Skip to content

Instantly share code, notes, and snippets.

@andrearug

andrearug/gist:ca6481a5e57a7ae3df0e263922234257

Forked from overplumbum/gist:4473076
Created April 19, 2018 03:13
Show Gist options
  • Save andrearug/ca6481a5e57a7ae3df0e263922234257 to your computer and use it in GitHub Desktop.
Save andrearug/ca6481a5e57a7ae3df0e263922234257 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Denis Orlikhin revised this gist Jan 10, 2013. 1 changed file with 18 additions and 37 deletions.
    55 changes: 18 additions & 37 deletions gistfile1.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -15,44 +15,33 @@ sh /etc/rc.local


    lxc-start -n vpn -d
    sleep 10
    lxc-console -n vpn # ubuntu:ubuntu
    sudo su - # ubuntu:ubuntu
    apt-get update && apt-get upgrade -y && apt-get install -y openvpn bridge-utils screen openssl

    export IP=$(ip -f inet addr show eth0 | perl -nle '/inet ([0-9.]+)/ and print $1')
    echo Your IP is: $IP

    perl -i -ple 's/^/#original# /' /etc/network/interfaces

    cat >> /etc/network/interfaces <<l3breakhbz
    auto lo br0
    export IP=####IP#####
    iptables -t nat -A PREROUTING -p tcp --dport 1194 -j DNAT --to-destination $IP:1194
    iptables -A FORWARD -m state -p tcp -d $IP --dport 1194 --state NEW,ESTABLISHED,RELATED -j ACCEPT

    iface lo inet loopback

    iface br0 inet static
    address $IP
    netmask 255.255.255.0
    gateway $(echo $IP | perl -ple 's/\d+$/1/')
    bridge_ports eth0

    iface eth0 inet manual
    up ip link set \$IFACE up promisc on
    down ip link set \$IFACE down promisc off
    bridge_fd 9 ## from the libvirt docs (forward delay time)
    bridge_hello 2 ## from the libvirt docs (hello time)
    bridge_maxage 12 ## from the libvirt docs (maximum message age)
    bridge_stp off ## from the libvirt docs (spanning tree protocol)
    l3breakhbz

    /etc/init.d/networking restart
    sleep 10
    lxc-console -n vpn # ubuntu:ubuntu
    sudo su - # ubuntu:ubuntu
    apt-get update && apt-get upgrade -y && apt-get install -y openvpn openssl iptables iptables-persistent

    echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/20-openvpn.conf
    sysctl -p /etc/sysctl.d/20-openvpn.conf

    ##### RESTART CONTAINER FROM HOST: lxc-stop -n vpn && lxc-start -d -n vpn #######

    lxc-console -n vpn
    sudo su -


    echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/20-openvpn.conf
    sysctl -p /etc/sysctl.d/20-openvpn.conf


    mkdir /etc/openvpn/easy-rsa/
    cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

    @@ -73,15 +62,15 @@ mkdir -p /usr/share/openssl-blacklist/
    touch /usr/share/openssl-blacklist/blacklist.RSA-4096


    export IP=$(ip -f inet addr show br0 | perl -nle '/inet ([0-9.]+)/ and print $1')
    export IP=$(ip -f inet addr show eth0 | perl -nle '/inet ([0-9.]+)/ and print $1')
    echo Your IP is: $IP

    iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP


    cat > /etc/openvpn/server.conf <<hello
    mode server
    tls-server
    local $IP
    port 1194
    proto tcp
    @@ -102,7 +91,7 @@ comp-lzo
    #DHCP Information
    ifconfig-pool-persist ipp.txt
    server-bridge 10.80.0.0 255.255.0.0 10.80.0.10 10.80.255.250
    server 10.81.0.1 255.255.0.0
    #push "dhcp-option DNS your.dns.ip.here"
    #push "dhcp-option DOMAIN yourdomain.com"
    #max-clients 1000
    @@ -119,14 +108,6 @@ hello
    grep ovpn-server /var/log/syslog | tail -n 100


    #### BACK ON HOST ####

    export IP=####IP#####
    iptables -t nat -A PREROUTING -p tcp --dport 1194 -j DNAT --to-destination $IP:1194
    iptables -A FORWARD -m state -p tcp -d $IP --dport 1194 --state NEW,ESTABLISHED,RELATED -j ACCEPT



