寂しい心を紛らわすために昔作ったやつを供養する(後付の口上)
Serverman@VPSでCentOS6以下を想定、古いので適宜rpmの取得先などを変更する必要もあるはず。というか今動くかわからん。sudoでうごくヤバゲなbash scriptの参考にでもしてくれや…
$ sudo ./openvpninstaller.sh yourusername yourpassword
ちなみにVPNの使用範囲などについては、DTIの利用規約等に従うようにしようね。
# !/bin/bash
cat <<__EOC__
OpenVPN install script for Serversman@VPS
__EOC__
# 実行時に指定された引数の数、つまり変数 $# の値が 2 でなければエラー終了。
if [ $# -ne 2 ]; then
echo "引数がたりません"
echo "sudo ./openvpninstaller.sh [SetUsername] [SetPassword]"
exit 1
fi
# ipの取得
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`
# 取得結果を出す
cat <<__EOT__
Set Username: $1
Set Password: $2
IP Address: $ip
__EOT__
# スタートして良いか判定
echo -n "Start? [Y/n]:"
read start
case "$start" in
y | yes | Y ) echo "OK Starting." ;;
* ) exit ;;
esac
# ユーザーの作成
useradd $1
echo "Created user account [$1]"
echo $1":"$2 | chpasswd
# lzoとrpmforgeのインストールなど
yum install -y zip yum-cron gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel bridge-utils
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*
# 必要なもののインストール・アップデート
yum update -y
yum install -y dnsmasq openvpn
# OpenVPN設定
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
sed -i -e 's;KEY_CONFIG=.$EASY_RSA/whichopensslcnf $EASY_RSA.;KEY_CONFIG=/etc/openvpn/easy-rsa/2\.0/openssl-1\.0\.0\.cnf;g' /etc/openvpn/easy-rsa/2.0/vars
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
# サーバーコンフィグ
serverconf=' port 1194
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
ifconfig-pool-persist ipp.txt
server 10.8.0.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3'
echo "$serverconf" > /etc/openvpn/server.conf
# sysctl書き換え
sed -i -e 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.accept_redirects = 0' >> /etc/sysctl.conf
sysctl -p
# iptables書き換え
iptables -A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source ${ip}
iptables-save > /etc/sysconfig/iptables
sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables
# .ca .ovpnの書き出し
cd ~
vpndir=vpn-${1}
mkdir $vpndir
echo "Make directory [${vpndir}]"
cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt ${vpndir}/ca-${1}.crt
echo "Copy certification file: [${vpndir}/ca-${1}.crt]"
vpnfile=' client
dev tun
proto udp
remote '${ip}' 1194
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca-'${1}'.crt
auth-user-pass
comp-lzo
reneg-sec 0
verb 3'
echo "${vpnfile}" > ${vpndir}/vpn-${1}.ovpn
echo "Make OpenVPN config file: [${vpndir}/vpn-${1}.ovpn]"
zip -r ~/${vpndir}.zip ${vpndir}
# インストールしたサービスのON
service yum-cron start
chkconfig yum-cron on
service openvpn start
chkconfig openvpn on
service dnsmasq start
chkconfig dnsmasq on
cat <<__EOC__
Finished install OpenVPN!
__EOC__
ちなみに5年ほど彼女おらん