https://github.com/leomoon-studios/openvpn-installer-for-linux
OpenVPN installer written in Bash
https://github.com/leomoon-studios/openvpn-installer-for-linux
centos debian dns linux openvpn-installer openvpn-server protocol security silent tls ubuntu
Last synced: 3 months ago
JSON representation
OpenVPN installer written in Bash
- Host: GitHub
- URL: https://github.com/leomoon-studios/openvpn-installer-for-linux
- Owner: leomoon-studios
- License: gpl-3.0
- Created: 2017-10-17T01:08:11.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2024-08-03T09:33:01.000Z (about 1 year ago)
- Last Synced: 2025-04-01T13:37:23.189Z (6 months ago)
- Topics: centos, debian, dns, linux, openvpn-installer, openvpn-server, protocol, security, silent, tls, ubuntu
- Language: Shell
- Homepage: https://leomoon.com/downloads/scripts/openvpn-installer-for-linux/
- Size: 44.9 KB
- Stars: 11
- Watchers: 1
- Forks: 6
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OpenVPN Installer for Linux
## Introduction
Having your own OpenVPN service is very important these days but setting one up can be very tedious!
This script will setup a secure OpenVPN server on Ubuntu, Debian, CentOS, Fedora and Arch Linux at home or on a VPS.
It is recommended to use the default encryption settings and only change port, protocol, DNS resolver and domain settings.
## Features
* Installs and configures a secure OpenVPN server on
* Automatic setup of firewall rules using iptables
* Has many customization options
* Ability to define a FQDN with OpenVPN
* Includes silent and CLI install
* Includes silent and CLI management (“sudo lmovpn”):
* Add a new client
* List active clients
* Revoke existing client
* Debug OpenVPN using journalctl
* Restart OpenVPN service
* Uninstall OpenVPN
## Authors
* Amin Babaeipanah
## Limitations
* No IPv6 support
## Changelog
* 3.1.0 2023-08-15:
* Enabled epel for Oracle Linux
* Added retry to curl when getting WANIP
* Added --no-same-owner when extracting easy-rsa
* Added dns lookup if icanhazip fails
* Added support for CentOS 9
* Changed easyrsa from 3.0.7 to 3.1.2 with minor fixes
* Removed unnecessary removal of hardcoded ciphers on Fedora
* Fixed OpenVPN Uninstall option having wrong text
* Fixed OpenVPN Uninstall option only supporting Ubuntu
* 3.05 2021-09-04:
* Added compatibility with AlmaLinux 8
* Added compatibility with Rocky Linux 8
* Added compatibility with Oracle Linux 8
* Fixed compatibility with RHEL and EPEL
* Minor improvements
* 3.04 2021-01-13:
* Increased sysctl priority
* Fixed adguard IPs
* Fixed key-direction from tls-crypt
* 3.03:
* Fixed OpenVPN service path
* Minor fix for OpenVPN Uninstall function
* 3.02:
* Fixed self-delete
* 3.01:
* Minor improvements
* Minor bugfixes
* 3.00:
* Complete rewrite
* Added CLI support with setup customization
* Added silent install with setup customization
* 2.00:
* Added multi distro support
* Minor improvements
* 1.58:
* Added auth-nocache to stop password caching of OpenVPN
* Changed deprecated ns-cert-type to --remote-cert-tls
* Removed unnecessary echo command
* 1.57:
* Minor bugfix
* 1.56:
* Firewall fix
* 1.55:
* KEY_NAME will have the same name as client
* KEY_CN will have the same name as client
* Added gateway detection. if not found, google dns will be used
* Automated key generation for both server and user
* Added OpenVPN restart after revoking a license
* Fixed “’link-mtu’ is used inconsistently” warning message
* 1.54:
* Changed RSA to 2048
* Added tls-auth and SHA256
* Fixed lmvpnd not revoking lics
* Fixed netCard variable
* Updated Windows client URL
## Usage
Download it using ```curl``` and make it executable:
```
curl -Ls https://raw.githubusercontent.com/leomoon-studios/openvpn-installer/master/src/openvpn-installer -O ~/openvpn-installer
chmod +x ~/openvpn-installer
```
OR download it using ```wget``` and make it executable:
```
wget https://raw.githubusercontent.com/leomoon-studios/openvpn-installer/master/src/openvpn-installer -O ~/openvpn-installer
chmod +x ~/openvpn-installer
```
Run it and follow the onscreen instructions:
```
cd ~/ && sudo ./openvpn-installer
```
After installation is done, use “sudo lmovpn” to add new clients and manage your OpenVPN server.
## Silent Install
You can also run this script silently with default options. The silent option will use the best encryption settings.
```
SILENT=y sudo -E ./openvpn-installer
```
Silent install will use the options below:
* Port 1194
* UDP protocol
* Google DNS resolver
* no compression
* AES-256-GCM cipher for data channel
* ECDSA certificate with prime256v1 curve
* TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 cipher for control channel
* ECDH for Diffie-Hellman key with prime256v1 curve
* SHA-256 for digest algorithm
* tls-crypt for additional security
Here are some examples if you want to install silently with custom options:
```
#change PORT to 2432 and PROTOCOL to tcp
SILENT=y PORT=2432 PROTOCOL=tcp sudo -E ./openvpn-installer
#change PORT to 23423, PROTOCOL to tcp and DNS_TYPE to Cloudflare
SILENT=y PORT=23423 DNS_TYPE=2 sudo -E ./openvpn-installer
#change DATACIPHER_TYPE to AES-256-CBC and CERT_TYPE to RSA
#since RSA_TYPE and CONTROLCIPHER_TYPE are not defined,
#default 2048 bits will be used for RSA_TYPE
#and TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 will be used for CONTROLCIPHER_TYPE
SILENT=y DATACIPHER_TYPE=4 CERT_TYPE=2 sudo -E ./openvpn-installer
```
## Silent Install Switches
* SILENT=[y|n]
* PORT=[1-65535]
* PROTOCOL=[tcp|udp]
* udp (default)
* tcp
* DNS_TYPE=[1-11]
* 1 = Google (global) (default)
* 2 = Cloudflare (global)
* 3 = AdGuard DNS (global)
* 4 = OpenDNS (global)
* 5 = Quad9 (global)
* 6 = Quad9 uncensored (global)
* 7 = NextDNS (global)
* 8 = FDN (France)
* 9 = DNS.WATCH (Germany)
* 10 = Yandex Basic (Russia)
* 11 = Current system resolvers in /etc/resolv.conf
* COMPRESSION=[y|n]
* n = No Compression (default)
* y = With Compression (not recommended)
* COMPRESSION_TYPE=[1-3]
* 1 = lz4-v2 (default)
* 2 = lz4
* 3 = lzo
* DATACIPHER_TYPE=[1-6]
* 1 = AES-256-GCM (default)
* 2 = AES-192-GCM
* 3 = AES-128-GCM
* 4 = AES-256-CBC
* 5 = AES-192-CBC
* 6 = AES-128-CBC
* CERT_TYPE=[1-2]
* 1 = ECDSA (default)
* CURVE_TYPE=[1-3]
* 1 = prime256v1 (default)
* 2 = secp384r1
* 3 = secp521r1
* CONTROLCIPHER_TYPE=[1-2]
* 1 = TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 (default)
* 2 = TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
* 2 = RSA
* RSA_TYPE=[1-3]
* 1 = 2048 bits (default)
* 2 = 3072 bits
* 3 = 4096 bits
* CONTROLCIPHER_TYPE=[1-2]
* 1 = TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 (default)
* 2 = TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
* DH_TYPE=[1-2]
* 1 = ECDH
* DHCURVE_TYPE = [1-3]
* 1 = prime256v1 (default)
* 2 = secp384r1
* 3 = secp521r1
* 2 = DH
* DHSIZE_TYPE = [1-3]
* 1 = 2048 bits (default)
* 2 = 3072 bits
* 3 = 4096 bits
* HMAC_TYPE[1-3]
* 1 = SHA-256 (default)
* 2 = SHA-384
* 3 = SHA-512
* TLS_TYPE[1-2]
* 1 = tls-crypt (default)
* 2 = tls-auth
* DOMAIN=[FQDN-STRING]
## Silent Management
You can also perform management options silently while using lmovpn. Here are some examples:
```
#add a new client
MENU=1 CLIENT=amin PASS=n sudo -E lmovpn
#add multiple clients
USERS=(desktop laptop mobile)
for i in ${USERS[@]};do
MENU=1 CLIENT=$i PASS=n sudo -E lmovpn
done
#restart OpenVPN server
MENU=5 sudo -E lmovpn
```
## Compatibility
* Alma Linux 8
* Amazon Linux 2
* Arch Linux
* CentOS 7
* CentOS >= 8
* Devian >= 10
* Fedora >= 35
* Oracle Linux 8
* Rocky Linux 8
* Ubuntu >= 18.04