vpn.sh 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. #!/bin/bash
  2. #
  3. # Mod by t.me/PrinceNewbie
  4. # COPYRIGHT.2022
  5. # ==================================================
  6. # initialisasi var
  7. export DEBIAN_FRONTEND=noninteractive
  8. OS=`uname -m`;
  9. MYIP=$(wget -qO- icanhazip.com);
  10. MYIP2="s/xxxxxxxxx/$MYIP/g";
  11. ANU=$(ip -o $ANU -4 route show to default | awk '{print $5}');
  12. MySentev="$(cat /etc/v2ray/domain)";
  13. # Install OpenVPN dan Easy-RSA
  14. apt-get install -y openvpn dnsutils easy-rsa unzip
  15. apt install -y openvpn dnsutils easy-rsa unzip
  16. apt-get install -y openssl iptables iptables-persistent
  17. apt install -y openssl iptables iptables-persistent
  18. #mkdir -p /etc/openvpn/easy-rsa
  19. cd /etc/openvpn
  20. wget https://raw.githubusercontent.com/syapik96/aws/main/install/vpn.zip
  21. unzip /etc/openvpn/vpn.zip
  22. rm -f /etc/openvpn/vpn.zip
  23. chown -R root:root /etc/openvpn/server
  24. # server config
  25. cp /etc/openvpn/server/ca.crt /etc/openvpn/ca.crt
  26. cp /etc/openvpn/server/easy-rsa/server/dh2048.pem /etc/openvpn/dh2048.pem
  27. cp /etc/openvpn/server/server.crt /etc/openvpn/server.crt
  28. cp /etc/openvpn/server/server.key /etc/openvpn/server.key
  29. chmod +x /etc/openvpn/ca.crt
  30. # move server config setup n tcp-udp conf
  31. #mv /etc/openvpn/server/server-tcp-1194.conf /etc/openvpn/
  32. #mv /etc/openvpn/server/server-udp-2200.conf /etc/openvpn/
  33. #mv /etc/openvpn/server/server/ipp.txt /etc/openvpn/
  34. #mv /etc/openvpn/server/server/openvpn-status.log /etc/openvpn/
  35. cd
  36. mkdir -p /usr/lib/openvpn/
  37. cp /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /usr/lib/openvpn/openvpn-plugin-auth-pam.so
  38. # nano /etc/default/openvpn
  39. sed -i 's/#AUTOSTART="all"/AUTOSTART="all"/g' /etc/default/openvpn
  40. # aktifkan ip4 forwarding
  41. echo 1 > /proc/sys/net/ipv4/ip_forward
  42. sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
  43. # Remove default Create New
  44. cd
  45. rm /etc/openvpn/*.conf
  46. # Buat config server TCP 1194
  47. cd /etc/openvpn
  48. cat > /etc/openvpn/server-tcp-1194.conf <<-EOF
  49. port 1194
  50. proto tcp
  51. dev tun
  52. ca ca.crt
  53. cert server.crt
  54. key server.key
  55. dh dh2048.pem
  56. plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
  57. verify-client-cert none
  58. username-as-common-name
  59. server 10.6.0.0 255.255.255.0
  60. ifconfig-pool-persist ipp.txt
  61. push "redirect-gateway def1 bypass-dhcp"
  62. push "dhcp-option DNS 1.1.1.1"
  63. push "dhcp-option DNS 1.0.0.1"
  64. keepalive 5 30
  65. comp-lzo
  66. persist-key
  67. persist-tun
  68. status /var/log/openvpn/server-tcp-1194.log
  69. verb 3
  70. EOF
  71. # Buat config server UDP 2200
  72. cat > /etc/openvpn/server-udp-2200.conf <<-EOF3
  73. port 2200
  74. proto udp
  75. dev tun
  76. ca ca.crt
  77. cert server.crt
  78. key server.key
  79. dh dh2048.pem
  80. plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
  81. verify-client-cert none
  82. username-as-common-name
  83. server 10.7.0.0 255.255.255.0
  84. ifconfig-pool-persist ipp.txt
  85. push "redirect-gateway def1 bypass-dhcp"
  86. push "dhcp-option DNS 1.1.1.1"
  87. push "dhcp-option DNS 1.0.0.1"
  88. keepalive 5 30
  89. comp-lzo
  90. persist-key
  91. persist-tun
