Patch/openvpn-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 7d6e9bf1e1 into cc81838501

Browse Source
This commit is contained in:
Birkhoff 2018-08-18 23:20:47 +00:00 committed by GitHub
commit de75746165
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 457 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
Documentation/client-ovpn.md Normal file
View File

@ -0,0 +1,96 @@
# Client Setup: OpenVPN
## Table of Contents
- [Windows](#windows)
- [MacOS](#macos)
- [Linux](#linux)
- [Android](#android)
- [iOS](#ios)
- [Troubleshooting](#troubleshooting)
## Windows
- Configure OpenVPN
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
- Start `OpenVPN GUI` from the Start Menu
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
- Select your OVPN file
- Right click on the OpenVPN icon again, and select `Connect`
- To disconnect
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
## MacOS
- Configure OpenVPN
- Download and install [Tunnelblick](https://tunnelblick.net/)
- Locate your OVPN file in `Finder`, and double-click to open it.
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
- To disconnect
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
## Linux
- Install `openvpn` on your device.
```bash
# Debian/Ubuntu
sudo apt install -y openvpn
# CentOS/RHEL
sudo yum install -y epel-release
sudo yum install -y openvpn
# Fedora
sudo dnf install -y openvpn
```
- Connect to OpenVPN
```bash
# Run this in the directory that contains your OVPN file
# Replace 'client' with your OVPN filename
openvpn --config client.ovpn
```
- To disconnect
```bash
# Stop OpenVPN
sudo killall openvpn
```
## Android
- Download [OpenVPN for Android](https://play.google.com/store/apps/details?id=de.blinkt.openvpn) from Google Play Store
- Transfer your OVPN file to your device.
- Click on the `import` icon (between `+` and `Menu` icon), and select your OVPN file.
- Click on the check mark to confirm import.
- Click on a profile name to connect.
- If you see a `connection request` popup, select `Connect` or `OK`.
- To disconnect: Select the `VPN connection` notification in your notification center, and click `Disconnect` in the popup.
## iOS
- Download [OpenVPN Connect](https://itunes.apple.com/app/openvpn-connect/id590379981) from App Store
- Send the OVPN file as an attachment to yourself via email, and open it in your email app on the iOS device.
- If you see a popup with a list of different apps, select `OpenVPN Connect`.
- Click on the switch next to `Connection`, make sure it's at the `ON` position.
- To disconnect: click on the switch next to `Connection`, make sure it's at the `OFF` position.
## Troubleshooting
- If you're unable to connect to your server with OpenVPN...
- Check if OpenVPN is running on your server.
```bash
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.

155
Documentation/client-ssl.md Normal file
View File

@ -0,0 +1,155 @@
# Client Setup: OpenVPN over SSL
## Table of Contents
- [Windows](#windows)
- [MacOS](#macos)
- [Linux](#linux)
- [Android](#android)
- [iOS](#ios)
- [Troubleshooting](#troubleshooting)
## Windows
- Configure `stunnel`
- Download and install [stunnel](https://www.stunnel.org/downloads.html)
- Copy `stunnel.conf` and `stunnel.crt` to the `config` folder in `stunnel`'s install directory.
- On 64-bit Windows systems, `stunnel`'s install directory is `C:\Program Files (x86)\stunnel`, unless you
changed it during installation.
- On 32-bit Windows systems, `stunnel`'s install directory is `C:\Program Files\stunnel`, unless you
changed it during installation.
- Start `stunnel` by launching `stunnel GUI start ` from the Start Menu
- Locate the `stunnel` icon in the Task Bar, right click, and select `Edit Configuration`
- Copy everything in `stunnel.conf` and paste into the `stunnel` configuration file. Save and close it after editing.
