Last active
August 6, 2016 19:51
-
-
Save WaaromZoMoeilijk/6153cade6078626e8f95d994e864b7ee to your computer and use it in GitHub Desktop.
Revisions
-
Ezra revised this gist
Aug 6, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,7 +31,7 @@ cd .. ./build-dh openvpn --genkey --secret keys/ta.key cat <<-CONF > "/etc/openvpn/server.conf" local $IP # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS dev tun proto udp #Some people prefer to use tcp. Don't change it if you don't know. -
Aug 6, 2016 . No changes.There are no files selected for viewing
-
Aug 6, 2016 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,4 @@ #!/bin/bash ROUTER="192.168.1.1" IP=$(hostname -I | cut -d ' ' -f 1) IF="/sbin/ip" @@ -77,7 +78,7 @@ chmod 700 /etc/firewall-openvpn-rules.sh chown root /etc/firewall-openvpn-rules.sh rm /etc/network/interfaces cat <<-CONF1 > "/etc/network/interfaces" # The loopback network interface auto lo iface lo inet loopback @@ -113,6 +114,7 @@ verb 1 mute 20 CONF2 touch /etc/openvpn/easy-rsa/keys/MakeOVPN.sh cat <<-CONF3 > "/etc/openvpn/easy-rsa/keys/MakeOVPN.sh" #!/bin/bash @@ -195,6 +197,6 @@ echo "Done! $NAME$FILEEXT Successfully Created." CONF3 chmod 700 /etc/openvpn/easy-rsa/keys/MakeOVPN.sh bash /etc/openvpn/easy-rsa/keys/MakeOVPN.sh exit 0 -
Aug 6, 2016 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,9 +14,10 @@ fi sudo apt-get install openvpn -y git clone https://github.com/OpenVPN/easy-rsa.git cd easy-rsa git checkout 2.2.2 cp -r easy-rsa/2.0/ /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa sed -i 's|`pwd`|/etc/openvpn/easy-rsa|g' /etc/openvpn/easy-rsa/vars source ./vars ./clean-all -
Aug 6, 2016 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,9 +13,9 @@ DOMAIN="vpn.waaromzomoeilijk.nl" fi sudo apt-get install openvpn -y git clone https://github.com/OpenVPN/easy-rsa.git cp -r easy-rsa/2.0/ /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa git checkout 2.2.2 sed -i 's|`pwd`|/etc/openvpn/easy-rsa|g' /etc/openvpn/easy-rsa/vars source ./vars -
Aug 6, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ DOMAIN="vpn.waaromzomoeilijk.nl" # Check if root if [ "$(whoami)" != "root" ]; then echo echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash openvpn_server.sh" echo exit 1 fi -
Aug 6, 2016 . 1 changed file with 138 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,16 @@ ROUTER="192.168.1.1" IP=$(hostname -I | cut -d ' ' -f 1) IF="/sbin/ip" IFACE=$($IF -o link show | awk '{print $2,$9}' | grep "UP" | cut -d ":" -f 1) DOMAIN="vpn.waaromzomoeilijk.nl" # Check if root if [ "$(whoami)" != "root" ]; then echo echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash $SCRIPTS/wordpress_install.sh" echo exit 1 fi sudo apt-get install openvpn -y cd /etc/openvpn @@ -58,5 +69,131 @@ log /var/log/openvpn.log verb 1 CONF sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|g' /etc/sysctl.conf sysctl -p echo "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $IFACE -j SNAT --to-source $IP" > /etc/firewall-openvpn-rules.sh chmod 700 /etc/firewall-openvpn-rules.sh chown root /etc/firewall-openvpn-rules.sh rm /etc/network/interfaces cat <<-CONF1 > "nano /etc/network/interfaces" # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto $IFACE allow-hotplug $IFACE iface $IFACE inet static pre-up /sbin/ethtool -K $IFACE tso off pre-up /sbin/ethtool -K $IFACE gso off pre-up /etc/firewall-openvpn-rules.sh address $IP netmask 255.255.255.0 gateway $ROUTER dns-nameservers 8.8.8.8 8.8.4.4 CONF1 cat <<-CONF2 > "/etc/openvpn/easy-rsa/keys/Default.txt" client dev tun proto udp remote $DOMAIN 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ns-cert-type server key-direction 1 cipher AES-128-CBC comp-lzo verb 1 mute 20 CONF2 cat <<-CONF3 > "/etc/openvpn/easy-rsa/keys/MakeOVPN.sh" #!