Hi All,
As I'm brand new to this forum, please forgive me if I've posted this in the wrong category
Due to a small edit to a script I was about to run, I've ended up creating a series of scripts to perform a full and complete install and configure of OpenVPN server on OpenWRT/LEDE. These are all run from a single "kickoff.sh" script, in which one can customise the settings to be used (name of the VPN, it's interface, subnet, a few other things).
I'm wondering if anyone would be interested in having a look at these and providing me with some input on them? Any mistakes I've made, the viability of anyone using something like this, how I could improve/go about it differently? As I'm away from home, I don't have anything to test this on except my home router, which isn't the best idea when I'm over 3000km away!
Explanation: This started when I was using the fantastic guide at https://openwrt.org/docs/guide-user/services/vpn/openvpn/server.setup#set_domain_suffix_if_required to setup my VPN while I'm currently on holidays. I ran into a couple of Windows specific issues, and then wanted to create a second VPN using the scripts and things kinda snowballed from there, oops!
What I did:
- Created a "kickoff.sh" script:
-
- One can set the following settings in:
-
-
- Name of the VPN
-
-
-
- Name of the VPN Interface
-
-
-
- Subnet to use for the VPN network
-
-
-
- DNS for the VPN network (can be "auto", pull from router LAN IP, or manual)
-
-
-
- WAN IP Address (can detect the WAN IP and use that in the .ovpn client file, or specify a DNS)
-
-
-
- Choose if you want to set the domain suffix (e.g. .lan) for the VPN to the same as that of LAN
-
-
-
- Certificate specific regional info (organizationName, countryName, state or province name)
-
-
-
- Certificate valid days/expiry time
-
-
-
- Certificate RSA bits
-
- Kickoff.sh Runs the following scripts:
-
- install-packages.sh - Install the required packages for OpenSSL Server
-
- create-certs.sh - Create all the certificates required for the VPN with settings from kickoff.sh
-
- create-configs.sh - Adds configurations to firewall, network, etc. include automatic DNS and domain suffix choices from kickoff.sh
-
- create-ovpn.sh - This creates two .ovpn client files - one for Windows and one for non-Windows clients. The reason for the Windows specific .ovpn is because of the known DNS leaking issue in Windows: https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html
-
- copy-certs.sh - Adds the certificates into the keep keep.d folder so they don't get overwritten at upgrade
-
- finisher.sh - Enabled and starts OpenVPN service, and restarts Firewall to apply new rules
Be aware, I'm an amateur scripter when it comes to bash (I've usually been batch & powershell)