#!/bin/sh set -e apt-get update -q echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections apt-get install -qy openvpn curl iptables-persistent cd /etc/openvpn [ -f dh.pem ] || openssl dhparam -out dh.pem 2048 [ -f ca-key.pem ] || openssl genrsa -out ca-key.pem 2048 chmod 600 ca-key.pem [ -f ca-csr.pem ] || openssl req -new -key ca-key.pem -out ca-csr.pem -subj /CN=OpenVPN-CA/ [ -f ca.pem ] || openssl x509 -req -in ca-csr.pem -out ca.pem -signkey ca-key.pem -days 365 [ -f ca.srl ] || echo 01 > ca.srl # Server Config [ -f server-key.pem ] || openssl genrsa -out server-key.pem 2048 chmod 600 server-key.pem [ -f server-csr.pem ] || openssl req -new -key server-key.pem -out server-csr.pem -subj /CN=OpenVPN/ [ -f cert.pem ] || openssl x509 -req -in server-csr.pem -out server-cert.pem -CA ca.pem -CAkey ca-key.pem -days 365 [ -f udp80.conf ] || cat >udp80.conf <> /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables-save > /etc/iptables/rules.v4 MY_IP_ADDR=$(curl -s http://myip.enix.org/REMOTE_ADDR) [ "$MY_IP_ADDR" ] || { echo "Sorry, I could not figure out my public IP address." echo "(I use http://myip.enix.org/REMOTE_ADDR/ for that purpose.)" exit 1 } # Client Config [ -f client-key.pem ] || openssl genrsa -out client-key.pem 2048 chmod 600 client-key.pem [ -f client-csr.pem ] || openssl req -new -key client-key.pem -out client-csr.pem -subj /CN=OpenVPN-Client/ [ -f client.pem ] || openssl x509 -req -in client-csr.pem -out client-cert.pem -CA ca.pem -CAkey ca-key.pem -days 365 [ -f client.ovpn ] || cat >client.ovpn < `cat client-key.pem` `cat client-cert.pem` `cat ca.pem` EOF service openvpn restart