Patch/openvpn-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added support for Alpine Linux

Browse Source
This commit is contained in:
Doug Walker 2018-12-10 16:17:17 +00:00
parent c90989a0e2
commit 1b634a0818
1 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
openvpn-install.sh
View File

@ -30,8 +30,14 @@ elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
OS=centos OS=centos
GROUPNAME=nobody GROUPNAME=nobody
RCLOCAL='/etc/rc.d/rc.local' RCLOCAL='/etc/rc.d/rc.local'
elif [[ -e /etc/alpine-release ]]; then
OS=alpine
GROUPNAME=nogroup
RCLOCAL='/etc/rc.local'
echo "You are using Alpine! Congrats!"
else else
echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS" echo "Looks like you aren't running this installer on Debian, Ubuntu, CentOS, or Alpine 86 Dec 9 14:42 yarn.lock
root@sidekick:/var/lib/lxd/conta"
exit exit
fi fi
@ -148,7 +154,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
fi fi
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'alpine' ]]; then
apk del --purge openvpn
elif [[ "$OS" = 'debian' ]]; then
apt-get remove --purge -y openvpn apt-get remove --purge -y openvpn
else else
yum remove openvpn -y yum remove openvpn -y
@ -179,7 +187,7 @@ else
# Autodetect IP address and pre-fill for the user # Autodetect IP address and pre-fill for the user
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
read -p "IP address: " -e -i $IP IP read -p "IP address: " -e -i $IP IP
# If $IP is a private IP address, the server must be behind NAT # If $IP is a private IP address, the server must be behind NAT
if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
echo echo
echo "This server is behind NAT. What is the public IPv4 address or hostname?" echo "This server is behind NAT. What is the public IPv4 address or hostname?"
@ -197,6 +205,10 @@ else
2) 2)
PROTOCOL=tcp PROTOCOL=tcp
;; ;;
*)
echo "Unknown Protocol, exiting"
exit
;;
esac esac
echo echo
echo "What port do you want OpenVPN listening to?" echo "What port do you want OpenVPN listening to?"
@ -216,7 +228,10 @@ else
echo echo
echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now." echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'alpine' ]]; then
apk update
apk add openvpn iptables openssl ca-certificates
elif [[ "$OS" = 'debian' ]]; then
apt-get update apt-get update
apt-get install openvpn iptables openssl ca-certificates -y apt-get install openvpn iptables openssl ca-certificates -y
else else
@ -260,12 +275,12 @@ proto $PROTOCOL
dev tun dev tun
sndbuf 0 sndbuf 0
rcvbuf 0 rcvbuf 0
ca ca.crt ca /etc/openvpn/ca.crt
cert server.crt cert /etc/openvpn/server.crt
key server.key key /etc/openvpn/server.key
dh dh.pem dh /etc/openvpn/dh.pem
auth SHA512 auth SHA512
tls-auth ta.key 0 tls-auth /etc/openvpn/ta.key 0
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
@ -310,7 +325,7 @@ persist-key
persist-tun persist-tun
status openvpn-status.log status openvpn-status.log
verb 3 verb 3
crl-verify crl.pem" >> /etc/openvpn/server.conf crl-verify /etc/openvpn/crl.pem" >> /etc/openvpn/server.conf
# Enable net.ipv4.ip_forward for the system # Enable net.ipv4.ip_forward for the system
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf
# Enable without waiting for a reboot or service restart # Enable without waiting for a reboot or service restart
@ -329,7 +344,7 @@ crl-verify crl.pem" >> /etc/openvpn/server.conf
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
else else
# Needed to use rc.local with some systemd distros # Needed to use rc.local with some systemd distros
if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then if [[ ( "$OS" = 'debian' || "$OS" = 'alpine' ) && ! -e $RCLOCAL ]]; then
echo '#!/bin/sh -e echo '#!/bin/sh -e
exit 0' > $RCLOCAL exit 0' > $RCLOCAL
fi fi
@ -358,7 +373,11 @@ exit 0' > $RCLOCAL
semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT
fi fi
# And finally, restart OpenVPN # And finally, restart OpenVPN
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'alpine' ]]; then
ln -s /etc/openvpn/server.conf /etc/openvpn/openvpn.conf
service openvpn restart
rc-update add openvpn
elif [[ "$OS" = 'debian' ]]; then
# Little hack to check for systemd # Little hack to check for systemd
if pgrep systemd-journal; then if pgrep systemd-journal; then
systemctl restart openvpn@server.service systemctl restart openvpn@server.service
@ -374,7 +393,8 @@ exit 0' > $RCLOCAL
chkconfig openvpn on chkconfig openvpn on
fi fi
fi fi
# If the server is behind a NAT, use the correct IP address
# If the server is behind a NAT, use the correct IP address
if [[ "$PUBLICIP" != "" ]]; then if [[ "$PUBLICIP" != "" ]]; then
IP=$PUBLICIP IP=$PUBLICIP
fi fi