- Right click on the `stunnel` icon again, and select `Reload Configuration`
- Configure OpenVPN
- Download and install [OpenVPN](https://openvpn.net/index.php/open-source/downloads.html)
- Start `OpenVPN GUI` from the Start Menu
- Locate the OpenVPN icon in the Task Bar, right click, and select `Import file...`
- Select your OVPN file
- Right click on the OpenVPN icon again, and select `Connect`
- To disconnect
- Locate the OpenVPN icon in the Task Bar, right click, and select `Disconnect`
- Locate the `stunnel` icon in the Task Bar, right click, and select `Exit`
## MacOS
- Configure `stunnel`
- Install [Homebrew](https://brew.sh/)
- Install `stunnel` via Homebrew by running this in `Terminal`:
```bash
brew install stunnel
```
- Open `stunnel.conf` with a text editor (e.g. `TextEdit`), locate this line:
`CAfile = /etc/stunnel/stunnel.crt`
Replace the entire line with:
`CAfile = /usr/local/etc/stunnel/stunnel.crt`
- Configure and start `stunnel`
```bash
# In order to run these, you need to log in to your Mac with an administrator account.
# When prompted for password, enter the password of the current user,
# Run this in the directory that contains 'stunnel.conf' and 'stunnel.crt'
sudo cp stunnel.conf stunnel.crt /usr/local/etc/stunnel/
# Start stunnel
sudo stunnel
```
- Configure OpenVPN
- Download and install [Tunnelblick](https://tunnelblick.net/)
- Locate your OVPN file in `Finder`, and double-click to open it.
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select the server you want to connect to.
- To disconnect
- Locate the `Tunnelblick` icon on the top-right corner. Click on it, and select `Disconnect All`.
- To stop `stunnel`, run this in `Terminal`: `sudo killall stunnel`
## Linux
- Install `stunnel` and `openvpn` on your device.
```bash
# Debian/Ubuntu
sudo apt install -y stunnel openvpn
# CentOS/RHEL
sudo yum install -y epel-release
sudo yum install -y stunnel openvpn
# Fedora
sudo dnf install -y stunnel openvpn
```
- Configure and start `stunnel`
```bash
# Run this in the directory that contains 'stunnel.conf' and 'stunnel.crt'
sudo cp stunnel.conf stunnel.crt /etc/stunnel/
# Start stunnel
sudo stunnel
```
- Connect to OpenVPN
```bash
# Run this in the directory that contains your OVPN file
# Replace 'client' with your OVPN filename
openvpn --config client.ovpn
```
- To disconnect
```bash
# Stop OpenVPN
sudo killall openvpn
# Stop stunnel
sudo killall stunnel
```
## Android
- OpenVPN is supported on Android, but OpenVPN over SSL support isn't very good.
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
## iOS
- OpenVPN is supported on iOS, but OpenVPN over SSL is not supported.
- If you installed OpenVPN without SSL, see [Client Setup: OpenVPN](client-ovpn.md)
## Troubleshooting
- If you're unable to connect to your server with OpenVPN...
- Please check if `stunnel` is running on your device.
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
- Run this to check on MacOS or Linux (both client and server)
```bash
# You should see stunnel in the output
ps -A | grep stunnel
```
- Also check if both `stunnel` and OpenVPN are running on your server.
```bash
# You should see stunnel in the output
ps -A | grep stunnel
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.

0
LICENSE.txt → LICENSE
View File

115
README.md
View File

@ -1,18 +1,111 @@
## openvpn-install # OpenVPN Installer
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu and CentOS.
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. ## To Developers and Users
### Installation **WARNING: Only Trust Signed Commits.**
Run the script and follow the assistant:
`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` ## Table of Contents
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. - [Description](#description)
- [Installation](#installation)
- [Client setup](#client-setup)
- [Troubleshooting](#troubleshooting)
- [FAQ](#faq)
- [Donations](#donations)
### I want to run my own VPN but don't have a server for that ## Description
You can get a little VPS from just $1/month at [VirMach](https://billing.virmach.com/aff.php?aff=4109&url=billing.virmach.com/cart.php?gid=1).
### Donations OpenVPN installer for Debian, Ubuntu and CentOS, with support for OpenVPN over SSL.
If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks! This script lets you set up your own OpenVPN server in minutes, even if you no experience OpenVPN before. It's designed to be as simple, unobtrusive, and universal as possible.
## Installation
If you run into any issues during installation, please refer to [Troubleshooting](#troubleshooting).
