New Script to Auto-Create OpenVPN Server - Request for Input


#1

Hi All,

As I'm brand new to this forum, please forgive me if I've posted this in the wrong category

Due to a small edit to a script I was about to run, I've ended up creating a series of scripts to perform a full and complete install and configure of OpenVPN server on OpenWRT/LEDE. These are all run from a single "kickoff.sh" script, in which one can customise the settings to be used (name of the VPN, it's interface, subnet, a few other things).

I'm wondering if anyone would be interested in having a look at these and providing me with some input on them? Any mistakes I've made, the viability of anyone using something like this, how I could improve/go about it differently? As I'm away from home, I don't have anything to test this on except my home router, which isn't the best idea when I'm over 3000km away!


Explanation: This started when I was using the fantastic guide at https://openwrt.org/docs/guide-user/services/vpn/openvpn/server.setup#set_domain_suffix_if_required to setup my VPN while I'm currently on holidays. I ran into a couple of Windows specific issues, and then wanted to create a second VPN using the scripts and things kinda snowballed from there, oops!

What I did:

  • Created a "kickoff.sh" script:
    • One can set the following settings in:
      • Name of the VPN
      • Name of the VPN Interface
      • Subnet to use for the VPN network
      • DNS for the VPN network (can be "auto", pull from router LAN IP, or manual)
      • WAN IP Address (can detect the WAN IP and use that in the .ovpn client file, or specify a DNS)
      • Choose if you want to set the domain suffix (e.g. .lan) for the VPN to the same as that of LAN
      • Certificate specific regional info (organizationName, countryName, state or province name)
      • Certificate valid days/expiry time
      • Certificate RSA bits
  • Kickoff.sh Runs the following scripts:
    • install-packages.sh - Install the required packages for OpenSSL Server
    • create-certs.sh - Create all the certificates required for the VPN with settings from kickoff.sh
    • create-configs.sh - Adds configurations to firewall, network, etc. include automatic DNS and domain suffix choices from kickoff.sh
    • copy-certs.sh - Adds the certificates into the keep keep.d folder so they don't get overwritten at upgrade
    • finisher.sh - Enabled and starts OpenVPN service, and restarts Firewall to apply new rules

Be aware, I'm an amateur scripter when it comes to bash (I've usually been batch & powershell)


#2

Just as a heads up, OpenWRT uses sh, not bash, and there are some significant differences.


#3

Yep, my bad. I often use the terms sh and bash interchangeably knowing full well they're different things. A bit like saying LDAP when you're in a Windows environment and that referring to Active Directory. Bad practice, I know :slight_smile:


#4

Maybe you could upload it to github, it will be easier for anybody willing to help to check your code and help with it.


#5

Where can we find these scripts of yours?


#6

I've made a similar script that I use in my community build. Maybe it can be useful to you or others:


#7

may i have the link to the script please? Does it create ovpn files for each user?


#8

OpenVPN Basic guide provides almost completely scripted deployment:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic


[Solved] Setting explenation for OpenVPN Basic