更新OpenVpnCentos7脚本,不带注释
Centos7和Centos8本质无太大区别,就一个vars文件路径问题
Centos7复制命令为
cp /usr/share/doc/easy-rsa-3.0.8/vars.example //
Centos8复制命令为
cp /usr/share/doc/easy-rsa/vars.example
#!/bin/bash
# **********************************************************
# * Author : liujinxin
# * Email : liuJinXin0726@outlook.com
# * Create time : 2021-05-10 22:12
# * Filename : openvpnCentos7.sh
# * Description :
# **********************************************************
PATH=/app/cmatrix/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
. /etc/init.d/functions
function_openvpn.ready(){
echo "需要安装openvpn和easy包,请稍等"
yum install -y openvpn easy-rsa >& /dev/null && action "安装完成"
mkdir /var/log/openvpn
chown openvpn.openvpn /var/log/openvpn
echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p >> /dev/null
echo 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE' >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
/etc/rc.d/rc.local
}
function_openvpn.server(){
cp /usr/share/doc/openvpn/sample/sample-config-files/server.conf /etc/openvpn/
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-server
cp /usr/share/doc/easy-rsa-3.0.8/vars.example /etc/openvpn/easy-rsa-server/3/vars
cd /etc/openvpn/easy-rsa-server/3/
./easyrsa >& /dev/null
cd /etc/openvpn/easy-rsa-server/3/
./easyrsa init-pki >& /dev/null
cd /etc/openvpn/easy-rsa-server/3
./easyrsa build-ca nopass <<END
END
cd /etc/openvpn/easy-rsa-server/3
./easyrsa gen-req server nopass <<END
END
cd /etc/openvpn/easy-rsa-server/3
./easyrsa sign server server <<END
yes
END
./easyrsa gen-dh
mkdir /etc/openvpn/certs
cp -i /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/certs/
cp -i /etc/openvpn/easy-rsa-server/3/pki/issued/server.crt /etc/openvpn/certs/
cp -i /etc/openvpn/easy-rsa-server/3/pki/private/server.key /etc/openvpn/certs/
cp -i /etc/openvpn/easy-rsa-server/3/pki/dh.pem /etc/openvpn/certs/
cat > /etc/openvpn/server.conf <<END
port 1194
proto tcp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key
dh /etc/openvpn/certs/dh.pem
server 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 2048
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
END
cat > /lib/systemd/system/openvpn@.service <<END
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf
[Install]
WantedBy=multi-user.target
END
}
function_openvpn.client(){
read -p "请您输入公网地址(范例:100.100.100.100)" IP
read -p "请输入第一次批量创建的用户名" NAME
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-client
cp /usr/share/doc/easy-rsa-3.0.8/vars.example /etc/openvpn//easy-rsaclient/3/vars
cd /etc/openvpn//easy-rsa-client/3/
./easyrsa init-pki
cd /etc/openvpn/easy-rsa-client/3
./easyrsa gen-req $NAME nopass <<END
END
cd /etc/openvpn/easy-rsa-server/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/$NAME.req $NAME
cd /etc/openvpn/easy-rsa-server/3
./easyrsa sign client $NAME <<END
yes
END
mkdir /etc/openvpn/client/$NAME/
cp /etc/openvpn/easy-rsa-client/3/pki/private/$NAME.key /etc/openvpn/client/$NAME/
cp /etc/openvpn/easy-rsa-server/3/pki/issued/$NAME.crt /etc/openvpn/client/$NAME/
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/client/$NAME/
cp /etc/openvpn/certs/ca.crt /etc/openvpn/client/$NAME/
[[ $IP =~ (([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) ]] &&
cat > /etc/openvpn/client/$NAME/client.ovpn << END
client
dev tun
proto tcp
remote $IP 1194
resolv-retry infinite
nobind
#persist-key
#persist-tun
ca ca.crt
cert $NAME.crt
key $NAME.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3
compress lz4-v2
END
cd /etc/openvpn/client/$NAME/
tar cf &NAME.tar ./
echo "用户文件已打包完成/etc/openvpn/client/$NAME/下"
}
function_openvpn.remove(){
read -p "请您输入公网地址(范例:100.100.100.100)" NEWIP
read -p "请输入第一次批量创建的用户名" remove
rm -rf /etc/openvpn/client/$remove
find /etc/openvpn/ -name "$remove.*" -delete
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-client
cp /usr/share/doc/easy-rsa/vars.example /etc/openvpn//easy-rsaclient/3/vars
cd /etc/openvpn//easy-rsa-client/3/
./easyrsa init-pki
cd /etc/openvpn/easy-rsa-client/3
./easyrsa gen-req $remove nopass <<END
END
cd /etc/openvpn/easy-rsa-server/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/remove.req $remove
cd /etc/openvpn/easy-rsa-server/3
./easyrsa sign client remove <<END
yes
END
mkdir /etc/openvpn/client/$remove/
cp /etc/openvpn/easy-rsa-client/3/pki/private/$remove.key /etc/openvpn/client/$remove/
cp /etc/openvpn/easy-rsa-server/3/pki/issued/$remove.crt /etc/openvpn/client/$remove/
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/client/$remove/
cp /etc/openvpn/certs/ca.crt /etc/openvpn/client/$remove/
[[ $NEWIP =~ (([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) ]] &&
cat > /etc/openvpn/client/$remove/client.ovpn << END
client
dev tun
proto tcp
remote $NEWIP 1194
resolv-retry infinite
nobind
#persist-key
#persist-tun
ca ca.crt
cert $NAME.crt
key $NAME.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3
compress lz4-v2
END
}
PS3="请输入需要配置openvpn的菜单(1-5):"
select NEMU in 初始化安装 配置新用户证书 吊销指定用户证书 重新颁发用户证书 重启服务 退出 ;do
case $REPLY in
1)
function_openvpn.ready
function_openvpn.server
function_openvpn.client
action "Openvpn已经安装完成"
;;
2)
function_openvpn.client
;;
3)
cd /etc/openvpn/easy-rsa-server/3
read -p "请输入吊销人员的用户名" DEL
./easyrsa revoke DEL
;;
4)
function_openvpn.remove
;;
5)
systemctl daemon-reload
systemctl enable --now openvpn@server >& /dev/null
;;
6)
exit 1
;;
*)
echo "Please enter the correct parameters (0-6) "
esac
done