setup_openwrt_openvpn_conf.sh
#!/bin/sh
######################################################################
#
# OpenWRT OpenVPN 설정 스크립트
#
# OpenVPN 서버 설정과 클라이언트용 ovpn을 생성한다.
#
######################################################################
MY_DDNS="hasu0707.duckdns.org"
######################################################################
#
# OpenVPN 서버 셋팅
#
######################################################################
# Generate TLS PSK
# Configuration parameters
OVPN_DIR="/etc/openvpn"
OVPN_PKI="/etc/easy-rsa/pki"
OVPN_DEV="tun"
OVPN_PORT="1194"
OVPN_PROTO="udp"
OVPN_POOL="10.8.0.0 255.255.255.0"
OVPN_DNS="${OVPN_POOL%.* *}.1"
OVPN_DOMAIN="lan"
OVPN_DH="$(cat ${OVPN_PKI}/dh.pem)"
OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"
OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"
NL=$'\n'
# Configure VPN server
umask u=rw,g=,o=
grep -l -r -e "TLS Web Server Auth" "${OVPN_PKI}/issued" \
| sed -e "s/^.*\///;s/\.\w*$//" \
| while read -r OVPN_ID
do
OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"
OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"
cat << EOF > ${OVPN_DIR}/${OVPN_ID}.conf
verb 3
user nobody
group nogroup
dev ${OVPN_DEV}
port ${OVPN_PORT}
proto ${OVPN_PROTO}
server ${OVPN_POOL}
topology subnet
mode server
client-to-client
keepalive 10 120
persist-tun
persist-key
comp-lzo yes
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
<dh>${NL}${OVPN_DH}${NL}</dh>
<tls-crypt>${NL}${OVPN_TC}${NL}</tls-crypt>
<ca>${NL}${OVPN_CA}${NL}</ca>
<cert>${NL}${OVPN_CERT}${NL}</cert>
<key>${NL}${OVPN_KEY}${NL}</key>
EOF
done
######################################################################
#
# OpenVPN 클라이언트용 ovpn profile 생성
#
######################################################################
# Fetch IP address
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr OVPN_SERV "${NET_IF}"
# Fetch FQDN from DDNS client
OVPN_FQDN="$(uci -q get "$(uci -q show ddns \
| sed -n -e "/\.enabled='1'$/s//.lookup_host/p" \
| sed -n -e "1p")")"
if [ -n "${OVPN_FQDN}" ]
then
OVPN_SERV="${OVPN_FQDN}"
fi
# Configuration parameters
OVPN_DIR="/etc/openvpn"
OVPN_PKI="/etc/easy-rsa/pki"
OVPN_DEV="tun"
OVPN_PORT="1194"
OVPN_PROTO="udp"
OVPN_TC="$(sed -e "/^#/d;/^\w/N;s/\n//" ${OVPN_PKI}/tc.pem)"
OVPN_CA="$(openssl x509 -in ${OVPN_PKI}/ca.crt)"
NL=$'\n'
# Generate VPN client profiles
umask u=rw,g=,o=
grep -l -r -e "TLS Web Client Auth" "${OVPN_PKI}/issued" \
| sed -e "s/^.*\///;s/\.\w*$//" \
| while read -r OVPN_ID
do
OVPN_CERT="$(openssl x509 -in ${OVPN_PKI}/issued/${OVPN_ID}.crt)"
OVPN_KEY="$(cat ${OVPN_PKI}/private/${OVPN_ID}.key)"
cat << EOF > ${OVPN_DIR}/${MY_DDNS}_client.ovpn
client
dev ${OVPN_DEV%%[0-9]*}
remote ${MY_DDNS} ${OVPN_PORT} ${OVPN_PROTO}
nobind
resolv-retry infinite
persist-key
persist-tun
tls-client
cipher AES-256-CBC
auth-nocache
remote-cert-tls server
tun-mtu 1500
comp-lzo yes
verb 3
reneg-sec 0
pull-filter ignore "block-outside-dns"
<tls-crypt>${NL}${OVPN_TC}${NL}</tls-crypt>
<ca>${NL}${OVPN_CA}${NL}</ca>
<cert>${NL}${OVPN_CERT}${NL}</cert>
<key>${NL}${OVPN_KEY}${NL}</key>
EOF
done
ls ${OVPN_DIR}/*.ovpn
/etc/init.d/openvpn enable
/etc/init.d/openvpn stop
/etc/init.d/openvpn start