openvpn-bash-setup-script/initial.sh at master · actuallymentor/openvpn-bash-setup-script · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Vars for Ubuntu
SYSCTL=/etc/sysctl.conf
# Update
apt-get update
apt-get install openvpn easy-rsa -y

# Get Internet network interface with default route
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')


# Network configuration
# Enable net.ipv4.ip_forward for the system
sed -i '/\<net.ipv4.ip_forward\>/c\net.ipv4.ip_forward=1' $SYSCTL
if ! grep -q "\<net.ipv4.ip_forward\>" $SYSCTL; then
	echo 'net.ipv4.ip_forward=1' >> $SYSCTL
fi
# Avoid an unneeded reboot
echo 1 > /proc/sys/net/ipv4/ip_forward
# UFW based forwarding
VPNRULES="
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to NIC $NIC interface
-A POSTROUTING -s 10.8.0.0/8 -o ${NIC} -j MASQUERADE
COMMIT
# END OPENVPN RULES
"
echo "$VPNRULES" | cat - /etc/ufw/before.rules > temp && mv temp /etc/ufw/before.rules
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw


ufw allow OpenSSH
ufw allow ssh
ufw disable
yes | ufw enable