security/openvpn_start_script_config.bash at master · b40yd/security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#! /bin/bash

service_script=openvpn_client

register_daemon(){
cat >$service_script<<EOF
#!/bin/bash
# chkconfig: 2345 25 75

OPENVPN=/usr/sbin/openvpn
OPENVPN_PID_FILE=/var/run/openvpn_client.pid
OPENVPN_CONFIG_PATH=/etc/openvpn
OPENVPN_CONFIG_FILE=client.conf
start() {

    if [ -f "\$OPENVPN_PID_FILE" ];then
        echo "openvpn is runing..."
        exit 1
    fi

    \$OPENVPN --daemon --writepid \$OPENVPN_PID_FILE --cd \$OPENVPN_CONFIG_PATH --config \$OPENVPN_CONFIG_FILE

    if [ $? -ne 0 ];then
        echo "openvpn start failed."
        exit 1
    fi
    echo "openvpn start ok."
}

stop(){
    if [ -f "\$OPENVPN_PID_FILE" ];then
        kill \`cat \$OPENVPN_PID_FILE\` >/dev/null 2>&1
        rm -rf \$OPENVPN_PID_FILE
    else
        echo "openvpn not run."
    fi
}

restart(){
    stop
    start
}
case "\$1" in
  start)
    start
    exit 0
    ;;
  stop)
    stop
    exit 0
    ;;
  restart)
    restart
    exit 0
    ;;
  *)
    echo "Usage: openvpn {start|stop|restart|condrestart|reload|reopen|status}"
    exit 1
    ;;

esac
EOF

chmod +x $service_script
install -D $service_script "/etc/init.d/$service_script"
}


if [ `id -u` -eq 0 ];then
    register_daemon
    if [ -f "/etc/init.d/$service_script" ];then
        chkconfig --add $service_script
        chkconfig --level 2345 $service_script on
    fi

    iptables -A INPUT -s 15.170.0.0/24 -p tcp -m multiport --sports 22,80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
    service iptables save
else
    echo "must be use root user."
fi

exit 0