install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Can't recognize changes - hopefuly they are useful.

Browse Source
This commit is contained in:
Christoph 2022-01-10 01:12:37 +01:00
parent b0c63a4385
commit 3f3d8449dd
4 changed files with 3163 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2988
OLD/install_openvpn.sh Executable file
View File

File diff suppressed because it is too large Load Diff

28
build_key-pass.sh
View File

@ -78,6 +78,12 @@ info (){
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo "" echo ""
} }
print_command () {
echo ""
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
echo ""
}
echo_done() { echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]" echo -e "\033[80G[ \033[32mdone\033[m ]"
} }
@ -397,7 +403,7 @@ read ok
echo "" echo ""
if $EASYRSA_LAYOUT_NEW ; then if $EASYRSA_LAYOUT_NEW ; then
${EASY_RSA_DIR}/easyrsa build-client-full ${_CLIENT_CN} ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-client-full ${_CLIENT_CN}
else else
${EASY_RSA_DIR}/build-key-pass ${NEW_KEY_NAME} ${EASY_RSA_DIR}/build-key-pass ${NEW_KEY_NAME}
fi fi
@ -405,12 +411,23 @@ if [[ $? -eq 0 ]] ; then
info "Building key '${NEW_KEY_NAME}.key' was successfully." info "Building key '${NEW_KEY_NAME}.key' was successfully."
else else
error "Building key '${NEW_KEY_NAME}.key' failed!" error "Building key '${NEW_KEY_NAME}.key' failed!"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" init-pki"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
echo "" #echo ""
echononl "Type <return> to continue: " #echononl "Type <return> to continue: "
read ok #read ok
echo "" #echo ""
echononl " Add new key credentials to file ${OPENVPN_BASE_DIR}/keys-created.txt" echononl " Add new key credentials to file ${OPENVPN_BASE_DIR}/keys-created.txt"
cat << EOF >> ${OPENVPN_BASE_DIR}/keys-created.txt cat << EOF >> ${OPENVPN_BASE_DIR}/keys-created.txt
@ -724,6 +741,7 @@ else
done done
fi fi
blank_line
if $_copy_to_user_home_dir ; then if $_copy_to_user_home_dir ; then
_home_dir=$(eval echo "~$user_name") _home_dir=$(eval echo "~$user_name")
_target_dir="${_home_dir}/VPN/${_CLIENT_CN}" _target_dir="${_home_dir}/VPN/${_CLIENT_CN}"

