diff --git a/openvpn/adduser.sh b/openvpn/adduser.sh
new file mode 100755
index 0000000..5018315
--- /dev/null
+++ b/openvpn/adduser.sh
@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+
+STARTDIR=$(pwd)
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+ echo "Sorry, you need to run this as root"
+ exit 1
+fi
+
+cd $CADIR
+source ./vars
+
+ADDUSER="no"
+ANSUSER="yes"
+
+while [ "$ANSUSER" != "$ADDUSER" ];
+do
+ while [[ -z "$LOGIN" ]];
+ do
+ read -p "Enter name: " LOGIN
+ done
+
+ ./build-key --batch $LOGIN
+
+ if [ $? -eq 0 ]; then
+
+ # copy files and OVPN config
+ mkdir "$STARTDIR/$LOGIN"
+ cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$STARTDIR/$LOGIN/"
+
+ DIST="$STARTDIR/$LOGIN/openvpn-server.ovpn"
+ cp $DIR/openvpn-server.ovpn.dist $DIST
+ sed -i -e "s@LOGIN@$LOGIN@g" $DIST
+ sed -i -e "s@IP@$IP@g" $DIST
+
+ SRC="$STARTDIR/$LOGIN"
+ DIST="$STARTDIR/$LOGIN/openvpn-server-embedded.ovpn"
+ cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
+ sed -i -e "s@IP@$IP@g" $DIST
+
+ echo "" >> $DIST
+ cat $SRC/ca.crt >> $DIST
+ echo "" >> $DIST
+
+ echo "" >> $DIST
+ cat $SRC/$LOGIN.crt >> $DIST
+ echo "" >> $DIST
+
+ echo "" >> $DIST
+ cat $SRC/$LOGIN.key >> $DIST
+ echo "" >> $DIST
+
+ echo "" >> $DIST
+ cat $SRC/ta.key >> $DIST
+ echo "" >> $DIST
+
+ echo
+ echo "Created directory $STARTDIR/$LOGIN with necessary files."
+ USERNAME=${SUDO_USER:-$USER}
+ chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
+
+ fi
+
+ read -p "Would you want add another user? [no] " ANSUSER
+ : ${ANSUSER:=$ADDUSER}
+done
+
diff --git a/openvpn/install.sh b/openvpn/install.sh
index 97ba47c..8381b27 100755
--- a/openvpn/install.sh
+++ b/openvpn/install.sh
@@ -12,7 +12,7 @@ fi
echo
echo "Installing OpenVPN..."
-apt-get install openvpn easy-rsa
+apt-get install openvpn easy-rsa bridge-utils
echo
echo "Configuring routing..."
@@ -30,30 +30,6 @@ echo
echo "Configuring iptables firewall..."
$DIR/iptables-setup.sh
-echo
-echo "Do you want to create routing or bridging OpenVPN mode? "
-echo "More information at: https://community.openvpn.net/openvpn/wiki/309-what-is-the-difference-between-bridging-and-routing"
-echo " 1) routing"
-echo " 2) bridging"
-echo
-read -p "Your choice [1 or 2]: " -e -i 1 MODE
-case $MODE in
- 1)
- DEVICE="tun"
- sed -i -e "s/DEVICE/tun/g" $OPENVPNCONFIG
- sed -i -e "/server-bridge/d" $OPENVPNCONFIG
- ;;
- 2)
- DEVICE="tap"
- sed -i -e "s/DEVICE/tap/g" $OPENVPNCONFIG
- sed -i -e "/server /d" $OPENVPNCONFIG
- ;;
- *)
- echo "Hm... Strange answer..."
- exit
- ;;
-esac
-
echo
echo "Configuring DNS parameters..."
$DIR/dns.sh
@@ -69,64 +45,9 @@ source ./vars
./build-dh
openvpn --genkey --secret ta.key
-ADDUSER="no"
-ANSUSER="yes"
-
echo
echo "Configuring VPN users..."
