpenVPN () {
until [[ $CONTINUE =~ (y|n) ]]; do until [[ $CONTINUE =~ (y|n) ]]; do
read -rp "Continue? [y/n]: " -e -iy CONTINUE read -rp "Continue? [y/n]: " -e -iy CONTINUE
done done
if [[ "$CONTINUE" = "n" ]]; then if [[ "$CONTINUE" == "n" ]]; then
echo "Exiting because user did not permit updating the system." echo "Exiting because user did not permit updating the system."
exit 4 exit 4
fi fi
@ -618,7 +619,7 @@ function installOpenVPN () {
chown -R root:root /etc/openvpn/easy-rsa/ chown -R root:root /etc/openvpn/easy-rsa/
rm -f ~/EasyRSA-nix-${version}.tgz rm -f ~/EasyRSA-nix-${version}.tgz
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/ || exit
case $CERT_TYPE in case $CERT_TYPE in
1) 1)
echo "set_var EASYRSA_ALGO ec" >vars echo "set_var EASYRSA_ALGO ec" >vars
@ -667,9 +668,9 @@ function installOpenVPN () {
# Generate server.conf # Generate server.conf
echo "port $PORT" >/etc/openvpn/server.conf echo "port $PORT" >/etc/openvpn/server.conf
if [[ "$IPV6_SUPPORT" = 'n' ]]; then if [[ "$IPV6_SUPPORT" == 'n' ]]; then
echo "proto $PROTOCOL" >>/etc/openvpn/server.conf echo "proto $PROTOCOL" >>/etc/openvpn/server.conf
elif [[ "$IPV6_SUPPORT" = 'y' ]]; then elif [[ "$IPV6_SUPPORT" == 'y' ]]; then
echo "proto ${PROTOCOL}6" >>/etc/openvpn/server.conf echo "proto ${PROTOCOL}6" >>/etc/openvpn/server.conf
fi fi
@ -741,7 +742,7 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp" ' >>/etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp" ' >>/etc/openvpn/server.conf
# IPv6 network settings if needed # IPv6 network settings if needed
if [[ "$IPV6_SUPPORT" = 'y' ]]; then if [[ "$IPV6_SUPPORT" == 'y' ]]; then
echo 'server-ipv6 fd42:42:42:42::/112 echo 'server-ipv6 fd42:42:42:42::/112
tun-ipv6 tun-ipv6
push tun-ipv6 push tun-ipv6
@ -787,7 +788,7 @@ verb 3" >> /etc/openvpn/server.conf
# Enable routing # Enable routing
echo 'net.ipv4.ip_forward=1' >>/etc/sysctl.d/20-openvpn.conf echo 'net.ipv4.ip_forward=1' >>/etc/sysctl.d/20-openvpn.conf
if [[ "$IPV6_SUPPORT" = 'y' ]]; then if [[ "$IPV6_SUPPORT" == 'y' ]]; then
echo 'net.ipv6.conf.all.forwarding=1' >>/etc/sysctl.d/20-openvpn.conf echo 'net.ipv6.conf.all.forwarding=1' >>/etc/sysctl.d/20-openvpn.conf
fi fi
# Avoid an unneeded reboot # Avoid an unneeded reboot
@ -803,7 +804,7 @@ verb 3" >> /etc/openvpn/server.conf
fi fi
# Finally, restart and enable OpenVPN # Finally, restart and enable OpenVPN
if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then if [[ "$OS" == 'arch' || "$OS" == 'fedora' ]]; then
# Don't modify package-provided service # Don't modify package-provided service
cp /usr/lib/systemd/system/openvpn-server@.service /etc/systemd/system/openvpn-server@.service cp /usr/lib/systemd/system/openvpn-server@.service /etc/systemd/system/openvpn-server@.service
@ -853,7 +854,7 @@ iptables -A FORWARD -i $NIC -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT iptables -A FORWARD -i tun0 -o $NIC -j ACCEPT
iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh iptables -A INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/add-openvpn-rules.sh
if [[ "$IPV6_SUPPORT" = 'y' ]]; then if [[ "$IPV6_SUPPORT" == 'y' ]]; then
echo "ip6tables -t nat -A POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE echo "ip6tables -t nat -A POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -A INPUT -i tun0 -j ACCEPT ip6tables -A INPUT -i tun0 -j ACCEPT
ip6tables -A FORWARD -i $NIC -o tun0 -j ACCEPT ip6tables -A FORWARD -i $NIC -o tun0 -j ACCEPT
@ -868,7 +869,7 @@ iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT
iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh iptables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >/etc/iptables/rm-openvpn-rules.sh
if [[ "$IPV6_SUPPORT" = 'y' ]]; then if [[ "$IPV6_SUPPORT" == 'y' ]]; then
echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE echo "ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -D INPUT -i tun0 -j ACCEPT ip6tables -D INPUT -i tun0 -j ACCEPT
ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
@ -905,9 +906,9 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service
# client-template.txt is created so we have a template to add further users later # client-template.txt is created so we have a template to add further users later
echo "client" >/etc/openvpn/client-template.txt echo "client" >/etc/openvpn/client-template.txt
if [[ "$PROTOCOL" = 'udp' ]]; then if [[ "$PROTOCOL" == 'udp' ]]; then
echo "proto udp" >>/etc/openvpn/client-template.txt echo "proto udp" >>/etc/openvpn/client-template.txt
elif [[ "$PROTOCOL" = 'tcp' ]]; then elif [[ "$PROTOCOL" == 'tcp' ]]; then
echo "proto tcp-client" >>/etc/openvpn/client-template.txt echo "proto tcp-client" >>/etc/openvpn/client-template.txt
fi fi
echo "remote $IP $PORT echo "remote $IP $PORT
@ -1019,7 +1020,7 @@ function newClient () {
function revokeClient() { function revokeClient() {
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then if [[ "$NUMBEROFCLIENTS" == '0' ]]; then
echo "" echo ""
echo "You have no existing clients!" echo "You have no existing clients!"
exit 1 exit 1
@ -1028,14 +1029,14 @@ function revokeClient () {
echo "" echo ""
echo "Select the existing client certificate you want to revoke" echo "Select the existing client certificate you want to revoke"
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
if [[ "$NUMBEROFCLIENTS" = '1' ]]; then if [[ "$NUMBEROFCLIENTS" == '1' ]]; then
read -rp "Select one client [1]: " CLIENTNUMBER read -rp "Select one client [1]: " CLIENTNUMBER
else else
read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
fi fi
CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/ || exit
./easyrsa --batch revoke "$CLIENT" ./easyrsa --batch revoke "$CLIENT"
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Cleanup # Cleanup
@ -1065,17 +1066,17 @@ function removeUnbound () {
read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND read -rp "Do you want to completely remove Unbound? [y/n]: " -e REMOVE_UNBOUND
done done
if [[ "$REMOVE_UNBOUND" = 'y' ]]; then if [[ "$REMOVE_UNBOUND" == 'y' ]]; then
# Stop Unbound # Stop Unbound
systemctl stop unbound systemctl stop unbound
if [[ "$OS" =~ (debian|ubuntu) ]]; then if [[ "$OS" =~ (debian|ubuntu) ]]; then
apt-get autoremove --purge -y unbound apt-get autoremove --purge -y unbound
elif [[ "$OS" = 'arch' ]]; then elif [[ "$OS" == 'arch' ]]; then
pacman --noconfirm -R unbound pacman --noconfirm -R unbound
elif [[ "$OS" = 'centos' ]]; then elif [[ "$OS" == 'centos' ]]; then
yum remove -y unbound yum remove -y unbound
elif [[ "$OS" = 'fedora' ]]; then elif [[ "$OS" == 'fedora' ]]; then
dnf remove -y unbound dnf remove -y unbound
fi fi
@ -1092,7 +1093,7 @@ function removeUnbound () {
function removeOpenVPN() { function removeOpenVPN() {
echo "" echo ""
read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -in REMOVE read -rp "Do you really want to remove OpenVPN? [y/n]: " -e -in REMOVE
if [[ "$REMOVE" = 'y' ]]; then if [[ "$REMOVE" == 'y' ]]; then
# Get OpenVPN port from the configuration # Get OpenVPN port from the configuration
PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2) PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
@ -1136,11 +1137,11 @@ function removeOpenVPN () {
rm /etc/apt/sources.list.d/openvpn.list rm /etc/apt/sources.list.d/openvpn.list
apt-get update apt-get update
fi fi
elif [[ "$OS" = 'arch' ]]; then elif [[ "$OS" == 'arch' ]]; then
pacman --noconfirm -R openvpn pacman --noconfirm -R openvpn
elif [[ "$OS" = 'centos' ]]; then elif [[ "$OS" == 'centos' ]]; then
yum remove -y openvpn yum remove -y openvpn
elif [[ "$OS" = 'fedora' ]]; then elif [[ "$OS" == 'fedora' ]]; then
dnf remove -y openvpn dnf remove -y openvpn
fi fi