Initial commit

Bibi40k · May 7, 2020 · 3d000b6 · 3d000b6
commit 3d000b6
Show file tree

Hide file tree

Showing 33 changed files with 1,498 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1 @@
+# 2020.05.06 - pre-release (testing)
diff --git a/README.md b/README.md
@@ -0,0 +1,85 @@
+# FreeNAS scripts series: OpenVPN server into Iocage Jail
+
+# What this script do:
+- create all dir structure and files on a
+- store all custom vars into openvpn-configs/jail.vars & /root/openvpn-configs/server/vars
+- create iocage Jail with proper values and configurations
+- build Certificate Authority
+- build Server Certificates
+- generate Diffie Hellman Parameters
+- generate the TA key
+- build Client(s) Certificate
+- copy everything together and set paths to OpenVPN server config file
+- creates the firewall and routing tables
+- mix all certs and keys together with client(s) config files and create a single .ovpn file useful for mobile also.
+- sends email with client(s) config file.
+
+![script-menu]([https://github.com/Bibi40k/OpenVPN-on-FreeNAS-in-iocage/blob/master/script-menu.jpg])
+
+# Recommended OpenVPN Clients:
+Windows: [OpenVPN](https://openvpn.net/community-downloads/) \
+MacOS: [Tunnelblick](https://tunnelblick.net/release/Latest_Tunnelblick_Stable.dmg)
+
+
+# What you should do:
+- forward chosen port (default 1194) to OpenVPN iocage Jail chosen IP (default .66) on Port 1194 UDP
+- keep in mind that if your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x this might create routing conflicts if you connect to the VPN server from locations that use the same subnet (work, public wi-fi, hotels, etc).
+
+
+# Install
+
+## SSH into Freenas
+```
+ssh Username@FreenasIP # Terminal for MacOS & Linux or Putty on Windows
+sudo -i # we need to be root
+```
+## Get installer
+```
+git clone https://github.com/Bibi40k/OpenVPN-on-FreeNAS-in-iocage.git
+cd OpenVPN-on-FreeNAS-in-iocage # Enter the script dir
+git branch -a # List all versions
+    * master
+    remotes/origin/11.2
+    remotes/origin/11.3
+    remotes/origin/HEAD -> origin/master
+    remotes/origin/dev
+    remotes/origin/master
+    (END)
+```
+
+## Run the installer
+```
+git checkout 11.3 # switch to your FreeNAS matching version
+git pull # allways recommended to pull updates before run the script
+./install.sh # run the script
+```
+
+
+
+
+
+# Install
+
+### SSH into Freenas
+```
+ssh [email protected]
+sudo -i
+```
+
+### Download installer
+```
+git clone https://github.com/Bibi40k/OpenVPN-on-FreeNAS-in-iocage.git
+cd OpenVPN-on-FreeNAS-in-iocage
+```
+
+### List branches/versions and enter desired one
+```
+git branch -a
+git checkout 11.2
+git pull
+```
+
+### Start installer and follow on-screen instructions
+```
+./install.sh
+```
diff --git a/install.sh b/install.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+#########################################################################
+# Title: OpenVPN iocage jail under FreeNAS                              #
+# Author: Bibi40k                                                       #
+# Repository: https://github.com/Bibi40k/OpenVPN-on-FreeNAS-in-iocage   #
+#########################################################################
+
+# First of all, we clear the screen
+clear
+
+
+# Getting installer dir ( /root/OpenVPN-on-FreeNAS-in-iocage )
+CWD="`pwd`"
+SCRIPT="`which $0`"
+RELDIR="`dirname $SCRIPT`"
+cd "$RELDIR"
+DIR="`pwd`"
+cd "$CWD"
+
+
+source $DIR/scripts/colors.sh # messages' colors
+source $DIR/scripts/check_user.sh # checks minimum requirements
+
+CheckUser # user must be root
+
+# Update script to the latest version
+echo
+echo -e "${INFO} Checking for script updates..."
