-
Notifications
You must be signed in to change notification settings - Fork 0
/
install-upstream.sh
executable file
·225 lines (177 loc) · 5.16 KB
/
install-upstream.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Please run as root user or run with sudo"
exit
fi
## System IP
IP=$(curl -s "https://api.ipify.org/" )
## Check for docker
docker --version
if [ $? -ne 0 ]
then
curl -fsSL https://get.docker.com | sh
fi
## Check for docker compose
docker-compose --version
if [ $? -ne 0 ]
then
curl -L "https://github.com/docker/compose/releases/download/$(curl --silent "https://api.github.com/repos/docker/compose/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
fi
## Install expect
apt-get install expect -y
rm -f docker-compose.yml
rm -f create_ca.exp
rm -f create_user.exp
rm -f add_user.sh
rm -f info.log
rm -rf openvpn-data
rm -f *.ovpn
## Write compose file
cat <<EOF > ./docker-compose.yml
version: '2'
services:
openvpn:
cap_add:
- NET_ADMIN
image: kylemanna/openvpn
container_name: openvpn
ports:
- "$1:$1/tcp"
restart: always
volumes:
- ./openvpn-data/conf:/etc/openvpn
EOF
## Write create_ca file
cat <<EOF > ./create_ca.exp
#!/usr/bin/expect -f
spawn docker-compose run --rm openvpn ovpn_initpki
proc respond_with_passphrase {} {
expect {
-re {Enter pass phrase for .*} {
sleep 1
send -- "$2\r"
exp_continue
}
-re {CRL file: /etc/openvpn/pki/crl.pem} {
# Matched the CRL file line, so end the script
sleep 1
exit
}
timeout {
# If the prompt doesn't appear, loop back and wait again
respond_with_passphrase
}
}
}
expect {
"Confirm removal: " {
sleep 1
send "yes\r"
exp_continue
}
"Enter New CA Key Passphrase: " {
sleep 1
send "$2\r"
exp_continue
}
"Re-Enter New CA Key Passphrase: " {
sleep 1
send "$2\r"
exp_continue
}
-re {Common Name \(.*\) \[.*\]:$} {
sleep 1
send "\r"
exp_continue
}
}
# Wait for the prompt and respond with passphrase
respond_with_passphrase
EOF
## Write create_user file
cat <<EOF > ./create_user.exp
#!/usr/bin/expect -f
set passphrase $2
set username [lindex \$argv 0]
set password [lindex \$argv 1]
spawn docker-compose run --rm openvpn easyrsa build-client-full \$username
proc respond_with_passphrase {} {
expect {
"Enter PEM pass phrase:" {
# Respond with the passphrase
sleep 1
send "$::password\r"
exp_continue
}
"Verifying - Enter PEM pass phrase:" {
# Confirm the passphrase
sleep 1
send "$::password\r"
exp_continue
}
"Enter pass phrase for /etc/openvpn/pki/private/ca.key:" {
# Respond with the passphrase for the CA key
sleep 1
send "$::passphrase\r"
exp_continue
}
"Data Base Updated" {
# Successfully created the user, so end the script
sleep 1
exit
}
timeout {
# Handle timeout situations, if necessary
puts "Timeout occurred."
exit 1
}
}
}
# Wait for the prompt and respond with passphrase
respond_with_passphrase
EOF
## Write add_user file
cat <<EOF > ./add_user.sh
#!/bin/bash
./create_user.exp \$1 \$2
docker-compose run --rm openvpn ovpn_getclient \$1 > \$1.ovpn
sed -i -E 's/^remote[[:space:]]+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[[:space:]]+[0-9]+[[:space:]]+tcp[[:space:]]*$/remote $4 $5 tcp/' \$1.ovpn
EOF
## Write add_direct_user file
cat <<EOF > ./add_direct_user.sh
#!/bin/bash
./create_user.exp \$1_direct \$2
docker-compose run --rm openvpn ovpn_getclient \$1_direct > \$1_direct.ovpn
sed -i -E 's/^remote[[:space:]]+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[[:space:]]+[0-9]+[[:space:]]+tcp[[:space:]]*$/remote $IP $1 tcp/' \$1_direct.ovpn
EOF
chmod +x ./create_ca.exp
chmod +x ./create_user.exp
chmod +x ./add_user.sh
chmod +x ./add_direct_user.sh
docker-compose down
docker-compose run --rm openvpn ovpn_genconfig -u tcp://$IP
sed -i -e "s/^port [0-9]\+$/port $1/" ./openvpn-data/conf/openvpn.conf
./create_ca.exp
chown -R $(whoami): ./openvpn-data
docker-compose up -d
docker-compose ps
echo ""
echo ""
echo ""
echo ""
cat <<EOF > ./info.log
================================================
## Run this command on your bridge(interanet) server:
sudo curl -s https://raw.githubusercontent.com/MahdadGhasemian/openvpn-bridge-config/main/install-bridge.sh | bash -s $3 $5 $1 $IP
## RUN this command to add new user (on the upstream server)
./add_user.sh USERNAME PASSWORD
example: ./add_user.sh user1 1234
## RUN this command to add new direct user. this use can not need to a bridge server to connect to the upstream. (on the upstream server)
./add_direct_user.sh USERNAME PASSWORD
example: ./add_direct_user.sh user1 1234
note: In direct mode your username will be changed to this pattern: YOUR-USERNAME_direct
================================================
EOF
cat ./info.log