From f417b50be95b5c6e280031099ce0c1cf7cfe1d97 Mon Sep 17 00:00:00 2001 From: Satori Hoshi-Aiko Date: Thu, 29 Sep 2022 08:29:23 +0100 Subject: [PATCH] Update openvpn-install.sh Thanks to @nyr for the best script. Just added a few touches as a Kali Debian user, as well as the introduction of duplicate-cn in the server.conf This helps to add Kali support (but breaks Pre Debian 9, so be careful. Ideally, We are well past using Debian 8 or lower though, all honesty. We could almost call it deprecated except for the backwards compatibility, so be forewarned. The duplicate-cn in servers.conf is something that should be there anyway, I don't see the average person only wishing to make a single connection without breaking the rest of their connections. If I try to add this to a second device, I can block the original from using the tunnel. While we can create separate tunnels, this one flag is sufficient to allow the multiple connections we need from other locations. Obviously that is bad for IPsec, because anyone that gets ahold of the servers.conf can have open access to your server of linux host. That is the case anyway, so you really don't want to let your .ovpn get out of your hands. Adding multiple connection effectively broadens the ability for this leaks to become threatening. Personally, I trust how I store this information, and handle it very carefully, where it isn't already well place in the /root directory anyway. I transfer the .ovpn over an SFTP tunnel, and store it on an encrypted drive in case I need it later. Absolutely wonderful to have this script!! I am able to use this server's IP address and tunnel other servers' outbound traffic while also use the same VPN at home. I don't pay for a VPN anymore, but being able to use it and also re-use it simultaneously is, well, amazing. MY server is a 64GB RAM 12 CPU, and is now my beautiful security OS (Kali, with a lot of custom fireballing, etc) and I can traffic all my connection to my 'work' IP address when desired. This script worked well in comparison to some other examples I tried. I can install it on a VPN router and select devices to traffic to work. And my other server also can reuse it, to proxy one server connection as another, while still being able to have the VPN at home on our router. I hope these changes were helpful. @SatoriHoshiAiko --- openvpn-install.sh | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 815031e..fa45bf0 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -49,12 +49,14 @@ if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then This version of Ubuntu is too old and unsupported." exit fi - -if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then - echo "Debian 9 or higher is required to use this installer. -This version of Debian is too old and unsupported." - exit -fi +################################################################################################################ +# WE COMMENTED OUT THIS LINE TO BYPASS DEBIAN VERSION CHECKS THAT KALI DOESN'T MATCH (IT STILL WORKS THE SAME) # +################################################################################################################ +#if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then +# echo "Debian 9 or higher is required to use this installer. +#This version of Debian is too old and unsupported." +# exit +#fi if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then echo "CentOS 7 or higher is required to use this installer. @@ -264,6 +266,14 @@ YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== -----END DH PARAMETERS-----' > /etc/openvpn/server/dh.pem + +################################################################ +# HERE WE ADDED "duplicate-cn" TO PREVENT EXTRA CLIENTS FROM # +# CAUSING THE ORIGINAL CONNECTION TO DROP. "duplicate-cn" in # +# THE Server.conf HELP TO VERIFY MULTIPLE CLIENTS AS PER THE. # +# STANDARD OpenVPN USAGE. JUST ONE LINE LET'S YOU MAKE SEVERAL # +# CONNECTIONS, Home, Work, Office, Router, Phone, etc. ENJOY! # +################################################################ # Generate server.conf echo "local $ip port $port