shenanigansf

2026-04-21 18:09:25 +01:00
parent 1643c542b1
commit c0855251fe
37 changed files with 752 additions and 190 deletions
--- a/VM_VPN_GATEWAY.sh
+++ b/VM_VPN_GATEWAY.sh
@@ -22,33 +22,30 @@ mega_tunel="tun0"
 ip_mega_tunel="10.8.0.1/24"

 # --- interfaces --- #
-sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0
-sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
+ifconfig $if_fora $ip_fora netmask 255.255.255.0
+ifconfig $if_dentro $ip_dentro netmask 255.255.255.0

 # --- ip forwarding --- #
-sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
-sudo sysctl -p /etc/sysctl.conf
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf

 # --- nat forwardin de vpn para clientes --- #
-sudo iptables -A INPUT  -p udp --dport 1194 -j ACCEPT # :O
-sudo iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
-sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
-sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
-sudo iptables-save > /etc/sysconfig/iptables # :3
-
-# criar certs 
-[[ -e "vpn.csr" ]]      && echo "vpn.csr ja criado"     || sudo openssl req -new -key vpn.key -out vpn.csr
-[[ -e "vpn.crt" ]]      && echo "vpn.crt ja criado"     || sudo openssl ca -in vpn.csr -cert ca.crt -keyfile ca.key -out vpn.crt
-[[ -e "dh2048.pem" ]]   && echo "dh2048 ja  foi criado" || openssl dhparam -out dh2048.pem 2048
+iptables -A INPUT  -p udp --dport 1194 -j ACCEPT # :O
+iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
+iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
+iptables -A FORWARD -i $mega_tunel -o $if_fora -j ACCEPT # faltava isto ?
+iptables -A FORWARD -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT # faltava isto ?
+iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
+iptables-save > /etc/sysconfig/iptables # :3

+# servidor
 vpn_dir="/etc/openvpn/server"
-sudo cp vpn.key $vpn_dir
-sudo cp vpn.conf $vpn_dir
-sudo cp vpn.csr $vpn_dir
-sudo cp vpn.crt $vpn_dir
-sudo cp dh2048.pem $vpn_dir
-sudo openvpn --config "$vpn_dir/vpn.conf"
+cp ca/ta.key $vpn_dir 
+cp ca/ca.crt $vpn_dir 
+cp ca/user.crt $vpn_dir 
+cp vpn.conf $vpn_dir 
+openvpn --config "${vpn_dir}/vpn.conf"

 # NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço
 # o serviço nao funciona ????
-# sudo systemctl enable --now openvpn-server@vpn.service
+# systemctl enable --now openvpn-server@vpn.service