### Install on CentOS/Debian/Ubuntu
- **Please note: if your server is running the following OS versions, please select `AES-256-CBC` when you're asked to select a cipher mode.**
- CentOS 6 or older
- Debian 8 (Jessie) or older
- Ubuntu 16.10 or older
- Run this in a terminal on your server, and follow the on-screen instructions:
```bash
# Download the script
wget https://raw.githubusercontent.com/birkhoffcheng/openvpn-install/master/openvpn-install.sh
# Run the install script
sudo bash openvpn-install.sh
# Start stunnel (only if you're using OpenVPN over SSL)
sudo stunnel
```
- Once it finishes, your OpenVPN server is up and running! You should [set up client devices](#client-setup) next.
## Client setup
### Before continuing...
- Download the `.ovpn` file from your server.
- If you're using OpenVPN with SSL, also download `stunnel.crt` and `stunnel.conf` from your server.
- If your username is `root`, they're located at `/root`.
- Otherwise, they're located at `/home/<YOUR USERNAME>`.
### OS-specific setup processes
- [OpenVPN (without SSL)](Documentation/client-ovpn.md)
- [OpenVPN over SSL](Documentation/client-ssl.md)
## Troubleshooting
- `wget: command not found`: This means that `wget` isn't install it on your server. Just install it and try again. To install `wget`:
```bash
# Run this on Debian/Ubuntu
sudo apt -y install wget
# Run this on CentOS
sudo yum -y install wget
```
- `The TUN device is not available. You need to enable TUN before running this script`: Follow [this guide](https://help.skysilk.com/support/solutions/articles/9000136471-how-to-enable-tun-tap-on-linux-vps-with-skysilk).
- If you're unable to connect to your server with OpenVPN...
- Please check if `stunnel` is running on your device. (if you're using OpenVPN over SSL)
- On Windows, check if the `stunnel` icon is present in the Task Bar (bottom right).
- Run this to check on MacOS or Linux (both client and server)
```bash
# You should see stunnel in the output
ps -A | grep stunnel
```
- Also check if both `stunnel` (if applicable) and OpenVPN are running on your server.
```bash
# You should see stunnel in the output (if you're using OpenVPN over SSL)
ps -A | grep stunnel
# You should see openvpn in the output
ps -A | grep openvpn
```
- If you still can't connect, try removing and reinstalling OpenVPN on your server.
- Run the install script and select `Uninstall`
- Run the install script again and make sure you enter the correct information.
## FAQ
### Where to find a VPS
You can get a VPS for as little as $2.50/month (IPv6 only) or $5/month (with IPv4) at [Vultr](https://www.vultr.com/?ref=7088313) or $5/month (with IPv4) at [DigitalOcean](https://m.do.co/c/c51ec51bb352).
## Donations
If you want to show some appreciation, you can donate via [PayPal](https://paypal.me/birkhoffcheng) or Bitcoin (12R4euPg17EfJyYNfdTxjiQ2SctW1b4CRz). Thanks!

132
openvpn-install.sh
View File

@ -1,9 +1,5 @@
#!/bin/bash #!/bin/bash
# # https://github.com/birkhoffcheng/openvpn-install
# https://github.com/Nyr/openvpn-install
#
# Copyright (c) 2013 Nyr. Released under the MIT License.
# Detect Debian users running the script with "sh" instead of bash # Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then if readlink /proc/$$/exe | grep -q "dash"; then
@ -65,17 +61,21 @@ if [[ -e /etc/openvpn/server.conf ]]; then
echo " 4) Exit" echo " 4) Exit"
read -p "Select an option [1-4]: " option read -p "Select an option [1-4]: " option
case $option in case $option in
1) 1)
echo echo
echo "Tell me a name for the client certificate." echo "Tell me a name for the client certificate."
echo "Please, use one word only, no special characters." echo "Please, use one word only, no special characters."
read -p "Client name: " -e CLIENT read -p "Client name: " -e CLIENT
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
# Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
echo echo
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn" echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
if [ -f /etc/stunnel/stunnel-client.conf ]; then
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/server.crt $HOME/stunnel.crt
echo "~/stunnel.crt and ~/stunnel.conf."