+echo
+cd ${DIR}
+git pull
+
+
+# Import scripts from /scripts dir
+source $DIR/scripts/autodiscover.sh # autodiscovers few vars we need later
+source $DIR/scripts/dirs.sh # create all dir structure
+source $DIR/scripts/files.sh # create/copy all files
+source $FVARS # custom vars in '${DCONFIG}/jail-install.cfg'
+source $DIR/scripts/update_config.sh # update 'openvpn-install.cfg' file so user will keep customizations
+source $DIR/scripts/check_os.sh # checks minimum requirements
+
+# Loading fixes for specific versions; updated as they appear
+echo -e "${INFO} Getting fixes for ${COLOR_BLUE}FreeNAS ${OS_VERSION}${COLOR_N}... "
+source $DIR/scripts/${OS_VERSION}/fixes.sh
+
+CheckOS # check if script is compatible with this FreeNAS version
+
+source $DIR/scripts/defaults.sh # default vars & constants
+source $DIR/scripts/functions.sh # functions
+
+
+if [[ $# == "1" ]]; then
+	HandleArgs "$1"
+	exit 0
+else
+	StartUpScreen
+fi
+
diff --git a/scripts/11.2/defaults.sh b/scripts/11.2/defaults.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Params for jail creation
+VNET="on"
+VNET_DEFAULT_INTERFACE="none"
+DHCP="off"
+BPF="yes"
+BOOT="on"
+ALLOW_RAW_SOCKETS="1"
+ALLOW_TUN="1"
+ALLOW_MOUNT="1"
+ALLOW_MOUNT_DEVFS="1"
+IP6="none"
+
diff --git a/scripts/11.2/fixes.sh b/scripts/11.2/fixes.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# FIX Package missmatch on 11.2 (due to EOL)
+if [[ "${OS_VERSION}" == "11.2" && "${RELEASE}" != "11.3-RELEASE" || $(iocage list -rh | grep 11.3) == "" ]]; then
+	echo -e "${INFO} ${COLOR_RED}${AUTO_USER}${COLOR_N}, to avoid package missmatch due to 11.2-RELEASE end-of-life"
+	echo -e "${INFO} I update/fix for you ${COLOR_RED}ONLY${COLOR_N} Iocage Jail version to 11.3-RELEASE, do you agree ?"
+
+	read -p "[y/n]: " answer
+		case $answer in
+			y)
+				RELEASE="11.3-RELEASE"
+				echo
+				echo -ne "${INFO} Checking if we already have fetched ${RELEASE}... "
+				iocage list -rh | grep 11.3 || iocage fetch -r ${RELEASE}
+				sed -i "" "s|RELEASE=.*|RELEASE=\"${RELEASE}\"|" ${FVARS}
+				echo
+			;;
+			n|*)
+				echo
+				echo -e "${INFO} No problem for me, but you'll get an error on installing OpenVPN server package"
+				echo -e "${INFO} and you should fix this manually anyway."
