OpenVPN Rapid Installer: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 1: | Line 1: | ||
<span style="font-size:180%">''Install and configure OpenVPN including certificates in less than one minute''</span> | <span style="font-size:180%">''Install and configure OpenVPN including certificates in less than one minute''</span> | ||
*Express installation and configuration of [https://community.openvpn.net OpenVPN], this has been tested on any recent '''Debian, Ubuntu | *Express installation and configuration of [https://community.openvpn.net OpenVPN], this has been tested on any recent '''Debian, Ubuntu or Raspian''' releases. | ||
*Enjoy the wide range of supported [https://community.openvpn.net OpenVPN] Clients, with this Script you may quickly establish a VPN connection, compatible with '''Windows, Linux, Mac OS, Android and iOS'''<br> | *Enjoy the wide range of supported [https://community.openvpn.net OpenVPN] Clients, with this Script you may quickly establish a VPN connection, compatible with '''Windows, Linux, Mac OS, Android and iOS'''<br> | ||
*Install and configure [https://community.openvpn.net OpenVPN] together with a [https://en.wikipedia.org/wiki/Certificate_authority Certification Authority] and X509 Client Certificates with one single command, <br> | *Install and configure [https://community.openvpn.net OpenVPN] together with a [https://en.wikipedia.org/wiki/Certificate_authority Certification Authority] and X509 Client Certificates with one single command, <br> | ||
Line 15: | Line 15: | ||
=<span style="font-size:120%">''Installation Samples''</span>= | =<span style="font-size:120%">''Installation Samples''</span>= | ||
==Basic with no options== | ==Basic installation with no options== | ||
Install and configure OpenVPN with Easy-RSA | Install and configure OpenVPN with Easy-RSA | ||
*Default udp port 1194 | *Default udp port 1194 | ||
Line 64: | Line 64: | ||
-r Optional Flag, Re-Install application | -r Optional Flag, Re-Install application | ||
-u Optional Flag, enforce additional user authentication through local PAM | -u Optional Flag, enforce additional user authentication through local PAM | ||
=<span style="font-size:120%">''Tools''</span>= | |||
==ovpncert== | |||
Use ovpncert to create, revoke and printing OpenVPN profiles | |||
Samples: | |||
ovpncert.pl -cn mycert -c -> Create the OpenVPN certificate using the client name mycert | |||
ovpncert.pl -cn mycert -c -d 30 -> Same as above but valid for 30 days | |||
ovpncert.pl -cn mycert -p -> Print the OpenVPN certificate to STDOUT using the client name mycert | |||
ovpncert.pl -cn mycert -r -> Revoke the OpenVPN certificate using the client name mycert | |||
ovpncert.pl -l -> List certificates including the current online status | |||
Arguments: | |||
-sc OpenVPN configuration name without the .conf extension. Default set to server0 | |||
-cn Client configuration name without the .conf extension. Default set to client1 | |||
-c Create a OpenVPN client certificate | |||
-d Valid for n days | |||
-h Display help | |||
-l List certificates | |||
-p Print the OpenVPN client Certificate | |||
-r Revoke a OpenVPN client certificate | |||
-v Be verbose | |||
==ovpnreport== | |||
Use ovpnreprot to see the connection history. Ovpnreport is using a sqlite database which gets the data by the tool ovpntrack.<br> | |||
Sample: | |||
ovpnreport.pl Print all data, max 5000 records, can be overwritten by the limit arg | |||
ovpnreport.pl -c Print current connections | |||
ovpnreport.pl -ip 1.2.3.4 -limit 10 Search for 1.2.3.4 and limit to max 10 records | |||
ovpnreport.pl -cname demo -time 5 Search for the cname demo and show connection by min. 5 minutes | |||
ovpnreport.pl -d 90 -v Delete data older than 90 days, vacuum database after | |||
Arguments: | |||
-c Print current connections | |||
-cname Print data which includes the given cname | |||
-csv Print all data and format as CSV | |||
-d Delete data older then x days | |||
-h Print this help | |||
-ip Print data which includes the given ip address | |||
-limit Print data and limit the output by the given number | |||
-name Print data which includes the given name | |||
-time Print data which has a minimum connection time (minutes) | |||
-v Vacuum database, valid with arg -d | |||
==ovpnreport== | |||
Ovpntrack can only be used by openvpn itself, ovpntrack is used to track vpn connection data. Use ovpnreport to view the data.<br> | |||
It is required to setup the OpenVPN server configuration to activate the tracking.<br> | |||
Sample: | |||
script-security 2 | |||
client-connect "/etc/openvpn/scripts/ovpntrack.pl -d" | |||
client-disconnect "/etc/openvpn/scripts/ovpntrack.pl -d" |
Revision as of 17:39, 4 April 2022
Install and configure OpenVPN including certificates in less than one minute
- Express installation and configuration of OpenVPN, this has been tested on any recent Debian, Ubuntu or Raspian releases.