  92. status /var/log/openvpn/server-udp-2200.log
  93. verb 3
  94. EOF3
  95. # restart openvpn dan cek status openvpn
  96. systemctl enable --now openvpn-server@server-tcp-1194
  97. systemctl enable --now openvpn-server@server-udp-2200
  98. /etc/init.d/openvpn restart
  99. /etc/init.d/openvpn status
  100. # Buat config client TCP 1194
  101. cat > /etc/openvpn/client-tcp-1194.ovpn <<-END
  102. # OVPN CLIENT-TCP CONFIG
  103. # ----------------------------
  104. setenv FRIENDLY_NAME $MySentev
  105. setenv CLIENT_CERT 0
  106. client
  107. dev tun
  108. proto tcp
  109. remote xxxxxxxxx 1194
  110. # back-quary or back inject method
  111. # remote "IP:PORT@bughost.yourdomain.com/
  112. resolv-retry infinite
  113. route-method exe
  114. nobind
  115. persist-key
  116. persist-tun
  117. auth-user-pass
  118. comp-lzo
  119. verb 3
  120. ## [1] ##
  121. # http-proxy-option CUSTOM-HEADER Protocol HTTP/1.1
  122. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  123. ## [2] ##
  124. # "http-proxy-option CUSTOM-HEADER HTTP/1.1" or "http-proxy-option VERSION 1.1"
  125. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  126. # http-proxy-option CUSTOM-HEADER X-Forward-Host bughost.yourdomain.com
  127. # http-proxy-option CUSTOM-HEADER X-Forwarded-For bughost.yourdomain.com
  128. # http-proxy-option CUSTOM-HEADER Referrer bughost.yourdomain.com
  129. ## 3 ##
  130. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  131. # http-proxy-option CUSTOM-HEADER X-Forwarded-For bughost.yourdomain.com
  132. # http-proxy-option CUSTOM-HEADER Referrer bughost.yourdomain.com
  133. #
  134. ## [3] [NEW proxy-option] ##
  135. # http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.1
  136. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  137. # http-proxy-option CUSTOM-HEADER X-Online-Host bughost.yourdomain.com
  138. # http-proxy-option CUSTOM-HEADER ""
  139. # http-proxy-option CUSTOM-HEADER "PUT http://bughost.yourdomain.com/ HTTP/1.1"
  140. # http-proxy-option CUSTOM-HEADER X-Forward-Host bughost.yourdomain.com
  141. # http-proxy-option CUSTOM-HEADER Connection:Keep-Alive
  142. END
  143. sed -i $MYIP2 /etc/openvpn/client-tcp-1194.ovpn;
  144. # Buat config client UDP 2200
  145. cat > /etc/openvpn/client-udp-2200.ovpn <<-END2
  146. # OVPN CLIENT-TCP CONFIG
  147. # ----------------------------
  148. setenv FRIENDLY_NAME $MySentev
  149. setenv CLIENT_CERT 0
  150. client
  151. dev tun
  152. proto udp
  153. remote xxxxxxxxx 2200
  154. resolv-retry infinite
  155. route-method exe
  156. nobind
  157. persist-key
  158. persist-tun
  159. auth-user-pass
  160. comp-lzo
  161. verb 3
  162. END2
  163. sed -i $MYIP2 /etc/openvpn/client-udp-2200.ovpn;
  164. # Buat config client SSL
  165. cat > /etc/openvpn/client-tcp-ssl.ovpn <<-END3
  166. # OVPN CLIENT-TCP-SSL CONFIG
  167. # ----------------------------
  168. setenv FRIENDLY_NAME $MySentev
  169. setenv CLIENT_CERT 0
  170. client
  171. dev tun
  172. proto tcp
  173. remote xxxxxxxxx 992
  174. resolv-retry infinite
  175. route-method exe
  176. nobind
  177. persist-key
  178. persist-tun
  179. auth-user-pass
  180. comp-lzo
  181. verb 3
  182. ## [1] ##
  183. # http-proxy-option CUSTOM-HEADER Protocol HTTP/1.1
  184. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  185. ## [2] ##