127
install_openvpn.sh
View File

@ -143,6 +143,12 @@ info (){
echo "" echo ""
} }
print_command () {
echo ""
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
echo ""
}
echo_done() { echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]" echo -e "\033[80G[ \033[32mdone\033[m ]"
} }
@ -1559,7 +1565,50 @@ if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer as not 'YES'" fatal "Abort by user request - Answer as not 'YES'"
fi fi
#cat <<EOF
#
#OPENVPN_SERVER="$OPENVPN_SERVER"
#SERVER_PORT="$SERVER_PORT"
#
#ORG_SHORTCUT="$ORG_SHORTCUT"
#
#OPENVPN_NAME="$OPENVPN_NAME"
#OPENVPN_BASE_DIR="$OPENVPN_BASE_DIR"
#EASY_RSA_DIR="$EASY_RSA_DIR"
#OPENVPN_KEY_DIR="$OPENVPN_KEY_DIR"
#OPENVPN_CCD_DIR="$OPENVPN_CCD_DIR"
#
#CA_EXPIRE="$CA_EXPIRE"
#CERT_EXPIRE="$CERT_EXPIRE"
#KEY_SIZE=$KEY_SIZE
#
#KEY_COUNTRY="$KEY_COUNTRY"
#KEY_COUNTRY="$KEY_PROVINCE"
#KEY_CITY="$KEY_CITY"
#KEY_ORG="$KEY_ORG"
#KEY_EMAIL="$KEY_EMAIL"
#KEY_OU="$KEY_OU"
#
#KEY_CN="$KEY_CN"
#KEY_ALTNAMES="$KEY_ALTNAMES"
#
#OPENVPN_NETWORK="$OPENVPN_NETWORK"
#
#OPENVPN_SERVER_IP="$OPENVPN_SERVER_IP"
#
#SERVER_CIPHER="$SERVER_CIPHER"
#
#LZO_COMPRESSION="$LZO_COMPRESSION"
#
#REMOTE_NETWORK_ARR=${REMOTE_NETWORK_ARR[@]}
#
#DNS_SERVER="$DNS_SERVER"
#
#SEARCH_DOMAINS_ARR=${SEARCH_DOMAINS_ARR[@]}
#
#LOCAL_NETWORK_ARR=${LOCAL_NETWORK_ARR[@]}
#
#EOF
#--------------------------------------- #---------------------------------------
#----------------------------- #-----------------------------
@ -2331,12 +2380,23 @@ else
# - Removes & re-initializes the PKI dir for a clean PKI # - Removes & re-initializes the PKI dir for a clean PKI
# - # -
echononl " Initialise PKI Directory" echononl " Initialise PKI Directory"
${EASY_RSA_DIR}/easyrsa init-pki > "$log_file" 2>&1 ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" init-pki > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" init-pki"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
fi fi
@ -2348,13 +2408,25 @@ echononl " Create Root CA.."
if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
printf "\n\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/build-ca > "$log_file" 2>&1 printf "\n\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/build-ca > "$log_file" 2>&1
else else
printf "\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/easyrsa build-ca nopass > "$log_file" 2>&1 printf "\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-ca nopass > "$log_file" 2>&1
fi fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" build-ca nopass"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
@ -2380,7 +2452,7 @@ else
if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1 cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1
else else
#${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1 #${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars gen-dh > "$log_file" 2>&1
openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1 openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1
fi fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
@ -2388,6 +2460,18 @@ else
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "openssl dhparam -dsaparam -out \"${OPENVPN_KEY_DIR}/dh.pem\" ${KEY_SIZE}"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
_DH_KEY="${OPENVPN_KEY_DIR}/dh.pem" _DH_KEY="${OPENVPN_KEY_DIR}/dh.pem"
fi fi
@ -2432,12 +2516,24 @@ else
# - nopass - do not encrypt the private key (default is encrypted) # - nopass - do not encrypt the private key (default is encrypted)
# - # -
echononl " Generate server keypair '${KEY_CN}-server'.." echononl " Generate server keypair '${KEY_CN}-server'.."
${EASY_RSA_DIR}/easyrsa build-server-full "${KEY_CN}-server" nopass > "$log_file" 2>&1 ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-server-full "${KEY_CN}-server" nopass > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" build-server-full \"${KEY_CN}-server\" nopass"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
_SERVER_KEY="${OPENVPN_KEY_DIR}/private/${KEY_CN}-server.key" _SERVER_KEY="${OPENVPN_KEY_DIR}/private/${KEY_CN}-server.key"
_SERVER_CERT="${OPENVPN_KEY_DIR}/issued//${KEY_CN}-server.crt" _SERVER_CERT="${OPENVPN_KEY_DIR}/issued//${KEY_CN}-server.crt"
@ -2450,7 +2546,12 @@ fi
# - to help block DoS attacks and UDP port flooding. # - to help block DoS attacks and UDP port flooding.
# - # -
echononl " Create 'ta.key' for additional security" echononl " Create 'ta.key' for additional security"
openvpn --genkey --secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1 if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 11 ]] ; then
openvpn --genkey --secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1
else
openvpn --genkey secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1
fi
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -2471,12 +2572,23 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
fi fi
else else
echononl " Create CRL (Certificate Revokation List) '${OPENVPN_KEY_DIR}/crl.pem'.." echononl " Create CRL (Certificate Revokation List) '${OPENVPN_KEY_DIR}/crl.pem'.."
${EASY_RSA_DIR}/easyrsa gen-crl > "$log_file" 2>&1 ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" gen-crl > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" "gen-crl
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
fi fi
@ -2896,6 +3008,7 @@ persist-tun
persist-local-ip persist-local-ip
persist-remote-ip persist-remote-ip
# Output a short status file showing # Output a short status file showing
# current connections, truncated # current connections, truncated
# and rewritten every minute. # and rewritten every minute.

33
revoke_key.sh
View File

@ -83,6 +83,11 @@ info (){
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
echo "" echo ""
} }
print_command () {
echo ""
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
echo ""
}
echo_done() { echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]" echo -e "\033[80G[ \033[32mdone\033[m ]"
} }
@ -312,24 +317,48 @@ if $EASYRSA_LAYOUT_NEW ; then
# - Revoke Key # - Revoke Key
# --- # ---
echononl "Revoke key '$(basename "$_CLIENT_KEY")'.." echononl "Revoke key '$(basename "$_CLIENT_KEY")'.."
$EASY_RSA_DIR/easyrsa revoke "$_CLIENT_CN" > "$log_file" 2>&1 $EASY_RSA_DIR/easyrsa --vars="${EASY_RSA_DIR}/vars" revoke "$_CLIENT_CN" > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" revoke \"$_CLIENT_CN\""
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
# --- # ---
# - Generate new crl.pem # - Generate new crl.pem
# --- # ---
echononl "Generate new CRL (Certificate Revokation List) 'crl.pem'.." echononl "Generate new CRL (Certificate Revokation List) 'crl.pem'.."
$EASY_RSA_DIR/easyrsa gen-crl > "$log_file" 2>&1 $EASY_RSA_DIR/easyrsa --vars="${EASY_RSA_DIR}/vars" gen-crl > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" gen-crl"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
else else