fi
exit exit
;; ;;
2) 2)
@ -117,7 +117,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
fi fi
exit exit
;; ;;
3) 3)
echo echo
read -p "Do you really want to remove OpenVPN? [y/N]: " -e REMOVE read -p "Do you really want to remove OpenVPN? [y/N]: " -e REMOVE
if [[ "$REMOVE" = 'y' || "$REMOVE" = 'Y' ]]; then if [[ "$REMOVE" = 'y' || "$REMOVE" = 'Y' ]]; then
@ -149,11 +149,12 @@ if [[ -e /etc/openvpn/server.conf ]]; then
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
fi fi
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt-get remove --purge -y openvpn apt purge openvpn stunnel4 -y
apt autoremove --purge -y
else else
yum remove openvpn -y yum remove openvpn stunnel4 -y
fi fi
rm -rf /etc/openvpn rm -rf /etc/openvpn /etc/stunnel
rm -f /etc/sysctl.d/30-openvpn-forward.conf rm -f /etc/sysctl.d/30-openvpn-forward.conf
echo echo
echo "OpenVPN removed!" echo "OpenVPN removed!"
@ -168,7 +169,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
done done
else else
clear clear
echo 'Welcome to this OpenVPN "road warrior" installer!' echo 'Welcome to OpenVPN installer!'
echo echo
# OpenVPN setup and first user creation # OpenVPN setup and first user creation
echo "I need to ask you a few questions before starting the setup." echo "I need to ask you a few questions before starting the setup."
@ -189,18 +190,38 @@ else
echo "Which protocol do you want for OpenVPN connections?" echo "Which protocol do you want for OpenVPN connections?"
echo " 1) UDP (recommended)" echo " 1) UDP (recommended)"
echo " 2) TCP" echo " 2) TCP"
read -p "Protocol [1-2]: " -e -i 1 PROTOCOL echo " 3) OpenVPN over SSL"
case $PROTOCOL in read -p "Protocol [1-3]: " -e -i 1 PROTOCOLCHOICE
1) case $PROTOCOLCHOICE in
1)
PROTOCOL=udp PROTOCOL=udp
SSL=0
;; ;;
2) 2)
PROTOCOL=tcp PROTOCOL=tcp
SSL=0
;;
3)
PROTOCOL=tcp
SSL=1
;; ;;
esac esac
echo echo
echo "What port do you want OpenVPN listening to?" echo "What port do you want OpenVPN listening to?"
read -p "Port: " -e -i 1194 PORT read -p "Port: " -e -i 443 PORT
echo
echo "Which cipher mode do you want to use?"
echo " 1) AES-256-GCM (provides authenticated encryption)"
echo " 2) AES-256-CBC (compatible with versions of OpenVPN older than 2.4)"
read -p "Cipher Mode [1-2]: " -e -i 1 CIPHERCHOICE
case $CIPHERCHOICE in
1)
CIPHER=AES-256-GCM
;;
2)
CIPHER=AES-256-CBC
;;
esac
echo echo
echo "Which DNS do you want to use with the VPN?" echo "Which DNS do you want to use with the VPN?"
echo " 1) Current system resolvers" echo " 1) Current system resolvers"
@ -210,6 +231,8 @@ else
echo " 5) Verisign" echo " 5) Verisign"
read -p "DNS [1-5]: " -e -i 1 DNS read -p "DNS [1-5]: " -e -i 1 DNS
echo echo
read -p "For how long should each session key be used? (seconds) " -e -i 3600 RENEGKEY
echo
echo "Finally, tell me your name for the client certificate." echo "Finally, tell me your name for the client certificate."
echo "Please, use one word only, no special characters." echo "Please, use one word only, no special characters."
