-
Notifications
You must be signed in to change notification settings - Fork 144
/
Copy pathocserv-install.sh
186 lines (156 loc) · 7.46 KB
/
ocserv-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
#!/usr/bin/env bash
install() {
ip=$(hostname -I|cut -f1 -d ' ')
echo "Your Server IP address is:$ip"
echo -e "\e[32mInstalling gnutls-bin\e[39m"
apt install gnutls-bin
mkdir certificates
cd certificates
cat << EOF > ca.tmpl
cn = "VPN CA"
organization = "Big Corp"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key
EOF
certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem
cat << EOF > server.tmpl
#yourIP
cn=$ip
organization = "my company"
expiration_days = 3650
signing_key
encryption_key
tls_www_server
EOF
certtool --generate-privkey --outfile server-key.pem
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem
echo -e "\e[32mInstalling ocserv\e[39m"
apt install ocserv
cp /etc/ocserv/ocserv.conf ~/certificates/
sed -i -e 's@auth = "@#auth = "@g' /etc/ocserv/ocserv.conf
sed -i -e 's@auth = "pam@auth = "#auth = "pam"@g' /etc/ocserv/ocserv.conf
sed -i -e 's@try-mtu-discovery = @try-mtu-discovery = true@g' /etc/ocserv/ocserv.conf
sed -i -e 's@dns = @#dns = @g' /etc/ocserv/ocserv.conf
sed -i -e 's@# multiple servers.@dns = 8.8.8.8@g' /etc/ocserv/ocserv.conf
sed -i -e 's@route =@#route =@g' /etc/ocserv/ocserv.conf
sed -i -e 's@no-route =@#no-route =@g' /etc/ocserv/ocserv.conf
sed -i -e 's@cisco-client-compat@cisco-client-compat = true@g' /etc/ocserv/ocserv.conf
sed -i -e 's@##auth = "#auth = "pam""@auth = "plain[passwd=/etc/ocserv/ocpasswd]"@g' /etc/ocserv/ocserv.conf
sed -i -e 's@server-cert = /etc/ssl/certs/ssl-cert-snakeoil.pem@server-cert = /etc/ocserv/server-cert.pem@g' /etc/ocserv/ocserv.conf
sed -i -e 's@server-key = /etc/ssl/private/ssl-cert-snakeoil.key@server-key = /etc/ocserv/server-key.pem@g' /etc/ocserv/ocserv.conf
echo "Enter a username:"
read username
ocpasswd -c /etc/ocserv/ocpasswd $username
iptables -t nat -A POSTROUTING -j MASQUERADE
sed -i -e 's@#[email protected]_forward=@g' /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
cp ~/certificates/server-key.pem /etc/ocserv/
cp ~/certificates/server-cert.pem /etc/ocserv/
echo -e "\e[32mStopping ocserv service\e[39m"
service ocserv stop
echo -e "\e[32mStarting ocserv service\e[39m"
service ocserv start
echo "OpenConnect Server Configured Succesfully"
}
uninstall() {
sudo apt-get purge ocserv
}
addUser() {
echo "Enter a username:"
read username
ocpasswd -c /etc/ocserv/ocpasswd $username
}
showUsers() {
cat /etc/ocserv/ocpasswd
}
deleteUser() {
echo "Enter a username:"
read username
ocpasswd -c /etc/ocserv/ocpasswd -d $username
}
lockUser() {
echo "Enter a username:"
read username
ocpasswd -c /etc/ocserv/ocpasswd -l $username
}
unlockUser() {
echo "Enter a username:"
read username
ocpasswd -c /etc/ocserv/ocpasswd -u $username
}
if [[ "$EUID" -ne 0 ]]; then
echo "Please run as root"
exit 1
fi
cd ~
echo '
▒█████ ██▓███ ▓█████ ███▄ █ ▄████▄ ▒█████ ███▄ █ ███▄ █ ▓█████ ▄████▄ ▄▄▄█████▓
▒██▒ ██▒▓██░ ██▒▓█ ▀ ██ ▀█ █ ▒██▀ ▀█ ▒██▒ ██▒ ██ ▀█ █ ██ ▀█ █ ▓█ ▀ ▒██▀ ▀█ ▓ ██▒ ▓▒
▒██░ ██▒▓██░ ██▓▒▒███ ▓██ ▀█ ██▒ ▒▓█ ▄ ▒██░ ██▒▓██ ▀█ ██▒▓██ ▀█ ██▒▒███ ▒▓█ ▄ ▒ ▓██░ ▒░
▒██ ██░▒██▄█▓▒ ▒▒▓█ ▄ ▓██▒ ▐▌██▒ ▒▓▓▄ ▄██▒▒██ ██░▓██▒ ▐▌██▒▓██▒ ▐▌██▒▒▓█ ▄ ▒▓▓▄ ▄██▒░ ▓██▓ ░
░ ████▓▒░▒██▒ ░ ░░▒████▒▒██░ ▓██░ ▒ ▓███▀ ░░ ████▓▒░▒██░ ▓██░▒██░ ▓██░░▒████▒▒ ▓███▀ ░ ▒██▒ ░
░ ▒░▒░▒░ ▒▓▒░ ░ ░░░ ▒
░ ░░ ▒░ ▒ ▒ ░ ░▒ ▒ ░░ ▒░▒░▒░ ░ ▒░ ▒ ▒ ░ ▒░ ▒ ▒ ░░ ▒░ ░░ ░▒ ▒ ░ ▒ ░░
░ ▒ ▒░ ░▒ ░ ░ ░ ░░ ░░ ░ ▒░ ░ ▒ ░ ▒ ▒░ ░ ░░ ░ ▒░░ ░░ ░ ▒░ ░ ░ ░ ░ ▒ ░
░ ░ ░ ▒ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░
░ ░
██▒ █▓ ██▓███ ███▄ █ ██████ ▓█████ ██▀███ ██▒ █▓▓█████ ██▀███
▓██░ █▒▓██░ ██▒ ██ ▀█ █ ▒██ ▒ ▓█ ▀ ▓██ ▒ ██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒
▓██ █▒░▓██░ ██▓▒▓██ ▀█ ██▒ ░ ▓██▄ ▒███ ▓██ ░▄█ ▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒
▒██ █░░▒██▄█▓▒ ▒▓██▒ ▐▌██▒ ▒ ██▒▒▓█ ▄ ▒██▀▀█▄ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄
▒▀█░ ▒██▒ ░ ░▒██░ ▓██░ ▒██████▒▒░▒████▒░██▓ ▒██▒ ▒▀█░ ░▒████▒░██▓ ▒██▒
░ ▐░ ▒▓▒░ ░ ░░ ▒░ ▒ ▒ ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ▒▓ ░▒▓░ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░
░ ░░ ░▒ ░ ░ ░░ ░ ▒░ ░ ░▒ ░ ░ ░ ░ ░ ░▒ ░ ▒░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░
░░ ░░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ░░ ░ ░░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░
'
PS3='Please enter your choice: '
options=("Install" "Uninstall" "Add User" "Change Password" "Show Users" "Delete User" "Lock User" "Unlock User" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Install")
install
break
;;
"Uninstall")
uninstall
break
;;
"Add User")
addUser
break
;;
"Change Password")
addUser
break
;;
"Show Users")
showUsers
break
;;
"Delete User")
deleteUser
break
;;
"Lock User")
lockUser
break
;;
"Unlock User")
unlockUser
break
;;
"Quit")
break
;;
*) echo "invalid option $REPLY";;
esac
done