+				echo
+				sleep 5
+			;;
+		esac
+fi
+
diff --git a/scripts/11.2/install_openvpn.sh b/scripts/11.2/install_openvpn.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+# OpenVPN jail install script
+
+function InstallOpenVPN {
+
+	set -e
+
+	trap ErrorHandling ERR INT
+
+	echo
+	CheckConfigDirs # Create config dir(s) if doesn't exist(s) already
+
+	CheckIocageJail # Check if already exists
+	if [ $JAIL_EXIST == "false" ]; then
+		# Create jail with Custom vars
+		echo
+		echo -ne "${PROGRESS} ${JAIL_NAME} jail creation in progress... "
+		iocage create \
+			-n ${JAIL_NAME} \
+			ip4_addr="${INTERFACE}|${JAIL_IP}/24" \
+			defaultrouter=${AUTO_GW_IP} \
+			dhcp=${DHCP} \
+			bpf=${BPF} \
+			vnet=${VNET} \
+			vnet_default_interface=${VNET_DEFAULT_INTERFACE} \
+			boot=${BOOT} \
+			allow_mount=${ALLOW_MOUNT} \
+			allow_mount_devfs=${ALLOW_MOUNT_DEVFS} \
+			allow_raw_sockets=${ALLOW_RAW_SOCKETS} \
+			allow_tun=${ALLOW_TUN} \
+			ip6=${IP6} \
+			-r ${RELEASE};
+		# Manual install packages due to need of updating repos first
+		echo
+		echo -e "${INFO} Updating packages... "
+		iocage exec "${JAIL_NAME}" env ASSUME_ALWAYS_YES=YES pkg bootstrap
+		iocage exec "${JAIL_NAME}" pkg upgrade -y
+		iocage exec "${JAIL_NAME}" pkg update -y
+		echo -e "${INFO} Installing 'nano|openvpn|mpack'... "
+		iocage exec "${JAIL_NAME}" pkg install -y nano openvpn mpack
+		echo -e "${OK} $JAIL_NAME jail successfully created!"
+	fi
+
+
+
+	source $DIR/scripts/dirs_for_jail.sh # dirs path for Jailbox
+	source $DIR/scripts/files_for_jail.sh # copy & configure all files for Jailbox
+	source $DIR/scripts/server.sh # copy & configure all files for OpenVPN server
+	source $DIR/scripts/keys.sh # generate all keys for OpenVPN server and clients
+	source $DIR/scripts/clients.sh # create clients config .ovn file
+
+
+
+	# Remove old 'openvpn-configs' dir and copy the new one in jail
+	echo
+	echo -ne "${PROGRESS} copy conf dir to jail... "
+	rm -rf "${IOCAGE_PATH}/root/root/openvpn-configs"
+	if \cp -r "${DCONFIG}" "${IOCAGE_PATH}/root/root/openvpn-configs"; then
+    	echo -e "${OK}"
+	else
+		echo -e "${FAIL}"
+	fi
+
+
+
+	# Restart jail
+	RestartJail
+
+
+
+	# Sending clients via e-mail
+	cat <<-EOF | xargs -L1 iocage exec "${JAIL_NAME}"
+	echo
+	service sendmail onestart
+	cd ${JAIL_DCLIENTS}
+	find ${JAIL_DCLIENTS} -maxdepth 1 -type f -exec tar czvf OpenVPN-Clients.tar.gz {} +
+	echo Sending e-mail from Charlie Root<[email protected]> to ${EMAIL}
+	mpack -s 'OpenVPN profiles/clients' OpenVPN-Clients.tar.gz ${EMAIL}
+	EOF
+
+
+	echo
+	echo -e "${COLOR_GREEN}Installation Complete!${COLOR_N}"
+	echo
+	echo -e "${INFO} Make sure you forward external port ${EXT_PORT} to internal IP ${JAIL_IP} on PORT 1194"
+	echo -e "${INFO} You cand log into ${JAIL_NAME} jail with 'iocage console ${JAIL_NAME}'"
+	echo
+
+
+
+	# no need to exit/trap on errors anymore
+	set +e
+	trap - ERR INT
+
+
+
+	echo
+	CheckOVPNServer # Check if server is up and running; showing last lines from log.
+
+} 2>$FLOG 2>&1
+
diff --git a/scripts/11.3/defaults.sh b/scripts/11.3/defaults.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Params for jail creation
+VNET="on"
+VNET_DEFAULT_INTERFACE="none"
+DHCP="off"
+BPF="yes"
+BOOT="on"
+ALLOW_RAW_SOCKETS="1"
+ALLOW_TUN="1"
+ALLOW_MOUNT="on"
+ALLOW_MOUNT_DEVFS="on"
+IP6="disable"
+
diff --git a/scripts/11.3/fixes.sh b/scripts/11.3/fixes.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+