original-script
This commit is contained in:
simono41
parent
85068b5532
commit
75faa3a87e
1 changed files with 569 additions and 576 deletions
|
|
@ -1,7 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS and Arch Linux
|
# Secure OpenVPN server installer for Debian, Ubuntu, CentOS and Arch Linux
|
||||||
# https://github.com/Angristan/OpenVPN-install
|
# https://github.com/Angristan/OpenVPN-install
|
||||||
|
|
||||||
|
|
@ -89,7 +87,7 @@ if [[ "$IP" = "" ]]; then
|
||||||
IP=$(wget -qO- ipv4.icanhazip.com)
|
IP=$(wget -qO- ipv4.icanhazip.com)
|
||||||
fi
|
fi
|
||||||
# Get Internet network interface with default route
|
# Get Internet network interface with default route
|
||||||
NIC=$(ip -4 route ls | grep default -m 1 | grep -Po '(?<=dev )(\S+)' | head -1)
|
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
|
||||||
|
|
||||||
if [[ -e /etc/openvpn/server.conf ]]; then
|
if [[ -e /etc/openvpn/server.conf ]]; then
|
||||||
while :
|
while :
|
||||||
|
|
@ -222,15 +220,16 @@ else
|
||||||
done
|
done
|
||||||
echo ""
|
echo ""
|
||||||
echo "What DNS do you want to use with the VPN?"
|
echo "What DNS do you want to use with the VPN?"
|
||||||
echo " 1) Current system resolvers (in /etc/resolv.conf)"
|
echo " 1) Current system resolvers (from /etc/resolv.conf)"
|
||||||
echo " 2) FDN (France)"
|
echo " 2) Quad9 (Anycast: worldwide)"
|
||||||
echo " 3) DNS.WATCH (Germany)"
|
echo " 3) FDN (France)"
|
||||||
echo " 4) OpenDNS (Anycast: worldwide)"
|
echo " 4) DNS.WATCH (Germany)"
|
||||||
echo " 5) Google (Anycast: worldwide)"
|
echo " 5) OpenDNS (Anycast: worldwide)"
|
||||||
echo " 6) Yandex Basic (Russia)"
|
echo " 6) Google (Anycast: worldwide)"
|
||||||
echo " 7) AdGuard DNS (Russia)"
|
echo " 7) Yandex Basic (Russia)"
|
||||||
while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" ]]; do
|
echo " 8) AdGuard DNS (Russia)"
|
||||||
read -p "DNS [1-7]: " -e -i 1 DNS
|
while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" && $DNS != "8" ]]; do
|
||||||
|
read -p "DNS [1-8]: " -e -i 1 DNS
|
||||||
done
|
done
|
||||||
echo ""
|
echo ""
|
||||||
echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about "
|
echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about "
|
||||||
|
|
@ -248,9 +247,8 @@ else
|
||||||
echo " 5) CAMELLIA-192-CBC"
|
echo " 5) CAMELLIA-192-CBC"
|
||||||
echo " 6) CAMELLIA-256-CBC"
|
echo " 6) CAMELLIA-256-CBC"
|
||||||
echo " 7) SEED-CBC"
|
echo " 7) SEED-CBC"
|
||||||
echo " 8) BF-CBC"
|
|
||||||
while [[ $CIPHER != "1" && $CIPHER != "2" && $CIPHER != "3" && $CIPHER != "4" && $CIPHER != "5" && $CIPHER != "6" && $CIPHER != "7" ]]; do
|
while [[ $CIPHER != "1" && $CIPHER != "2" && $CIPHER != "3" && $CIPHER != "4" && $CIPHER != "5" && $CIPHER != "6" && $CIPHER != "7" ]]; do
|
||||||
read -p "Cipher [1-8]: " -e -i 1 CIPHER
|
read -p "Cipher [1-7]: " -e -i 1 CIPHER
|
||||||
done
|
done
|
||||||
case $CIPHER in
|
case $CIPHER in
|
||||||
1)
|
1)
|
||||||
|
|
@ -274,8 +272,6 @@ else
|
||||||
7)
|
7)
|
||||||
CIPHER="cipher SEED-CBC"
|
CIPHER="cipher SEED-CBC"
|
||||||
;;
|
;;
|
||||||
8) CIPHER="cipher BF-CBC"
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
echo ""
|
echo ""
|
||||||
echo "Choose what size of Diffie-Hellman key you want to use:"
|
echo "Choose what size of Diffie-Hellman key you want to use:"
|
||||||
|
|
@ -496,8 +492,7 @@ persist-tun
|
||||||
keepalive 10 120
|
keepalive 10 120
|
||||||
topology subnet
|
topology subnet
|
||||||
server 10.8.0.0 255.255.255.0
|
server 10.8.0.0 255.255.255.0
|
||||||
duplicate-cn
|
ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
|
||||||
