mirror of
https://github.com/Nyr/openvpn-install.git
synced 2025-04-04 21:23:31 +03:00
Merge branch 'Nyr:master' into master
This commit is contained in:
simopunkc
GitHub
commit
471931c324
2 changed files with 14 additions and 14 deletions
|
|
@ -13,7 +13,7 @@ Run the script and follow the assistant:
|
|||
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
|
||||
|
||||
### I want to run my own VPN but don't have a server for that
|
||||
You can get a VPS from just $1/month at [VirMach](https://billing.virmach.com/aff.php?aff=4109&url=billing.virmach.com/cart.php?gid=18).
|
||||
You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422).
|
||||
|
||||
### Donations
|
||||
|
||||
|
|
|
|||
|
|
@ -227,7 +227,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
|
|||
fi
|
||||
if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then
|
||||
apt-get update
|
||||
apt-get install -y openvpn openssl ca-certificates $firewall
|
||||
apt-get install -y --no-install-recommends openvpn openssl ca-certificates $firewall
|
||||
elif [[ "$os" = "centos" ]]; then
|
||||
yum install -y epel-release
|
||||
yum install -y openvpn openssl ca-certificates tar $firewall
|
||||
|
|
@ -240,17 +240,17 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
|
|||
systemctl enable --now firewalld.service
|
||||
fi
|
||||
# Get easy-rsa
|
||||
easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.0/EasyRSA-3.1.0.tgz'
|
||||
easy_rsa_url='https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.1/EasyRSA-3.1.1.tgz'
|
||||
mkdir -p /etc/openvpn/server/easy-rsa/
|
||||
{ wget -qO- "$easy_rsa_url" 2>/dev/null || curl -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1
|
||||
chown -R root:root /etc/openvpn/server/easy-rsa/
|
||||
cd /etc/openvpn/server/easy-rsa/
|
||||
# Create the PKI, set up the CA and the server and client certificates
|
||||
./easyrsa init-pki
|
||||
./easyrsa --batch init-pki
|
||||
./easyrsa --batch build-ca nopass
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
|
||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||
./easyrsa --batch --days=3650 build-server-full server nopass
|
||||
./easyrsa --batch --days=3650 build-client-full "$client" nopass
|
||||
./easyrsa --batch --days=3650 gen-crl
|
||||
# Move the stuff we need
|
||||
cp pki/ca.crt pki/private/ca.key pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn/server
|
||||
# CRL is read with each client connection, while OpenVPN is dropped to nobody
|
||||
|
|
@ -294,13 +294,13 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
|
|||
1|"")
|
||||
# Locate the proper resolv.conf
|
||||
# Needed for systems running systemd-resolved
|
||||
if grep -q '^nameserver 127.0.0.53' "/etc/resolv.conf"; then
|
||||
resolv_conf="/run/systemd/resolve/resolv.conf"
|
||||
else
|
||||
if grep '^nameserver' "/etc/resolv.conf" | grep -qv '127.0.0.53' ; then
|
||||
resolv_conf="/etc/resolv.conf"
|
||||
else
|
||||
resolv_conf="/run/systemd/resolve/resolv.conf"
|
||||
fi
|
||||
# Obtain the resolvers from resolv.conf and use them for OpenVPN
|
||||
grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | while read line; do
|
||||
grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -v '127.0.0.53' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | while read line; do
|
||||
echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server/server.conf
|
||||
done
|
||||
;;
|
||||
|
|
@ -325,6 +325,7 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
|
|||
echo 'push "dhcp-option DNS 94.140.15.15"' >> /etc/openvpn/server/server.conf
|
||||
;;
|
||||
esac
|
||||
echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf
|
||||
echo "keepalive 10 120
|
||||
cipher AES-256-CBC
|
||||
user nobody
|
||||
|
|
@ -428,7 +429,6 @@ remote-cert-tls server
|
|||
auth SHA512
|
||||
cipher AES-256-CBC
|
||||
ignore-unknown-option block-outside-dns
|
||||
block-outside-dns
|
||||
verb 3" > /etc/openvpn/server/client-common.txt
|
||||
# Enable and start the OpenVPN service
|
||||
systemctl enable --now openvpn-server@server.service
|
||||
|
|
@ -465,7 +465,7 @@ else
|
|||
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
|
||||
done
|
||||
cd /etc/openvpn/server/easy-rsa/
|
||||
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
|
||||
./easyrsa --batch --days=3650 build-client-full "$client" nopass
|
||||
# Generates the custom client.ovpn
|
||||
new_client
|
||||
echo
|
||||
|
|
@ -499,7 +499,7 @@ else
|
|||
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
||||
cd /etc/openvpn/server/easy-rsa/
|
||||
./easyrsa --batch revoke "$client"
|
||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||
./easyrsa --batch --days=3650 gen-crl
|
||||
rm -f /etc/openvpn/server/crl.pem
|
||||
cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem
|
||||
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue