#!/bin/bash
#
echo "################################################"
echo "Should work on various rpm-based Linux distos."
echo "Tested on CentOS ditros version 5 to 5.5"
echo
echo "Make sure to message your provider and have them enable"
echo "TUN, PPP, IPtables, and NAT modules prior to setting up OpenVPN."
echo
echo "You need to set up the server before creating more client keys."
echo "A separate client keyset is required per connection or machine."
echo "When creating certificated you can put \".\" to skip a field for all fields"
echo "except for \"Common Name\" and password fields."
echo "################################################"
echo
echo
echo "################################################"
echo "Select on option:"
echo "1) Set up new OpenVPN server AND create one client"
echo "2) Create additional clients"
echo "################################################"
read x
if test $x -eq 1; then
echo "Specify server port number that you want the server to use (eg. 54):"
read p
echo "Enter client username that you want to create (eg. client1):"
read c
# get the venet0:0 IP
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
echo
echo
echo "################################################"
echo "Downloading OpenVPN 2.0.9 and LZO compression library"
echo "################################################"
mkdir /etc/ovpn_install
cd /etc/ovpn_install
wget
http://openvpn.net/release/openvpn-2.0.9.tar.gz
wget
http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
echo
echo
echo "################################################"
echo "Downloading and Installing Dependencies"
echo "################################################"
yum -y install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel make gcc
echo
echo
echo "################################################"
echo "Building From Source"
echo "################################################"
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
rpmbuild -tb openvpn-2.0.9.tar.gz
rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm
echo
echo
echo "################################################"
echo "Creating Server Config"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
# creating server.conf file
echo "local $ip" > /etc/openvpn/server.conf
echo "port $p" >> /etc/openvpn/server.conf
echo "proto udp" >> /etc/openvpn/server.conf
echo "dev tun" >> /etc/openvpn/server.conf
echo "ca /etc/openvpn/keys/ca.crt" >> /etc/openvpn/server.conf
echo "cert /etc/openvpn/keys/server.crt" >> /etc/openvpn/server.conf
echo "key /etc/openvpn/keys/server.key" >> /etc/openvpn/server.conf
echo "dh /etc/openvpn/keys/dh1024.pem" >> /etc/openvpn/server.conf
echo "server 10.9.0.0 255.255.255.0" >> /etc/openvpn/server.conf
echo "ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo "push \"redirect-gateway def1\" " >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 8.8.8.8\" " >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 8.8.4.4\" " >> /etc/openvpn/server.conf
echo "keepalive 5 30" >> /etc/openvpn/server.conf
echo "comp-lzo" >> /etc/openvpn/server.conf
echo "persist-key" >> /etc/openvpn/server.conf
echo "persist-tun" >> /etc/openvpn/server.conf
echo "status server-tcp.log" >> /etc/openvpn/server.conf
echo "verb 3" >> /etc/openvpn/server.conf
cd /etc/openvpn/easy-rsa/2.0/
source ./vars
./vars
./clean-all
echo
echo
echo "################################################"
echo "Building Certifcate Authority"
echo "\"Common Name\" must be filled."
echo "################################################"
./build-ca
echo
echo
echo "################################################"
echo "Building Server Certificate"
echo "\"Common Name\" must be filled."
echo "Please insert : server"
echo "################################################"
./build-key-server server
./build-dh
cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys -R
echo
echo
echo "################################################"
echo "Starting Server"
echo "################################################"
service openvpn start
echo
echo
echo "################################################"
echo "Forwarding IPv4 and Enabling It On-boot"
echo "################################################"
echo 1 > /proc/sys/net/ipv4/ip_forward
# saves ipv4 forwarding and and enables it on-boot
sed -e 's/\(net.ipv4.ip_forward =\) 0/\1 1/g' /etc/sysctl.conf > /etc/tempsysclt
cat /etc/tempsysclt > /etc/sysctl.conf
rm -f /etc/tempsysclt
echo
echo
echo "################################################"
echo "Updating IPtables Routing and Enabling It On-boot"
echo "################################################"
tunip=`/sbin/ifconfig tun0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1`
iptables -t nat -A POSTROUTING -s $tunip/24 -j SNAT --to $ip
# saves iptables routing rules and enables them on-boot
/sbin/service iptables save
chkconfig iptables on
echo
echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
./build-key $c
echo "client " > /etc/openvpn/keys/$c.ovpn
echo "dev tun " >> /etc/openvpn/keys/$c.ovpn
echo "proto udp " >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn
echo "nobind " >> /etc/openvpn/keys/$c.ovpn
echo "persist-key " >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn
echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn
cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys
cd /etc/openvpn/keys/
tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn
echo
echo
echo "################################################"
echo "OpenVPN server successfully installed."
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory"
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect."
echo
echo "To generate additonal client keysets, run the script again with option #2."
echo "################################################"
# runs this if option 2 is selected
elif test $x -eq 2; then
echo "Enter client username that you want to create (eg. client2):"
read c
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
p=`grep -n 'port' /etc/openvpn/server.conf | cut -d' ' -f2`
echo
echo
echo "################################################"
echo "Building certificate for client $c"
echo "\"Common Name\" must be filled."
echo "Please insert like same cert : $c"
echo "################################################"
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./vars
./build-key $c
echo "client " > /etc/openvpn/keys/$c.ovpn
echo "dev tun " >> /etc/openvpn/keys/$c.ovpn
echo "proto udp " >> /etc/openvpn/keys/$c.ovpn
echo "remote $ip $p " >> /etc/openvpn/keys/$c.ovpn
echo "resolv-retry infinite " >> /etc/openvpn/keys/$c.ovpn
echo "nobind " >> /etc/openvpn/keys/$c.ovpn
echo "persist-key " >> /etc/openvpn/keys/$c.ovpn
echo "persist-tun " >> /etc/openvpn/keys/$c.ovpn
echo "ca ca.crt " >> /etc/openvpn/keys/$c.ovpn
echo "cert $c.crt " >> /etc/openvpn/keys/$c.ovpn
echo "key $c.key " >> /etc/openvpn/keys/$c.ovpn
echo "comp-lzo " >> /etc/openvpn/keys/$c.ovpn
echo "verb 3 " >> /etc/openvpn/keys/$c.ovpn
cp /etc/openvpn/easy-rsa/2.0/keys/$c.crt /etc/openvpn/keys
cp /etc/openvpn/easy-rsa/2.0/keys/$c.key /etc/openvpn/keys
cd /etc/openvpn/keys/
tar czf clientkeys.tgz ca.crt $c.crt $c.key $c.ovpn
echo
echo
echo "################################################"
echo "One client keyset for $c generated."
echo "To connect:"
echo "1) Download /etc/openvpn/keys/clientkeys.tgz using SCP client such as WinSCP."
echo "2) Create a folder named VPN in C:\Program Files\OpenVPN\config directory "
echo "3) Extract the contents of clientkeys.tgz to the VPN folder."
echo "4) Start openvpn-gui, right click the tray icon and click Connect."
echo "################################################"
else
echo "Invalid selection, quitting."
exit
fi
