Skip to content

openvpn setup automatically #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 12, 2016
Merged

openvpn setup automatically #4

merged 1 commit into from
Dec 12, 2016

Conversation

nixawk
Copy link
Owner

@nixawk nixawk commented Dec 12, 2016 

root@sh:/tmp/openvpn# bash setup.sh
[*] Step 1 - Install OpenVPN....
[*] Step 2 - Configure OpenVPN...
[*] Step 3 - Enable Packet Forwarding...
[*] Step 4 - Install and Configure ufw...
[*] Step 5 - Configure and Build the Certificate Authority...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......................+...................+.............................................................................................................................................................................................................................................+.+...............................................+.+....................................................+............................................................................................................................+......................+..............................+...............+............................................................+.........+..................................................................+.....................................................................................................................................................................................................................................................................................................................................................................................+.....................................................................................................+...................................................................................................+....................................+..............................................................................................+.............+........................................................+.............................................................................................+...................................+.........................................................................+...............+...................+.+..........+..................................................+......................................................+.....................................................+..+................................................................................................................................................................................................................+...............................................................................+......................................................................................................................................................................................................................................................................................................................................................+...................................................+........................+..........................................................................................+......+...................................+........................+..............................................................................................................................................................................................................+.....................................................+...................................+........................................+....+..................................................+.................................+..................................................................................................................+................................................................+.......................................................................................................+............................................................................................................+..........................................+...................................................................................................................+.........................................+.........................................................................+............................+..........................................................................................+..................+........................................+.............................................................................+.......................................................................+.......................................................................+...................................................+.......+............................................................................................................................+......................................................+.................................................................................................+...................+.......+............................................................................................................................................+....+..............................................................................................................................................+..........+..............................................+...............+..........................................................................................................................................................................................+.........................................+..........................................................................................................................................................................+...................................................................................................................................................+..............+........................................................................................................+...................................................+..........................................................................................................................................................................................................................+..............................................................................................+............................................................................+............................................................................+...............................................................................................................+......................................................................+.......................................................................................................................+.................................+....+.........................+....................................................................................................................................................................................................................+.........................................................................................................................+...............................................................................................................................................................................................+...................................................................+...................................................................................+...........+...............................+.......................................................................................................................................................................................................+....................................................+...................................................................................................................................................................................................................+....................................................+.....................................................................................................................................................................................................................+........................................................................................................................+.................................................+................................+.................................+.............................................+................................................................................+....................................................................+.........................................................+.................................................................................................................................................................+.......................................+...............................................................................................................................................................................................+..........................+...................................................................+................................+.................................................................+.+...................................+...+...............................................................................................................+..............................................................+.....................+..............................................................................................................................................................+..+..................................+.......................................................................+......................................................+.................................+...........................................+...............................+...........................................................................+.........................................................................+.............................................................................................................+.....................+.....................................................................................................+...........+........................+........................+...................................................................................+............................+.......................................................................................................................................+................+........................................................................................................+........................................................+...............+........................................................................................+............................................................................................+..................................................................................................................................................................................................................................................................................................................................+.........................................................++*++*
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating a 2048 bit RSA private key
.................................+++
........................................................................................................................................................................................................................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:
Name [server]:
Email Address [[email protected]]:
[*] Step 6 - Generate a Certificate and Key for the Server...
Generating a 2048 bit RSA private key
......................................................+++
......................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server's hostname) [server]:
Name [server]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'server'
name                  :PRINTABLE:'server'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Dec 10 05:03:44 2026 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
[*] Step 7 - Move the Server Certificates and Keys...
[*] Step 8 - Generate Certificates and Keys for Clients...
Options error: --dh fails with 'dh2048.pem': No such file or directory
Options error: --ca fails with 'ca.crt': No such file or directory
Options error: --cert fails with 'server.crt': No such file or directory
Options error: --key fails with 'server.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Generating a 2048 bit RSA private key
.....................................................+++
.......................+++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:


# the server.
Common Name (eg, your name or your server's hostname) [client1]:
Name [server]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