    #### NEW CLIENT ####

    export NAME=###CLIENT_LOGIN###
  2. Denis Orlikhin created this gist Jan 7, 2013.
    136 changes: 136 additions & 0 deletions gistfile1.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,136 @@
    #!/bin/bash
    set -ve
    lxc-create -n vpn -t ubuntu

    # ln -s /var/lib/lxc/vpn/config /etc/lxc/auto/vpn.conf
    perl -i -ple 's/#lxc.aa_profile = unconfined/lxc.aa_profile = unconfined/' /etc/lxc/auto/vpn.conf

    perl -i -ple 's/^exit 0/# exit 0/' /etc/rc.local
    cat >>/etc/rc.local <<hello
    mkdir -p /var/lib/lxc/vpn/rootfs/dev/net/
    mknod -m 666 /var/lib/lxc/vpn/rootfs/dev/net/tun c 10 200
    hello

    sh /etc/rc.local


    lxc-start -n vpn -d
    sleep 10
    lxc-console -n vpn # ubuntu:ubuntu
    sudo su - # ubuntu:ubuntu
    apt-get update && apt-get upgrade -y && apt-get install -y openvpn bridge-utils screen openssl

    export IP=$(ip -f inet addr show eth0 | perl -nle '/inet ([0-9.]+)/ and print $1')
    echo Your IP is: $IP

    perl -i -ple 's/^/#original# /' /etc/network/interfaces

    cat >> /etc/network/interfaces <<l3breakhbz
    auto lo br0
    iface lo inet loopback
    iface br0 inet static
    address $IP
    netmask 255.255.255.0
    gateway $(echo $IP | perl -ple 's/\d+$/1/')
    bridge_ports eth0
    iface eth0 inet manual
    up ip link set \$IFACE up promisc on
    down ip link set \$IFACE down promisc off
    bridge_fd 9 ## from the libvirt docs (forward delay time)
    bridge_hello 2 ## from the libvirt docs (hello time)
    bridge_maxage 12 ## from the libvirt docs (maximum message age)
    bridge_stp off ## from the libvirt docs (spanning tree protocol)
    l3breakhbz

    /etc/init.d/networking restart


    ##### RESTART CONTAINER FROM HOST: lxc-stop -n vpn && lxc-start -d -n vpn #######

    lxc-console -n vpn
    sudo su -

    mkdir /etc/openvpn/easy-rsa/
    cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

    cd /etc/openvpn/easy-rsa/
    chown -R root:root .
    chmod g+w .
    source ./vars
    ./clean-all
    ./build-dh
    ln -s openssl-1.0.0.cnf openssl.cnf
    ./pkitool --initca
    ./pkitool --server server
    cd keys
    openvpn --genkey --secret ta.key
    cp server.crt server.key ca.crt dh1024.pem ta.key ../../

    mkdir -p /usr/share/openssl-blacklist/
    touch /usr/share/openssl-blacklist/blacklist.RSA-4096


    export IP=$(ip -f inet addr show br0 | perl -nle '/inet ([0-9.]+)/ and print $1')
    echo Your IP is: $IP


    cat > /etc/openvpn/server.conf <<hello
    mode server
    tls-server
    local $IP
    port 1194
    proto tcp
    dev tap
    persist-key
    persist-tun
    #certificates and encryption
    ca ca.crt
    cert server.crt
    key server.key # This file should be kept secret
    dh dh1024.pem
    tls-auth ta.key 0 # This file is secret
    cipher BF-CBC # Blowfish (default)
    comp-lzo
    #DHCP Information
    ifconfig-pool-persist ipp.txt
    server-bridge 10.80.0.0 255.255.0.0 10.80.0.10 10.80.255.250
    #push "dhcp-option DNS your.dns.ip.here"
    #push "dhcp-option DOMAIN yourdomain.com"
    #max-clients 1000
    user nobody
    group nogroup
    keepalive 10 120
    status openvpn-status.log
    verb 3
    hello

    /etc/init.d/openvpn restart

    grep ovpn-server /var/log/syslog | tail -n 100


    #### BACK ON HOST ####

    export IP=####IP#####
    iptables -t nat -A PREROUTING -p tcp --dport 1194 -j DNAT --to-destination $IP:1194
    iptables -A FORWARD -m state -p tcp -d $IP --dport 1194 --state NEW,ESTABLISHED,RELATED -j ACCEPT



    #### NEW CLIENT ####

    export NAME=###CLIENT_LOGIN###

    cd /etc/openvpn/easy-rsa/
    source ./vars
    ./pkitool $NAME