chromatic/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2026-01-11 19:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
hwdsl2
2022-10-09 16:16:34 -05:00
parent ff1ea0208f
commit dab8eaebcf
1 changed files with 30 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
openvpn-install.sh
View File

@@ -8,24 +8,12 @@
# Copyright (c) 2022 Lin Song <linsongui@gmail.com> # Copyright (c) 2022 Lin Song <linsongui@gmail.com>
# Copyright (c) 2013-2022 Nyr # Copyright (c) 2013-2022 Nyr
# #
# Released under the MIT License. # Released under the MIT License, see the accompanying file LICENSE.txt
# # or https://opensource.org/licenses/MIT
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in exiterr() { echo "Error: $1" >&2; exit 1; }
# the Software without restriction, including without limitation the rights to exiterr2() { exiterr "'apt-get install' failed."; }
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of exiterr3() { exiterr "'yum install' failed."; }
# the Software, and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
check_ip() { check_ip() {
IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' IP_REGEX='^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
@@ -149,16 +137,20 @@ EOF
ovpnsetup() { ovpnsetup() {
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
if [ "$(id -u)" != 0 ]; then
exiterr "This installer must be run as root. Try 'sudo bash $0'"
fi
# Detect Debian users running the script with "sh" instead of bash # Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then if readlink /proc/$$/exe | grep -q "dash"; then
echo 'This installer needs to be run with "bash", not "sh".' exiterr 'This installer needs to be run with "bash", not "sh".'
exit 1
fi fi
# Detect OpenVZ 6 # Detect OpenVZ 6
if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then
echo "The system is running an old kernel, which is incompatible with this installer." exiterr "The system is running an old kernel, which is incompatible with this installer."
exit 1
fi fi
# Detect OS # Detect OS
@@ -184,44 +176,28 @@ elif [[ -e /etc/fedora-release ]]; then
os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1) os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
group_name="nobody" group_name="nobody"
else else
echo "This installer seems to be running on an unsupported distribution. exiterr "This installer seems to be running on an unsupported distribution.
Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora and Amazon Linux 2." Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora and Amazon Linux 2."
exit 1
fi fi
if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then
echo "Ubuntu 18.04 or higher is required to use this installer. exiterr "Ubuntu 18.04 or higher is required to use this installer.
This version of Ubuntu is too old and unsupported." This version of Ubuntu is too old and unsupported."
exit 1
fi fi
if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then
echo "Debian 9 or higher is required to use this installer. exiterr "Debian 9 or higher is required to use this installer.
This version of Debian is too old and unsupported." This version of Debian is too old and unsupported."
exit 1
fi fi
if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then
echo "CentOS 7 or higher is required to use this installer. exiterr "CentOS 7 or higher is required to use this installer.
This version of CentOS is too old and unsupported." This version of CentOS is too old and unsupported."
exit 1
fi
# Detect environments where $PATH does not include the sbin directories
if ! grep -q sbin <<< "$PATH"; then
echo '$PATH does not include sbin. Try using "su -" instead of "su".'
exit 1
fi
if [ "$(id -u)" != 0 ]; then
echo "This installer must be run as root. Try 'sudo bash $0'"
exit 1
fi fi
if [[ ! -e /dev/net/tun ]] || ! ( exec 7<>/dev/net/tun ) 2>/dev/null; then if [[ ! -e /dev/net/tun ]] || ! ( exec 7<>/dev/net/tun ) 2>/dev/null; then
echo "The system does not have the TUN device available. exiterr "The system does not have the TUN device available.
TUN needs to be enabled before running this installer." TUN needs to be enabled before running this installer."
exit 1
fi fi
auto=0 auto=0
@@ -229,8 +205,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
if [ "$os" = "centos" ]; then if [ "$os" = "centos" ]; then
if grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf \ if grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf \
|| systemctl is-active --quiet nftables 2>/dev/null; then || systemctl is-active --quiet nftables 2>/dev/null; then
echo "This system has nftables enabled, which is not supported by this installer." exiterr "This system has nftables enabled, which is not supported by this installer."
