irwanmohi
/
ndiey


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
							#!/bin/bash
clear
if [[ "$EUID" -ne 0 ]]; then
    echo -e "\033[1;31mScript need to be run as root!\033[0m"; exit 1
fi

apt-get -qq update
apt-get -y -qq install easy-rsa
apt-get -y -qq install openvpn
systemctl disable openvpn
systemctl stop openvpn

alamat_ip=$(wget -qO- ipv4.icanhazip.com)
alamat_hos=$(cat /etc/environment | grep 'DOMAIN' | cut -d '=' -f 2 | head -n 1)

cd /usr/share/easy-rsa
./easyrsa --batch init-pki &>/dev/null
./easyrsa --batch build-ca nopass &>/dev/null
./easyrsa --batch gen-dh &>/dev/null
./easyrsa --batch build-server-full server nopass &>/dev/null
cp -R /usr/share/easy-rsa/pki /etc/openvpn/ && cd

[[ -d /etc/openvpn/server ]] && rm -d /etc/openvpn/server
echo "# OVPN SERVER-TCP CONFIG
# ----------------------------
port 1194
proto tcp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

verify-client-cert none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 8.8.4.4\"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 10
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" > /etc/openvpn/server-tcp.conf

echo "# OVPN CLIENT-TCP CONFIG
# ----------------------------
client
dev tun
proto tcp
remote $alamat_ip 1194
remote $alamat_hos 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 3
auth-user-pass

http-proxy-retry
http-proxy $alamat_ip 3128
;http-proxy-option CUSTOM-HEADER Protocol HTTP/1.1
;http-proxy-option CUSTOM-HEADER Host HOSTNAME" > /etc/openvpn/client/client-tcp.ovpn

echo "" >> /etc/openvpn/client/client-tcp.ovpn
echo "<ca>" >> /etc/openvpn/client/client-tcp.ovpn
cat /etc/openvpn/pki/ca.crt >> /etc/openvpn/client/client-tcp.ovpn
echo "</ca>" >> /etc/openvpn/client/client-tcp.ovpn

echo "# OVPN SERVER-UDP CONFIG
# ----------------------------
port 994
proto udp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

verify-client-cert none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 8.8.4.4\"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 10
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" > /etc/openvpn/server-udp.conf

echo "# OVPN CLIENT-UDP CONFIG
# ----------------------------
client
dev tun
proto udp
remote $alamat_ip 994
remote $alamat_hos 994
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 3
auth-user-pass" > /etc/openvpn/client/client-udp.ovpn

echo "" >> /etc/openvpn/client/client-udp.ovpn
echo "<ca>" >> /etc/openvpn/client/client-udp.ovpn
cat /etc/openvpn/pki/ca.crt >> /etc/openvpn/client/client-udp.ovpn
echo "</ca>" >> /etc/openvpn/client/client-udp.ovpn

echo "# OVPN SERVER-TLS CONFIG
# ----------------------------
port 587
proto tcp
dev tun

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/pki/dh.pem

verify-client-cert none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
route $alamat_ip 255.255.255.255 net_gateway
push \"redirect-gateway def1 bypass-dhcp\"
push \"dhcp-option DNS 8.8.8.8\"
push \"dhcp-option DNS 8.8.4.4\"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 10
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
username-as-common-name" > /etc/openvpn/server-tls.conf

echo "# OVPN CLIENT-TLS CONFIG
# ----------------------------
client
dev tun
proto tcp
remote $alamat_ip 587
remote $alamat_hos 587
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
route $alamat_ip 255.255.255.255 net_gateway
cipher AES-256-CBC
auth SHA256
verb 3
auth-user-pass" > /etc/openvpn/client/client-tls.ovpn

echo "" >> /etc/openvpn/client/client-tls.ovpn
echo "<ca>" >> /etc/openvpn/client/client-tls.ovpn
cat /etc/openvpn/pki/ca.crt >> /etc/openvpn/client/client-tls.ovpn
echo "</ca>" >> /etc/openvpn/client/client-tls.ovpn

systemctl enable openvpn@server-tcp
systemctl start openvpn@server-tcp
systemctl enable openvpn@server-udp
systemctl start openvpn@server-udp
systemctl enable openvpn@server-tls
systemctl start openvpn@server-tls

echo
echo -e "\033[1;32mTahniah, Kami telah selesai dengan pemasangan openvpn.\033[0m"
echo
echo 'Use my referral link https://m.do.co/c/a28a40414d6a'
echo 'to gets $100 credit into your DigitalOcean account.'
echo
echo 'Hak Cipta 2021 Doctype, Dikuasakan oleh Cybertize.'
sleep 5