  186. # "http-proxy-option CUSTOM-HEADER HTTP/1.1" or "http-proxy-option VERSION 1.1"
  187. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  188. # http-proxy-option CUSTOM-HEADER X-Forward-Host bughost.yourdomain.com
  189. # http-proxy-option CUSTOM-HEADER X-Forwarded-For bughost.yourdomain.com
  190. # http-proxy-option CUSTOM-HEADER Referrer bughost.yourdomain.com
  191. ## 3 ##
  192. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  193. # http-proxy-option CUSTOM-HEADER X-Forwarded-For bughost.yourdomain.com
  194. # http-proxy-option CUSTOM-HEADER Referrer bughost.yourdomain.com
  195. #
  196. ## [3] [NEW proxy-option] ##
  197. # http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.1
  198. # http-proxy-option CUSTOM-HEADER Host bughost.yourdomain.com
  199. # http-proxy-option CUSTOM-HEADER X-Online-Host bughost.yourdomain.com
  200. # http-proxy-option CUSTOM-HEADER ""
  201. # http-proxy-option CUSTOM-HEADER "PUT http://bughost.yourdomain.com/ HTTP/1.1"
  202. # http-proxy-option CUSTOM-HEADER X-Forward-Host bughost.yourdomain.com
  203. # http-proxy-option CUSTOM-HEADER Connection:Keep-Alive
  204. END3
  205. sed -i $MYIP2 /etc/openvpn/client-tcp-ssl.ovpn;
  206. cd
  207. # pada tulisan xxx ganti dengan alamat ip address VPS anda
  208. /etc/init.d/openvpn restart
  209. # Enter the certificate into the TCP 1194 client .
  210. echo '<ca>' >> /etc/openvpn/client-tcp-1194.ovpn
  211. cat '/etc/openvpn/server/ca.crt' >> /etc/openvpn/client-tcp-1194.ovpn
  212. echo '</ca>' >> /etc/openvpn/client-tcp-1194.ovpn
  213. # Copy config OpenVPN client ke home directory root agar mudah didownload ( TCP 1194 )
  214. cp /etc/openvpn/client-tcp-1194.ovpn /home/vps/public_html/client-tcp-1194.ovpn
  215. # 2200
  216. # Enter the certificate into the UDP 2200 client config
  217. cho '<ca>' >> /etc/openvpn/client-udp-2200.ovpn
  218. cat '/etc/openvpn/ca.crt' >> /etc/openvpn/client-udp-2200.ovpn
  219. echo '</ca>' >> /etc/openvpn/client-udp-2200.ovpn
  220. # Copy config OpenVPN client ke home directory root agar mudah didownload ( UDP 2200 )
  221. cp /etc/openvpn/client-udp-2200.ovpn /home/vps/public_html/client-udp-2200.ovpn
  222. # Enter the certificate into the config SSL client .
  223. echo '<ca>' >> /etc/openvpn/client-tcp-ssl.ovpn
  224. cat '/etc/openvpn/server/ca.crt' >> /etc/openvpn/client-tcp-ssl.ovpn
  225. echo '</ca>' >> /etc/openvpn/client-tcp-ssl.ovpn
  226. # Copy config OpenVPN client ke home directory root agar mudah didownload ( SSL )
  227. cp /etc/openvpn/client-tcp-ssl.ovpn /home/vps/public_html/client-tcp-ssl.ovpn
  228. # allow ufw
  229. apt-get install ufw
  230. ufw allow ssh
  231. ufw allow 1194/tcp
  232. ufw allow 81/tcp
  233. ufw allow 2200/udp
  234. #firewall untuk memperbolehkan akses UDP dan akses jalur TCP
  235. iptables -t nat -I POSTROUTING -s 10.6.0.0/24 -o $ANU -j MASQUERADE
  236. iptables -t nat -I POSTROUTING -s 10.7.0.0/24 -o $ANU -j MASQUERADE
  237. iptables-save > /etc/iptables.up.rules
  238. chmod +x /etc/iptables.up.rules
  239. iptables-restore -t < /etc/iptables.up.rules
  240. netfilter-persistent save
  241. netfilter-persistent reload
  242. # Restart service openvpn
  243. systemctl enable openvpn
  244. systemctl start openvpn
  245. /etc/init.d/openvpn restart
  246. # Delete script
  247. history -c
  248. sleep 1
  249. rm -f /root/vpn.sh