- Enjoy the wide range of supported OpenVPN Clients, with this Script you may quickly establish a VPN connection, compatible with Windows, Linux, Mac OS, Android and iOS
- Install and configure OpenVPN together with a Certification Authority and X509 Client Certificates with one single command,
- Optional journaling
Additional Tools
- ovpncert
- Create new ovpn profiles and certificates on the fly
- Revoke ovpn certificates on the fly
- ovpnreport
- Search the journal for login activity, users or ip-addresses
- List current connections
Installation Samples
Basic installation with no options
Install and configure OpenVPN with Easy-RSA
- Default udp port 1194
- Default network 10.8.0.0/24
- Automatically installation (-a)
#Copy&Paste wget -q https://coolscript.org/download/scripts/openvpn/openvpn-install.sh -O \ /tmp/openvpn-install.sh && bash \ /tmp/openvpn-install.sh -a
Custom Network Installation
Install and configure OpenVPN with Easy-RSA
- Use tcp port 1194 (-o and -p)
- Use your custom network 192.168.200.0/24 (-n and -m)
- Automatically installation (-a)
- Reinstallation if a previous setup exists (-r)
#Copy&Paste wget -q https://coolscript.org/download/scripts/openvpn/openvpn-install.sh -O \ /tmp/openvpn-install.sh && bash \ /tmp/openvpn-install.sh -a -r \ -o 1194 \ -p tcp \ -n 192.168.200.0 \ -m 24
Recommended Setup - Support local users and journaling
Install and configure OpenVPN with Easy-RSA
- Default udp port 1194
- Default network 10.8.0.0/24
- Automatically installation (-a)
- Reinstallation if a previous setup exists (-r)
- Enable additional authentication using local user (-u)
- Enable journaling (-j)
#Copy&Paste wget -q https://coolscript.org/download/scripts/openvpn/openvpn-install.sh -O \ /tmp/openvpn-install.sh && bash \ /tmp/openvpn-install.sh -a -r -u -j
Available Arguments
openvpn-install.sh -h -a Mandatory Flag, Automatic installation, otherwise do nothing than STDOUT -h Optional Flag, help and exit -j Optional Flag, Enable jthe journaling -m Optional String, Network mask set in decimal format, default is $defCIDR bit -n Optional String, Network Address, default is $defNET -o Optional String, port, default is $defPort -p Optional String, protocol (tcp or udp), default is $defProto -r Optional Flag, Re-Install application -u Optional Flag, enforce additional user authentication through local PAM
Tools
ovpncert
Use ovpncert to create, revoke and printing OpenVPN profiles Samples:
ovpncert.pl -cn mycert -c -> Create the OpenVPN certificate using the client name mycert ovpncert.pl -cn mycert -c -d 30 -> Same as above but valid for 30 days ovpncert.pl -cn mycert -p -> Print the OpenVPN certificate to STDOUT using the client name mycert ovpncert.pl -cn mycert -r -> Revoke the OpenVPN certificate using the client name mycert ovpncert.pl -l -> List certificates including the current online status
Arguments:
-sc OpenVPN configuration name without the .conf extension. Default set to server0 -cn Client configuration name without the .conf extension. Default set to client1 -c Create a OpenVPN client certificate -d Valid for n days -h Display help -l List certificates -p Print the OpenVPN client Certificate -r Revoke a OpenVPN client certificate -v Be verbose
ovpnreport
Use ovpnreprot to see the connection history. Ovpnreport is using a sqlite database which gets the data by the tool ovpntrack.
Sample:
ovpnreport.pl Print all data, max 5000 records, can be overwritten by the limit arg ovpnreport.pl -c Print current connections ovpnreport.pl -ip 1.2.3.4 -limit 10 Search for 1.2.3.4 and limit to max 10 records ovpnreport.pl -cname demo -time 5 Search for the cname demo and show connection by min. 5 minutes ovpnreport.pl -d 90 -v Delete data older than 90 days, vacuum database after
Arguments:
-c Print current connections -cname Print data which includes the given cname -csv Print all data and format as CSV -d Delete data older then x days -h Print this help -ip Print data which includes the given ip address -limit Print data and limit the output by the given number -name Print data which includes the given name -time Print data which has a minimum connection time (minutes) -v Vacuum database, valid with arg -d
ovpnreport
Ovpntrack can only be used by openvpn itself, ovpntrack is used to track vpn connection data. Use ovpnreport to view the data.
It is required to setup the OpenVPN server configuration to activate the tracking.
Sample:
script-security 2 client-connect "/etc/openvpn/scripts/ovpntrack.pl -d" client-disconnect "/etc/openvpn/scripts/ovpntrack.pl -d"