Installing OpenVPN

From Projects Wiki
Revision as of 02:29, 19 July 2013 by Ralph Iden (talk | contribs) (Created page with "'''Installing OpenVPN''' Submitted by Ed Schoolcraft <source lang="bash"> #!/bin/bash if [ "$UID" -ne 0 ]; then echo "You must be root to run this script" exit 1 ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Installing OpenVPN

Submitted by Ed Schoolcraft

#!/bin/bash

if [ "$UID" -ne 0 ]; then
    echo "You must be root to run this script"
    exit 1
fi

if [ $# != 2 ] ; then
	echo "usage: $0  raspberry.pi.ip.address  external.ip.address.or.domain"
	exit 1
fi;

MYIPADDRESS=$1
EXTERNAL_IPADDRESS=$2

apt-get update
apt-get install -y openvpn openssl
cd /etc/openvpn
mkdir easy-rsa
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* ./easy-rsa
perl -i.bak -pe 's/^export EASY_RSA="`pwd`"\b*$/export EASY_RSA="\/etc\/openvpn\/easy-rsa"/g' easy-rsa/vars

. ./easy-rsa/vars

./easy-rsa/clean-all

cd easy-rsa
ln -s openssl-1.0.0.cnf openssl.cnf
cd ..

read -p "The next steps are building the client/server files. The easy way is to hit the enter keys on all questions."

source ./easy-rsa/vars
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server
./easy-rsa/build-key client1
./easy-rsa/build-dh



echo 1 > /proc/sys/net/ipv4/ip_forward

cat > openvpn.conf <<"DELIM"
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo

DELIM

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to $MYIPADDRESS

cd ..
perl -i.bak -pe 's/^#net.ipv4.ip_forward=1\b*$/net.ipv4.ip_forward=1/g' sysctl.conf

cd ..

/etc/init.d/openvpn start

cat > /etc/openvpn/newvpn.ovpn <<DELIM2
dev tun
client
proto udp
remote $EXTERNAL_IPADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
DELIM2


#Edit the rc.local file
#Add this 2 lines just above “exit 0”
#iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source RASPBERRY.PI.IP.ADRESS
perl -i.bak -pe "s/^exit 0\b*\$/sudo iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT\nsudo iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -o eth0 -j SNAT --to $MYIPADDRESS\nexit 0/g" /etc/rc.local

#Now we need to copy the certificates from “/etc/openvpn/easy-rsa/keys” To another 
#folder. It don’t care witch foler, put it in /etc/openvpn/ for example.
mkdir -p /etc/openvpn/client1
cp -rf /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/client1/
cp -rf /etc/openvpn/easy-rsa/keys/client1.crt /etc/openvpn/client1/
cp -rf /etc/openvpn/easy-rsa/keys/client1.key /etc/openvpn/client1/
mv /etc/openvpn/newvpn.ovpn /etc/openvpn/client1/

echo "If you want use the VPN from outside your own network. Then you need to open up "
echo "port 1194 (udp) in your router/modem to forward to the raspberry pi IP address."


exit 0