/bin/bash # Default Variable Declarations DEFAULT="Default.txt" FILEEXT=".ovpn" CRT=".crt" KEY=".3des.key" NODES_KEY=".key" CA="ca.crt" TA="ta.key" NAME="${1}" if [ -z "${NAME}" ]; then # Ask for a Client name echo "Please enter an existing Client Name:" read NAME fi #1st Verify that client's Public Key Exists if [ ! -f $NAME$CRT ]; then echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT" exit fi echo "Client's cert found: $NAME$CR" #Then, verify that there is a private key for that client if [ ! -f $NAME$KEY ]; then echo "[INFO]: Client 3des Private Key not found: $NAME$KEY" KEY="${NODES_KEY}" fi if [ ! -f $NAME$KEY ]; then echo "[ERROR]: Client Private Key not found: $NAME$KEY" exit fi echo "Client's Private Key found: $NAME$KEY" #Confirm the CA public key exists if [ ! -f $CA ]; then echo "[ERROR]: CA Public Key not found: $CA" exit fi echo "CA public Key found: $CA" #Confirm the tls-auth ta key file exists if [ ! -f $TA ]; then echo "[ERROR]: tls-auth Key not found: $TA" exit fi echo "tls-auth Private Key found: $TA" #Ready to make a new .opvn file - Start by populating with the default file cat $DEFAULT > $NAME$FILEEXT #Now, append the CA Public Cert echo "<ca>" >> $NAME$FILEEXT cat $CA >> $NAME$FILEEXT echo "</ca>" >> $NAME$FILEEXT #Next append the client Public Cert echo "<cert>" >> $NAME$FILEEXT cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT echo "</cert>" >> $NAME$FILEEXT #Then, append the client Private Key echo "<key>" >> $NAME$FILEEXT cat $NAME$KEY >> $NAME$FILEEXT echo "</key>" >> $NAME$FILEEXT #Finally, append the TA Private Key echo "<tls-auth>" >> $NAME$FILEEXT cat $TA >> $NAME$FILEEXT echo "</tls-auth>" >> $NAME$FILEEXT echo "Done! $NAME$FILEEXT Successfully Created." #Script written by Eric Jodoin CONF3 chmod 700 /etc/openvpn/easy-rsa/keys/MakeOVPN.sh ./etc/openvpn/easy-rsa/keys/MakeOVPN.sh exit 0 -
Aug 6, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,62 @@ ROUTER="192.168.1.1" IP="192.168.1.143" sudo apt-get install openvpn -y cd /etc/openvpn git clone https://github.com/OpenVPN/easy-rsa.git cd easy-rsa git checkout 2.2.2 sed -i 's|`pwd`|/etc/openvpn/easy-rsa|g' /etc/openvpn/easy-rsa/vars source ./vars ./clean-all ./build-ca ./build-key-server Pi ./build-key-pass User1 cd keys openssl rsa -in User1.key -des3 -out User1.3des.key cd .. ./build-dh openvpn --genkey --secret keys/ta.key cat <<-CONF > "nano /etc/openvpn/server.conf" local $IP # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS dev tun proto udp #Some people prefer to use tcp. Don't change it if you don't know. port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/Pi.crt # SWAP WITH YOUR CRT NAME key /etc/openvpn/easy-rsa/keys/Pi.key # SWAP WITH YOUR KEY NAME dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.255.0 # server and remote endpoints ifconfig 10.8.0.1 10.8.0.2 # Add route to Client routing table for the OpenVPN Server push "route 10.8.0.1 255.255.255.255" # Add route to Client routing table for the OpenVPN Subnet push "route 10.8.0.0 255.255.255.0" # your local subnet push "route $IP 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS # Set primary domain name server address to the SOHO Router # If your router does not do DNS, you can use Google DNS 8.8.8.8 push "dhcp-option DNS $ROUTER" # This should match your router's IP address. # Override the Client default gateway by using 0.0.0.0/1 and # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of # overriding but not wiping out the original default gateway. push "redirect-gateway def1" client-to-client duplicate-cn keepalive 10 120 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 1 CONF
Ezra
revised
this gist