diff --git a/openvpn-install.sh b/openvpn-install.sh index 23f0776..c26ff23 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1,11 +1,5 @@ #!/bin/bash -# OpenVPN road warrior installer for Debian, Ubuntu and CentOS - -# This script will work on Debian, Ubuntu, CentOS and probably other distros -# of the same families, although no support is offered for them. It isn't -# bulletproof but it will probably work if you simply want to setup a VPN on -# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and -# universal as possible. +# OpenVPN road warrior installer for Debian and Ubuntu # Detect Debian users running the script with "sh" instead of bash @@ -25,20 +19,12 @@ You need to enable TUN before running this script" exit 3 fi -if grep -qs "CentOS release 5" "/etc/redhat-release"; then - echo "CentOS 5 is too old and not supported" - exit 4 -fi if [[ -e /etc/debian_version ]]; then OS=debian GROUPNAME=nogroup RCLOCAL='/etc/rc.local' -elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then - OS=centos - GROUPNAME=nobody - RCLOCAL='/etc/rc.d/rc.local' else - echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" + echo "Looks like you aren't running this installer on Debian or Ubuntu" exit 5 fi @@ -165,11 +151,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then fi fi fi - if [[ "$OS" = 'debian' ]]; then - apt-get remove --purge -y openvpn libpam-google-authenticator - else - yum remove openvpn -y - fi + apt-get remove --purge -y openvpn libpam-google-authenticator rm -rf /etc/openvpn echo "" echo "OpenVPN removed!" @@ -224,15 +206,9 @@ else echo "" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" read -n1 -r -p "Press any key to continue..." - if [[ "$OS" = 'debian' ]]; then - apt-get update - apt-get install openvpn iptables openssl ca-certificates -y - apt-get install libqrencode3 libpam-google-authenticator -y - else - # Else, the distro is CentOS - yum install epel-release -y - yum install openvpn iptables openssl wget ca-certificates -y - fi + apt-get update + apt-get install openvpn iptables openssl ca-certificates -y + apt-get install libqrencode3 libpam-google-authenticator -y # An old version of easy-rsa was available by default in some openvpn packages if [[ -d /etc/openvpn/easy-rsa/ ]]; then rm -rf /etc/openvpn/easy-rsa/ @@ -345,7 +321,7 @@ plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn" >> /etc/openvpn/serv firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP else # Needed to use rc.local with some systemd distros - if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then + if [[ ! -e $RCLOCAL ]]; then echo '#!/bin/sh -e exit 0' > $RCLOCAL fi @@ -365,34 +341,12 @@ exit 0' > $RCLOCAL sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL fi fi - # If SELinux is enabled and a custom port or TCP was selected, we need this - if hash sestatus 2>/dev/null; then - if sestatus | grep "Current mode" | grep -qs "enforcing"; then - if [[ "$PORT" != '1194' || "$PROTOCOL" = 'tcp' ]]; then - # semanage isn't available in CentOS 6 by default - if ! hash semanage 2>/dev/null; then - yum install policycoreutils-python -y - fi - semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT - fi - fi - fi # And finally, restart OpenVPN - if [[ "$OS" = 'debian' ]]; then - # Little hack to check for systemd - if pgrep systemd-journal; then - systemctl restart openvpn@server.service - else - /etc/init.d/openvpn restart - fi + # Little hack to check for systemd + if pgrep systemd-journal; then + systemctl restart openvpn@server.service else - if pgrep systemd-journal; then - systemctl restart openvpn@server.service - systemctl enable openvpn@server.service - else - service openvpn restart - chkconfig openvpn on - fi + /etc/init.d/openvpn restart fi # Try to detect a NATed connection and ask about it to potential LowEndSpirit users EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/")