cd /etc/openvpn/easy-rsa
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'client1'
name                  :PRINTABLE:'server'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Dec 10 05:03:51 2026 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
sed: -e expression #1, char 35: unknown option to `s'
[*] Step 9 - Creating a Unified OpenVPN Profile for Client Devices...
[*] Step 10 - How to connect openvpn ?
Liinx  : openvpn --config /etc/openvpn/easy-rsa/keys/client.ovpn
Mac OSX: Tunnelblick
root@sh:/tmp/openvpn# vim /etc/openvpn/easy-rsa/keys/client.ovpn
root@sh:/tmp/openvpn# read -p "Pleaes set a ip:" OPENVPN_SERVER
Pleaes set a ip:1.1.1.1
root@sh:/tmp/openvpn# echo $OPENVPN_SERVER
1.1.1.1
root@sh:/tmp/openvpn# ip route get 8.8.8.8 | awk 'NR==1 {print $NF}'
10.0.247.254
root@sh:/tmp/openvpn# rm setup.sh
root@sh:/tmp/openvpn# vim setup.sh
root@sh:/tmp/openvpn# rm -rf /etc/openvpn/easy-rsa/keys/
root@sh:/tmp/openvpn#
root@sh:/tmp/openvpn# bash setup.sh
[*] Step 1 - Install OpenVPN....
[*] Step 2 - Configure OpenVPN...
[*] Step 3 - Enable Packet Forwarding...
[*] Step 4 - Install and Configure ufw...
[*] Step 5 - Configure and Build the Certificate Authority...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
............................................................................+............................................................................................................+..................................................................................................+......................+....................................................+...............................................................+.............................................................................................................................................................+........................+.......................+..............................................+......+.......................................+............................................................................................................................................................................................................................................................................................................................+.............................................................................................+.....+..............................................+...............................................................+................................................................+...........................................................................................................................................+...................+................................................+.....................................................+....+..................................................................+............................................................................+................................................+.....................................................................................................................................................................................................................+....................................+.............................................................................................................................+..............................................................................................................+............+...........................................................................................................................................................................................................................................................................................................................................................................................................................................................+.................................................+.............................................+..............................................+...........................................+..................................+..............+....................................................+...........................................................................+...............................................................................................................................+..............................................................................................................................................+......................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................+......................................................................................................................................................................................................................................................................+.................................................................................+................................................................+..........................................................................................+...............................................................................+.....................................................................+.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................+........................................................................+......................................................................................................................................................................+.................................................+...................................................................................................................+................................................+...................................................................+.................................................................................+.........................................................................................+............+.......................................................................................................................+..........+........................................................................................+......................................................+......................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.................................................................................................+................................................+.......................................................................................+.................................................................................................................................+........+......+...........................................................................................................................................................................................................................................................+......................+...............................................+............+.............................................................................................................................................+..............................................................................................................................................................................................................................................+.....................................................................................................................................+...................................................................................+....................................+......................+.................................................................................................................+..+.............................+.....................................................................................................................................+....+...................+............+.......................................................++*++*
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating a 2048 bit RSA private key
.........................................+++
................................................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:
Name [server]:
Email Address [[email protected]]:
[*] Step 6 - Generate a Certificate and Key for the Server...
Generating a 2048 bit RSA private key
..............+++
.....................................................................................................................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server's hostname) [server]:
Name [server]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'server'
name                  :PRINTABLE:'server'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Dec 10 05:25:25 2026 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
[*] Step 7 - Move the Server Certificates and Keys...
● [email protected] - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-12-12 00:26:00 EST; 8ms ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 3665 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited, status=0/SUCCESS)
 Main PID: 3666 (openvpn)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/system-openvpn.slice/[email protected]
           └─3666 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Dec 12 00:26:00 sh systemd[1]: Starting OpenVPN connection to server...
Dec 12 00:26:00 sh ovpn-server[3665]: OpenVPN 2.3.11 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on May 23 2016
Dec 12 00:26:00 sh ovpn-server[3665]: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Dec 12 00:26:00 sh systemd[1]: [email protected]: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or directory
Dec 12 00:26:00 sh systemd[1]: Started OpenVPN connection to server.
Dec 12 00:26:00 sh ovpn-server[3666]: Diffie-Hellman initialized with 2048 bit key
Dec 12 00:26:00 sh ovpn-server[3666]: OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
Dec 12 00:26:00 sh ovpn-server[3666]: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Dec 12 00:26:00 sh ovpn-server[3666]: Cannot load certificate file server.crt
Dec 12 00:26:00 sh ovpn-server[3666]: Exiting due to fatal error
[*] Step 8 - Generate Certificates and Keys for Clients...
Generating a 2048 bit RSA private key
........+++
........................................................................................+++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) [IT]:
Common Name (eg, your name or your server's hostname) [client1]:
Name [server]:
Email Address [[email protected]]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :PRINTABLE:'CA'
localityName          :PRINTABLE:'SanFrancisco'
organizationName      :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'IT'
commonName            :PRINTABLE:'client1'
name                  :PRINTABLE:'server'
emailAddress          :IA5STRING:'[email protected]'
Certificate is to be certified until Dec 10 05:29:46 2026 GMT (3650 days)
Sign the certificate? [y/n]:
CERTIFICATE WILL NOT BE CERTIFIED
sed: -e expression #1, char 35: unknown option to `s'
[*] Step 9 - Creating a Unified OpenVPN Profile for Client Devices...
[*] Step 10 - How to connect openvpn ?
  - Liinx   : openvpn --config /etc/openvpn/easy-rsa/keys/client.ovpn
  - Mac OSX : Tunnelblick

@nixawk
Copy link
Owner Author

nixawk commented Dec 12, 2016

If you meet the errors:

Dec 12 00:26:00 sh systemd[1]: Starting OpenVPN connection to server...
Dec 12 00:26:00 sh ovpn-server[3665]: OpenVPN 2.3.11 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on May 23 2016
Dec 12 00:26:00 sh ovpn-server[3665]: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Dec 12 00:26:00 sh systemd[1]: [email protected]: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or directory
Dec 12 00:26:00 sh systemd[1]: Started OpenVPN connection to server.
Dec 12 00:26:00 sh ovpn-server[3666]: Diffie-Hellman initialized with 2048 bit key
Dec 12 00:26:00 sh ovpn-server[3666]: OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
Dec 12 00:26:00 sh ovpn-server[3666]: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Dec 12 00:26:00 sh ovpn-server[3666]: Cannot load certificate file server.crt
Dec 12 00:26:00 sh ovpn-server[3666]: Exiting due to fatal error
[*] Step 8 - Generate Certificates and Keys for Clients...

Please check your /etc/openvpn/easy-rsa/keys/server.crt. It may be invalid.

@nixawk nixawk merged commit 70ab04c into master Dec 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nixawk