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
@ -217,12 +240,13 @@ else
echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now." echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt-get update apt update
apt-get install openvpn iptables openssl ca-certificates -y apt dist-upgrade -y
apt install curl openvpn iptables openssl ca-certificates stunnel4 -y
else else
# Else, the distro is CentOS # Else, the distro is CentOS
yum install epel-release -y yum install epel-release -y
yum install openvpn iptables openssl ca-certificates -y yum install curl openvpn iptables openssl ca-certificates stunnel -y
fi fi
# Get easy-rsa # Get easy-rsa
EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz' EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
@ -241,14 +265,39 @@ else
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
mv /etc/openvpn/easy-rsa/pki/issued/cert.01 /etc/openvpn/easy-rsa/pki/issued/server.crt
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody
chown nobody:$GROUPNAME /etc/openvpn/crl.pem chown nobody:$GROUPNAME /etc/openvpn/crl.pem
# Generate key for tls-auth # Generate key for tls-auth
openvpn --genkey --secret /etc/openvpn/ta.key openvpn --genkey --secret /etc/openvpn/ta.key
# Generate server.conf # Generate server.conf
echo "port $PORT if [[ $SSL==1 ]]; then
proto $PROTOCOL echo "local 127.0.0.1" > /etc/openvpn/server.conf
echo "port 1194" >> /etc/openvpn/server.conf
echo "sslVersion = all
;chroot = /var/lib/stunnel4/
pid = /var/run/stunnel4.pid
debug = 7
output = /var/log/stunnel4/stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[openvpn]
accept = 0.0.0.0:$PORT
connect = 127.0.0.1:1194
cert=/etc/openvpn/server.crt
key=/etc/openvpn/server.key" > /etc/stunnel/stunnel.conf
echo 'ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0
RLIMITS=""' > /etc/default/stunnel4
else
echo "port $PORT" > /etc/openvpn/server.conf
fi
echo "proto $PROTOCOL
dev tun dev tun
sndbuf 0 sndbuf 0
rcvbuf 0 rcvbuf 0
@ -260,7 +309,7 @@ auth SHA512
tls-auth ta.key 0 tls-auth ta.key 0
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
# DNS # DNS
case $DNS in case $DNS in
@ -295,7 +344,7 @@ ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
;; ;;
esac esac
echo "keepalive 10 120 echo "keepalive 10 120
cipher AES-256-CBC cipher $CIPHER
comp-lzo comp-lzo
user nobody user nobody
group $GROUPNAME group $GROUPNAME
@ -376,24 +425,47 @@ exit 0' > $RCLOCAL
dev tun dev tun
proto $PROTOCOL proto $PROTOCOL
sndbuf 0 sndbuf 0
rcvbuf 0 rcvbuf 0" > /etc/openvpn/client-common.txt
remote $IP $PORT if [[ $SSL=1 ]]; then
resolv-retry infinite echo "remote 127.0.0.1 1194" >> /etc/openvpn/client-common.txt
else
echo "remote $IP $PORT" >> /etc/openvpn/client-common.txt
fi
echo "resolv-retry infinite
nobind nobind
persist-key persist-key
persist-tun persist-tun
remote-cert-tls server remote-cert-tls server
auth SHA512 auth SHA512
cipher AES-256-CBC cipher $CIPHER
comp-lzo comp-lzo
setenv opt block-outside-dns setenv opt block-outside-dns
key-direction 1 key-direction 1
verb 3" > /etc/openvpn/client-common.txt reneg-sec $RENEGKEY
verb 3" >> /etc/openvpn/client-common.txt
if [[ $SSL=1 ]]; then
echo "client = yes
debug = 7
[openvpn]
accept = 127.0.0.1:1194
connect = $IP:$PORT
verify = 2
CAfile = /etc/stunnel/stunnel.crt
TIMEOUTclose = 1000
session=300
stack=65536
sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
cp /etc/openvpn/ca.crt $HOME/stunnel.crt
fi
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"
echo echo
echo "Finished!" echo "Finished!"
echo echo
echo "Your client configuration is available at:" ~/"$CLIENT.ovpn" echo "Your client configuration is available at: ~/$CLIENT.ovpn"
if [[ $SSL=1 ]]; then
echo "~/stunnel.crt and ~/stunnel.conf."
fi
echo "If you want to add more clients, you simply need to run this script again!" echo "If you want to add more clients, you simply need to run this script again!"
fi fi