-
Notifications
You must be signed in to change notification settings - Fork 3
/
setup.sh
135 lines (112 loc) · 5.95 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
# Declare Variables
OpenVPNPath=/etc/openvpn
GetInterface=$(ip add | grep ^[0-9] | awk 'NR==2 {print $2}' | tr -d ":")
PublicIP=$(curl icanhazip.com)
# Update the system
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Checking for updates\e[39m\e[0m"
apt update
apt dist-upgrade -y -q
# Install required packages
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Installing Required Packages\e[39m\e[0m"
apt install openvpn openssl zip gzip apache2 squid -y -q
mkdir /var/log/openvpn
touch /var/log/openvpn/openvpn-status.log
touch /var/log/openvpn/openvpn.log
# Copy over the server config
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Copying Config Files\e[39m\e[0m"
cp server.conf $OpenVPNPath/
# Copy over the template CA Certificate and Key files
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Creating Server Certificates\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Copying CA\e[39m\e[0m"
cp /usr/share/doc/openvpn/examples/sample-keys/{ca.crt,ca.key} $OpenVPNPath
# Copy over the templace Server Certificate and Key files
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Copying Certificate\e[39m\e[0m"
gzip -d /usr/share/doc/openvpn/examples/sample-keys/server.crt.gz
cp /usr/share/doc/openvpn/examples/sample-keys/{server.crt,server.key} $OpenVPNPath
# Generate the DHKey for the server
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Generate Diffie-Hellman PEM\e[39m\e[0m"
openssl dhparam -out $OpenVPNPath/dh2048.pem 2048
# Generate the TLS Key for the server
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Generate TLS Key\e[39m\e[0m"
openvpn --genkey --secret $OpenVPNPath/ta.key
# Enable IPv4 Forwarding
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Enabling IPv4 Forwarding\e[39m\e[0m"
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
# Configure interface routing in IPTables
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Creating NAT in IPTables\e[39m\e[0m"
iptables -t nat -A POSTROUTING -o $GetInterface -j MASQUERADE
iptables -A FORWARD -i tun+ -o $GetInterface -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun+ -o $GetInterface -j ACCEPT
# Install IP Tables Persistent
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Installing IPTABLES-PERSISTENT\e[39m\e[0m"
apt install iptables-persistent -y -q
# Enable OpenVPN on startup
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Enabling OpenVPN on Startup\e[39m\e[0m"
systemctl enable openvpn@server.service
systemctl start openvpn@server.service
# Check if OpenVPN is currently running, if it is, setup was sucessful
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Checking OpenVPN Status\e[39m\e[0m"
openvpn_status=$(systemctl status openvpn@server | grep active | awk '{print $2 $3}')
if [ $openvpn_status == 'active(running)' ]; then
echo -e "\e[1m\e[32mComplete with no errors! Enjoy!\e[39m\e[0m"
fi
# Configure Apache2 so client configs can be downloaded via the web.
# Check if apache2 is running, if it is, stop it
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Configuring Apache2\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Checking Apache2 Status\e[39m\e[0m"
apache2_status=$(systemctl status apache2.service | grep active | awk '{print $2 $3}')
if [ $apache2_status == 'active(running)' ]; then
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Apache2 is Running, stopping...\e[39m\e[0m"
systemctl stop apache2.service
fi
# Disable Default Apache2 Site
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Disabling Default Site\e[39m\e[0m"
a2dissite 000-default.conf
# Create new apache2 site using SSL
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Copying and Setting Up Virtualhost for VPN Clients\e[39m\e[0m"
cp vpn-client.conf /etc/apache2/sites-available/
mkdir /var/www/vpn-client
mkdir /var/www/vpn-client/scripts
chmod a+rx /var/www/vpn-client/*.zip
chmod a+rx /var/www/vpn-client/scripts/*.pac
a2enmod ssl
a2ensite vpn-client.conf
htpasswd -b -c /var/www/vpn-client/.htpasswd vpn supersneaky
systemctl enable apache2.service
systemctl start apache2.service
# Check if apache started with no errors
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Checking Apache2 Status\e[39m\e[0m"
if [ $apache2_status == 'active(running)' ]; then
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Apache2 is Running with no errors!\e[39m\e[0m"
fi
# Configure SQUID
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Stopping Squid\e[39m\e[0m"
systemctl stop squid.service
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Setting up Squid\e[39m\e[0m"
mv /etc/squid/squid.conf /etc/squid/squid.conf.org
cp squid.conf /etc/squid/squid.conf
# Creating PAC Script
pac_file=/var/www/vpn-client/scripts/proxy.pac
echo "function FindProxyForURL(url, host) {" >> $pac_file
echo "return \"PROXY $PublicIP:3128; DIRECT\"" >> $pac_file
echo "}" >> $pac_file
chmod a+rx $pac_file
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Setup Complete, starting Squid\e[39m\e[0m"
systemctl enable squid.service
systemctl start squid.service
# Check if squid started with no errors
squid_status=$(systemctl status squid.service | grep active | awk '{print $2 $3}')
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Checking Squid Status\e[39m\e[0m"
if [ $squid_status == 'active(running)' ]; then
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Squid is Running with no errors!\e[39m\e[0m"
fi
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Your configuration files can now be downloaded from https://$PublicIP/\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Use the following to authenticate:\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Username: vpn\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Password: supersneaky\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Proxy Address: $PublicIP:3128\e[39m\e[0m"
echo -e "\e[1m\e[32m[\e[1m\e[31m*\e[1m\e[32m] Proxy PAC Script: https://$PublicIP/scripts/proxy.pac\e[39m\e[0m"
# Reboot the system so IP Forwarding works
read -p "For the VPN to work, we need to reboot the VPN. Make sure you know the user/pass for the website to download the config files.\nPress Enter when you're ready..."
reboot