exit 1
fi fi
fi fi
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
@@ -258,7 +233,7 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
set -x set -x
apt-get -yqq update || apt-get -yqq update apt-get -yqq update || apt-get -yqq update
apt-get -yqq install wget >/dev/null apt-get -yqq install wget >/dev/null
) || exit 1 ) || exiterr2
fi fi
if ! hash ip 2>/dev/null; then if ! hash ip 2>/dev/null; then
if [ "$auto" = 0 ]; then if [ "$auto" = 0 ]; then
@@ -271,12 +246,12 @@ if [[ ! -e /etc/openvpn/server/server.conf ]]; then
set -x set -x
apt-get -yqq update || apt-get -yqq update apt-get -yqq update || apt-get -yqq update
apt-get -yqq install iproute2 >/dev/null apt-get -yqq install iproute2 >/dev/null
) || exit 1 ) || exiterr2
else else
( (
set -x set -x
yum -y -q install iproute >/dev/null yum -y -q install iproute >/dev/null
) || exit 1 ) || exiterr3
fi fi
fi fi
if [ "$auto" = 0 ]; then if [ "$auto" = 0 ]; then
@@ -491,7 +466,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
set -x set -x
apt-get -yqq update || apt-get -yqq update apt-get -yqq update || apt-get -yqq update
apt-get -yqq install openvpn openssl ca-certificates $firewall >/dev/null apt-get -yqq install openvpn openssl ca-certificates $firewall >/dev/null
) || exit 1 ) || exiterr2
elif [[ "$os" = "centos" ]]; then elif [[ "$os" = "centos" ]]; then
if grep -qs "Amazon Linux release 2" /etc/system-release; then if grep -qs "Amazon Linux release 2" /etc/system-release; then
( (
@@ -502,18 +477,18 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
( (
set -x set -x
yum -y -q install epel-release >/dev/null yum -y -q install epel-release >/dev/null
) || exit 1 ) || exiterr3
fi fi
( (
set -x set -x
yum -y -q install openvpn openssl ca-certificates tar $firewall >/dev/null 2>&1 yum -y -q install openvpn openssl ca-certificates tar $firewall >/dev/null 2>&1
) || exit 1 ) || exiterr3
else else
# Else, OS must be Fedora # Else, OS must be Fedora
( (
set -x set -x
dnf install -y openvpn openssl ca-certificates tar $firewall >/dev/null dnf install -y openvpn openssl ca-certificates tar $firewall >/dev/null
) || exit 1 ) || exiterr "'dnf install' failed."
fi fi
# If firewalld was just installed, enable it # If firewalld was just installed, enable it
if [[ "$firewall" == "firewalld" ]]; then if [[ "$firewall" == "firewalld" ]]; then
@@ -527,8 +502,7 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
mkdir -p /etc/openvpn/server/easy-rsa/ mkdir -p /etc/openvpn/server/easy-rsa/
{ wget -t 3 -T 30 -qO- "$easy_rsa_url" 2>/dev/null || curl -m 30 -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1 { wget -t 3 -T 30 -qO- "$easy_rsa_url" 2>/dev/null || curl -m 30 -sL "$easy_rsa_url" ; } | tar xz -C /etc/openvpn/server/easy-rsa/ --strip-components 1
if [ ! -f /etc/openvpn/server/easy-rsa/easyrsa ]; then if [ ! -f /etc/openvpn/server/easy-rsa/easyrsa ]; then
echo "Error: Failed to download EasyRSA from $easy_rsa_url." exiterr "Failed to download EasyRSA from $easy_rsa_url."
exit 1
fi fi
chown -R root:root /etc/openvpn/server/easy-rsa/ chown -R root:root /etc/openvpn/server/easy-rsa/
cd /etc/openvpn/server/easy-rsa/ || exit 1 cd /etc/openvpn/server/easy-rsa/ || exit 1
@@ -701,13 +675,13 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service
( (
set -x set -x
yum -y -q install policycoreutils-python >/dev/null yum -y -q install policycoreutils-python >/dev/null
) || exit 1 ) || exiterr3
else else
# CentOS 8 or Fedora # CentOS 8 or Fedora
( (
set -x set -x
dnf install -y policycoreutils-python-utils >/dev/null dnf install -y policycoreutils-python-utils >/dev/null
) || exit 1 ) || exiterr "'dnf install' failed."
fi fi
fi fi
semanage port -a -t openvpn_port_t -p "$protocol" "$port" semanage port -a -t openvpn_port_t -p "$protocol" "$port"