EasyUbuntu/openvpn-privnet.sh at master · sunflyer/EasyUbuntu · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
#
#       OpenVPN 内网组建工具
#       由于OpenVZ虚拟化的VPS大部分不支持 IPSec 或者GRE等类型的隧道/协议，而TUN/TAP在大部分OpenVZ虚拟化的机器上都可以使用，因此使用OpenVPN来完成内网组建
#       然而由于OpenVPN本身加解密和转发的性能问题。。。也就看看吧
#
echo "This is an OpenVPN Private Network Setting Tool"
echo "By CrazyChen @ Jan 2,2016"

VER="1.0.1.3"
DATE="20170102"
DIR="/etc/openvpn/clts"
SVRIP=""
PORT=1194
PROTOCOL="udp"

helpinf(){
        echo -e "Supported Usage : \nsetup.sh [OPERATION]\nWhere OPERATION coule be:\n"
        echo -e "\tinst : install server\n\tclt : generate client cert and conf\n\tversion : show version of this tools\n\tupdate : update this script"
        echo -e "\nWhere Params could be : \n"
        echo -e "\tclt [client name] [server ip] [server port] [protocl]"
}

genkey(){
        echo "Generating DH Param"
        openssl dhparam -out /etc/openvpn/dh2048.pem 2048
        echo "Operating"
        cd /etc/openvpn/easy-rsa
        if [ ! -f openssl.cnf ]; then
                cp openssl-1.0.0.cnf openssl.cnf
        fi
        . ./vars
        echo "Cleaning all"
        ./clean-all
        echo "Building ca cert"
        ./build-ca
        echo "Building Server cert"
        ./build-key-server server
        echo "Copy keys to openvpn dir"
        cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
}

svrconf(){
        echo "Please tell me which port you would like to use ? "
        read PORT
        if [ $PORT -lt '0' ]; then
            PORT=1194
        fi
        echo "Please tell me which proto you would like to use ? (t for TCP and u for UDP , by default UDP is used) "
        PROTOCOL="udp"
        read PROTOCOL
        if [ "x$PROTOCOL" == 'xt' ]; then
            PROTOCOL='tcp'
        else
            PROTOCOL='udp'
        fi
        #write conf file
cat>/etc/openvpn/server.conf<<EOF
port $PORT
proto $PROTOCOL
dev tap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 192.168.240.0 255.255.240.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
EOF
echo "Gen conf complete"
}

getLocalIp(){
        echo "Please , which is your ip ?"
        read SVRIP
        echo "Which port are you using ?"
        read PORT
        echo "Protocol ?"
        read PROTOCOL
}

gencltConf(){
        echo "Config name for client is $1"
        DIR_CLIENT="$DIR/$1"
        mkdir $DIR_CLIENT -p
        cp /etc/openvpn/easy-rsa/keys/$1.crt $DIR_CLIENT
        cp /etc/openvpn/easy-rsa/keys/$1.key $DIR_CLIENT
        CA_CERT=`cat /etc/openvpn/easy-rsa/keys/ca.crt`
        CLT_CERT=`cat /etc/openvpn/easy-rsa/keys/$1.crt`
        CLT_KEY=`cat /etc/openvpn/easy-rsa/keys/$1.key`

cat>$DIR_CLIENT/$1.ovpn<<EOF
dev tap
proto $4
remote $2 $3
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass pass.txt
comp-lzo
<ca>
$CA_CERT
</ca>
<cert>
$CLT_CERT
</cert>
<key>
$CLT_KEY
</key>
EOF
echo "Gen client complete"
}

genclt(){
        cd /etc/openvpn/easy-rsa
        echo "Client Cert : input a name for your client "
        #read NAME
        . ./vars
        ./build-key $1
        gencltConf $1 $2 $3 $4
}

install(){
        echo "Install instruction detected , go installation"
        apt-get update && apt-get upgrade -y && apt-get install openvpn easy-rsa  -y --force-yes
        echo "Generating RSA Key , just press ENTER if asked by system"
        cp -r /usr/share/easy-rsa/ /etc/openvpn
        mkdir /etc/openvpn/easy-rsa/keys
        genkey
        echo "Configuring svr"
        svrconf
        echo "Config complete , restarting openvpn"
        service openvpn restart
        service openvpn status
}

if [ $# -eq '0' ]; then
        echo -e "Param Invalid !\n\n"
        helpinf
        exit
fi

FUNC=$1

case $FUNC in
        inst)
                install
                ;;
        clt)
                if [ $# -eq '5' ]; then
                        genclt $2 $3 $4 $5
                else
                        helpinf
                fi
                ;;
        version)
                echo "OpenVPN Private Network Setup Tool by CrazyChen @ $DATE , version $VER"
                ;;
        update)

                ;;
        *)
                helpinf
                ;;
esac