New Script to Auto-Create OpenVPN Server - Request for Input

Hi All,

As I'm brand new to this forum, please forgive me if I've posted this in the wrong category

Due to a small edit to a script I was about to run, I've ended up creating a series of scripts to perform a full and complete install and configure of OpenVPN server on OpenWRT/LEDE. These are all run from a single "kickoff.sh" script, in which one can customise the settings to be used (name of the VPN, it's interface, subnet, a few other things).

I'm wondering if anyone would be interested in having a look at these and providing me with some input on them? Any mistakes I've made, the viability of anyone using something like this, how I could improve/go about it differently? As I'm away from home, I don't have anything to test this on except my home router, which isn't the best idea when I'm over 3000km away!


Explanation: This started when I was using the fantastic guide at https://openwrt.org/docs/guide-user/services/vpn/openvpn/server.setup#set_domain_suffix_if_required to setup my VPN while I'm currently on holidays. I ran into a couple of Windows specific issues, and then wanted to create a second VPN using the scripts and things kinda snowballed from there, oops!

What I did:

  • Created a "kickoff.sh" script:
    • One can set the following settings in:
      • Name of the VPN
      • Name of the VPN Interface
      • Subnet to use for the VPN network
      • DNS for the VPN network (can be "auto", pull from router LAN IP, or manual)
      • WAN IP Address (can detect the WAN IP and use that in the .ovpn client file, or specify a DNS)
      • Choose if you want to set the domain suffix (e.g. .lan) for the VPN to the same as that of LAN
      • Certificate specific regional info (organizationName, countryName, state or province name)
      • Certificate valid days/expiry time
      • Certificate RSA bits
  • Kickoff.sh Runs the following scripts:
    • install-packages.sh - Install the required packages for OpenSSL Server
    • create-certs.sh - Create all the certificates required for the VPN with settings from kickoff.sh
    • create-configs.sh - Adds configurations to firewall, network, etc. include automatic DNS and domain suffix choices from kickoff.sh
    • copy-certs.sh - Adds the certificates into the keep keep.d folder so they don't get overwritten at upgrade
    • finisher.sh - Enabled and starts OpenVPN service, and restarts Firewall to apply new rules

Be aware, I'm an amateur scripter when it comes to bash (I've usually been batch & powershell)

Just as a heads up, OpenWRT uses sh, not bash, and there are some significant differences.

1 Like

Yep, my bad. I often use the terms sh and bash interchangeably knowing full well they're different things. A bit like saying LDAP when you're in a Windows environment and that referring to Active Directory. Bad practice, I know :slight_smile:

Maybe you could upload it to github, it will be easier for anybody willing to help to check your code and help with it.

1 Like

Where can we find these scripts of yours?

I've made a similar script that I use in my community build. Maybe it can be useful to you or others:

1 Like

may i have the link to the script please? Does it create ovpn files for each user?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.