Fix vpn configs

This commit is contained in:
Bob Mottram 2017-09-27 14:16:20 +01:00
parent 0d12d944fd
commit 5fac7b57ad
1 changed files with 40 additions and 36 deletions

View File

@ -349,23 +349,23 @@ function create_user_vpn_key {
user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/client.conf ]; then echo 'client' > $user_vpn_cert_file
echo $'No VPN client template found' echo 'dev tun' >> $user_vpn_cert_file
exit 429823 echo 'proto tcp' >> $user_vpn_cert_file
fi echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf $user_vpn_cert_file echo 'resolv-retry infinite' >> $user_vpn_cert_file
sed -i "s|remote .*|remote $DEFAULT_DOMAIN_NAME $STUNNEL_PORT|g" $user_vpn_cert_file echo 'nobind' >> $user_vpn_cert_file
sed -i 's|;user .*|user nobody|g' $user_vpn_cert_file echo 'tun-mtu 1500' >> $user_vpn_cert_file
sed -i 's|;group .*|group nobody|g' $user_vpn_cert_file echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
echo 'mssfix 1450' >> $user_vpn_cert_file
sed -i 's|ca ca.crt|;ca ca.crt|g' $user_vpn_cert_file echo 'persist-key' >> $user_vpn_cert_file
sed -i 's|cert client.crt|;cert client.crt|g' $user_vpn_cert_file echo 'persist-tun' >> $user_vpn_cert_file
sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file echo 'auth-nocache' >> $user_vpn_cert_file
sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file echo 'remote-cert-tls server' >> $user_vpn_cert_file
echo 'comp-lzo' >> $user_vpn_cert_file
sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file echo 'verb 3' >> $user_vpn_cert_file
sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file echo '' >> $user_vpn_cert_file
echo '<ca>' >> $user_vpn_cert_file echo '<ca>' >> $user_vpn_cert_file
cat /etc/openvpn/ca.crt >> $user_vpn_cert_file cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
@ -460,7 +460,7 @@ function install_stunnel {
echo 'client = yes' >> stunnel-client.conf echo 'client = yes' >> stunnel-client.conf
echo "accept = $STUNNEL_PORT" >> stunnel-client.conf echo "accept = $STUNNEL_PORT" >> stunnel-client.conf
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> stunnel-client.conf echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> stunnel-client.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> stunnel-client.conf echo 'cert = stunnel.pem' >> stunnel-client.conf
echo '[Unit]' > /etc/systemd/system/stunnel.service echo '[Unit]' > /etc/systemd/system/stunnel.service
echo 'Description=SSL tunnel for network daemons' >> /etc/systemd/system/stunnel.service echo 'Description=SSL tunnel for network daemons' >> /etc/systemd/system/stunnel.service
@ -502,27 +502,31 @@ function install_stunnel {
function install_vpn { function install_vpn {
apt-get -yq install fastd openvpn easy-rsa apt-get -yq install fastd openvpn easy-rsa
if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
echo $'Example openvpn server config not found'
exit 783953
fi
groupadd vpn groupadd vpn
useradd -r -s /bin/false -g vpn vpn useradd -r -s /bin/false -g vpn vpn
# server configuration # server configuration
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf echo 'port 1194' > /etc/openvpn/server.conf
sed -i "s|;push \"redirect-gateway|push \"redirect-gateway|g" /etc/openvpn/server.conf echo 'proto tcp' >> /etc/openvpn/server.conf
sed -i 's|;push "dhcp-option|push "dhcp-option|g' /etc/openvpn/server.conf echo 'dev tun' >> /etc/openvpn/server.conf
sed -i 's|;user no.*|user vpn|g' /etc/openvpn/server.conf echo 'tun-mtu 1500' >> /etc/openvpn/server.conf
sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf echo 'tun-mtu-extra 32' >> /etc/openvpn/server.conf
sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf echo 'mssfix 1450' >> /etc/openvpn/server.conf
echo 'ca /etc/openvpn/easy-rsa/keys/ca.crt' >> /etc/openvpn/server.conf
sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf echo 'cert /etc/openvpn/easy-rsa/keys/server.crt' >> /etc/openvpn/server.conf
sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf echo 'key /etc/openvpn/easy-rsa/keys/server.key' >> /etc/openvpn/server.conf
echo 'dh /etc/openvpn/easy-rsa/keys/dh2048.pem' >> /etc/openvpn/server.conf
sed -i 's|explicit-exit-notify.*|explicit-exit-notify 0|g' /etc/openvpn/server.conf echo 'server 10.8.0.0 255.255.255.0' >> /etc/openvpn/server.conf
sed -i 's|tls-auth|;tls-auth|g' /etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 85.214.73.63\"" >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 213.73.91.35\"" >> /etc/openvpn/server.conf
echo 'keepalive 5 30' >> /etc/openvpn/server.conf
echo 'comp-lzo' >> /etc/openvpn/server.conf
echo 'persist-key' >> /etc/openvpn/server.conf
echo 'persist-tun' >> /etc/openvpn/server.conf
echo 'status /dev/null' >> /etc/openvpn/server.conf
echo 'verb 3' >> /etc/openvpn/server.conf
echo '' >> /etc/openvpn/server.conf
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@ -545,7 +549,7 @@ function install_vpn {
# generate host keys # generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then if [ ! -f /etc/openvpn/dh2048.pem ]; then
openssl dhparam -out /etc/openvpn/dh2048.pem 2048 openssl dhparam -out /etc/openvpn/easy-rsa/keys/dh2048.pem 2048
fi fi
cd /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa
. ./vars . ./vars