push \"route 10.8.0.0 255.255.255.0\"" >> /etc/openvpn/server.conf
|
|
||||||
# DNS resolvers
|
# DNS resolvers
|
||||||
case $DNS in
|
case $DNS in
|
||||||
1)
|
1)
|
||||||
|
|
@ -506,27 +501,30 @@ push \"route 10.8.0.0 255.255.255.0\"" >> /etc/openvpn/server.conf
|
||||||
echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
|
echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
2) #FDN
|
2) #Quad9
|
||||||
|
echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf
|
||||||
|
;;
|
||||||
|
3) #FDN
|
||||||
echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
3) #DNS.WATCH
|
4) #DNS.WATCH
|
||||||
echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 84.200.70.40"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
4) #OpenDNS
|
5) #OpenDNS
|
||||||
echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
5) #Google
|
6) #Google
|
||||||
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
6) #Yandex Basic
|
7) #Yandex Basic
|
||||||
echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
7) #AdGuard DNS
|
8) #AdGuard DNS
|
||||||
echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
|
||||||
echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
|
echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
|
||||||
;;
|
;;
|
||||||
|
|
@ -540,7 +538,6 @@ tls-auth tls-auth.key 0
|
||||||
dh dh.pem
|
dh dh.pem
|
||||||
auth SHA256
|
auth SHA256
|
||||||
$CIPHER
|
$CIPHER
|
||||||
comp-lzo
|
|
||||||
tls-server
|
tls-server
|
||||||
tls-version-min 1.2
|
tls-version-min 1.2
|
||||||
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
||||||
|
|
@ -620,8 +617,6 @@ verb 3" >> /etc/openvpn/server.conf
|
||||||
systemctl restart openvpn-server@openvpn.service
|
systemctl restart openvpn-server@openvpn.service
|
||||||
systemctl enable openvpn-server@openvpn.service
|
systemctl enable openvpn-server@openvpn.service
|
||||||
else
|
else
|
||||||
sed -i 's|LimitNPROC|#LimitNPROC|' /lib/systemd/system/openvpn\@.service
|
|
||||||
systemctl daemon-reload
|
|
||||||
systemctl restart openvpn@server.service
|
systemctl restart openvpn@server.service
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -629,11 +624,10 @@ verb 3" >> /etc/openvpn/server.conf
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if pgrep systemd-journal; then
|
if pgrep systemd-journal; then
|
||||||
if [[ "$OS" = 'arch' ]] || [[ "$VERSION_ID" = 'VERSION_ID="16.04"' ]]; then
|
if [[ "$OS" = 'arch' ]]; then
|
||||||
#Workaround to avoid rewriting the entire script for Arch
|
#Workaround to avoid rewriting the entire script for Arch
|
||||||
sed -i 's|LimitNPROC|#LimitNPROC|' /usr/lib/systemd/system/openvpn-server\@.service
|
sed -i 's|/etc/openvpn/server|/etc/openvpn|' /usr/lib/systemd/system/openvpn-server@.service
|
||||||
sed -i 's|/etc/openvpn/server|/etc/openvpn|' /usr/lib/systemd/system/openvpn-server\@.service
|
sed -i 's|%i.conf|server.conf|' /usr/lib/systemd/system/openvpn-server@.service
|
||||||
sed -i 's|%i.conf|server.conf|' /usr/lib/systemd/system/openvpn-server\@.service
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl restart openvpn-server@openvpn.service
|
systemctl restart openvpn-server@openvpn.service
|
||||||
systemctl enable openvpn-server@openvpn.service
|
systemctl enable openvpn-server@openvpn.service
|
||||||
|
|
@ -677,7 +671,6 @@ remote-cert-tls server
|
||||||
auth SHA256
|
auth SHA256
|
||||||
auth-nocache
|
auth-nocache
|
||||||
$CIPHER
|
$CIPHER
|
||||||
comp-lzo
|
|
||||||
tls-client
|
tls-client
|
||||||
tls-version-min 1.2
|
tls-version-min 1.2
|
||||||
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue