Serverman@VPSでOpenVPNを作ってくれるbash

  • 4
    いいね
  • 0
    コメント

寂しい心を紛らわすために昔作ったやつを供養する(後付の口上)

Serverman@VPSでCentOS6以下を想定、古いので適宜rpmの取得先などを変更する必要もあるはず。というか今動くかわからん。sudoでうごくヤバゲなbash scriptの参考にでもしてくれや…

$ sudo ./openvpninstaller.sh yourusername yourpassword

ちなみにVPNの使用範囲などについては、DTIの利用規約等に従うようにしようね。

#!/bin/bash

cat <<__EOC__
OpenVPN install script for Serversman@VPS

__EOC__

# 実行時に指定された引数の数、つまり変数 $# の値が 2 でなければエラー終了。
if [ $# -ne 2 ]; then
  echo "引数がたりません"
  echo "sudo ./openvpninstaller.sh [SetUsername] [SetPassword]" 
  exit 1
fi

#ipの取得
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`

#取得結果を出す
cat <<__EOT__
    Set Username: $1
    Set Password: $2
    IP Address: $ip
__EOT__

#スタートして良いか判定
echo -n "Start? [Y/n]:"
read start
case "$start" in
    y | yes | Y   ) echo "OK Starting." ;;
    *             ) exit ;;
esac

#ユーザーの作成
useradd $1
echo "Created user account [$1]"
echo $1":"$2 | chpasswd

#lzoとrpmforgeのインストールなど
yum install -y zip yum-cron gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel bridge-utils
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*

#必要なもののインストール・アップデート
yum update -y
yum install -y dnsmasq openvpn

#OpenVPN設定
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
sed -i -e 's;KEY_CONFIG=.$EASY_RSA/whichopensslcnf $EASY_RSA.;KEY_CONFIG=/etc/openvpn/easy-rsa/2\.0/openssl-1\.0\.0\.cnf;g' /etc/openvpn/easy-rsa/2.0/vars
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
./build-ca
./build-key-server server
./build-dh

#サーバーコンフィグ
serverconf='    port 1194
    proto udp
    dev tun
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    reneg-sec 0
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
    plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
    client-cert-not-required
    username-as-common-name
    ifconfig-pool-persist ipp.txt
    server 10.8.0.0 255.255.255.0
    push "route 10.8.0.0 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    keepalive 5 30
    client-to-client
    duplicate-cn
    comp-lzo
    persist-key
    persist-tun
    status 1194.log
    verb 3'
echo "$serverconf" > /etc/openvpn/server.conf

#sysctl書き換え
sed -i -e 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.accept_redirects = 0' >> /etc/sysctl.conf
sysctl -p

#iptables書き換え
iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source ${ip}
iptables-save > /etc/sysconfig/iptables
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables

#.ca .ovpnの書き出し
cd ~
vpndir=vpn-${1}
mkdir $vpndir
echo "Make directory [${vpndir}]"
cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt ${vpndir}/ca-${1}.crt
echo "Copy certification file: [${vpndir}/ca-${1}.crt]"
vpnfile='   client
    dev tun
    proto udp
    remote '${ip}' 1194
    resolv-retry infinite
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ca ca-'${1}'.crt
    auth-user-pass
    comp-lzo
    reneg-sec 0
    verb 3'
echo "${vpnfile}" > ${vpndir}/vpn-${1}.ovpn
echo "Make OpenVPN config file: [${vpndir}/vpn-${1}.ovpn]"
zip -r ~/${vpndir}.zip ${vpndir}

#インストールしたサービスのON
service yum-cron start
chkconfig yum-cron on
service openvpn start
chkconfig openvpn on
service dnsmasq start
chkconfig dnsmasq on

cat <<__EOC__
Finished install OpenVPN!

__EOC__

ちなみに5年ほど彼女おらん