-while [ "$ANSUSER" != "$ADDUSER" ];
-do
- while [[ -z "$LOGIN" ]];
- do
- read -p "Enter name: " LOGIN
- done
-
- ./build-key --batch $LOGIN
-
- if [ $? -eq 0 ]; then
-
- # copy files and OVPN config
- mkdir "$STARTDIR/$LOGIN"
- cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$STARTDIR/$LOGIN/"
-
- DIST="$STARTDIR/$LOGIN/openvpn-server.ovpn"
- cp $DIR/openvpn-server.ovpn.dist $DIST
- sed -i -e "s@LOGIN@$LOGIN@g" $DIST
- sed -i -e "s@IP@$IP@g" $DIST
- sed -i -e "s@DEVICE@$DEVICE@g" $DIST
-
- SRC="$STARTDIR/$LOGIN"
- DIST="$STARTDIR/$LOGIN/openvpn-server-embedded.ovpn"
- cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
- sed -i -e "s@IP@$IP@g" $DIST
- sed -i -e "s@DEVICE@$DEVICE@g" $DIST
-
- echo "" >> $DIST
- cat $SRC/ca.crt >> $DIST
- echo "" >> $DIST
-
- echo "" >> $DIST
- cat $SRC/$LOGIN.crt >> $DIST
- echo "" >> $DIST
-
- echo "" >> $DIST
- cat $SRC/$LOGIN.key >> $DIST
- echo "" >> $DIST
-
- echo "" >> $DIST
- cat $SRC/ta.key >> $DIST
- echo "" >> $DIST
-
- echo
- echo "Created directory $STARTDIR/$LOGIN with necessary files."
- USERNAME=${SUDO_USER:-$USER}
- chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
-
- fi
-
- read -p "Would you want add another user? [no] " ANSUSER
- : ${ANSUSER:=$ADDUSER}
-done
+$DIR/adduser.sh
echo
echo "Starting OpenVPN..."
diff --git a/openvpn/iptables-setup.sh b/openvpn/iptables-setup.sh
index f3e6dd0..0ed4b2d 100755
--- a/openvpn/iptables-setup.sh
+++ b/openvpn/iptables-setup.sh
@@ -67,9 +67,7 @@ iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS -
# TUN/TAP
iptables -A INPUT -i tun+ -j ACCEPT
-iptables -A INPUT -i tap+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
-iptables -A OUTPUT -o tap+ -j ACCEPT
# OpenVPN
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
@@ -85,4 +83,3 @@ fi
iptables -F
iptables-restore < $IPTABLES
-
diff --git a/openvpn/openvpn-server-embedded.ovpn.dist b/openvpn/openvpn-server-embedded.ovpn.dist
index 7e3b2db..f8e7ef9 100644
--- a/openvpn/openvpn-server-embedded.ovpn.dist
+++ b/openvpn/openvpn-server-embedded.ovpn.dist
@@ -1,10 +1,10 @@
client
-dev DEVICE
+dev tun
persist-key
persist-tun
tls-client
remote-cert-tls server
-cipher DES-EDE3-CBC
+cipher AES-256-CBC
remote IP
port 1194
proto udp
diff --git a/openvpn/openvpn-server.conf.dist b/openvpn/openvpn-server.conf.dist
index c9f401c..e2e3299 100644
--- a/openvpn/openvpn-server.conf.dist
+++ b/openvpn/openvpn-server.conf.dist
@@ -1,7 +1,7 @@
mode server
port 1194
proto udp
-dev DEVICE
+dev tun
ca CADIR/keys/ca.crt
cert CADIR/keys/openvpn-server.crt
key CADIR/keys/openvpn-server.key
@@ -9,16 +9,17 @@ dh CADIR/keys/dh2048.pem
tls-server
tls-auth CADIR/ta.key 0
server LOCALPREFIX.0.0 255.255.255.0
-server-bridge LOCALPREFIX.0.1 255.255.255.0 LOCALPREFIX.0.10 LOCALPREFIX.0.100
+topology subnet
local PUBLICIP
client-to-client
-cipher DES-EDE3-CBC
+cipher AES-256-CBC
user nobody
group NOBODYGROUP
max-clients 100
keepalive 10 120
persist-key
persist-tun
+mssfix
push "route-gateway dhcp"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
diff --git a/openvpn/openvpn-server.ovpn.dist b/openvpn/openvpn-server.ovpn.dist
index ea7d994..84a54a0 100644
--- a/openvpn/openvpn-server.ovpn.dist
+++ b/openvpn/openvpn-server.ovpn.dist
@@ -1,8 +1,8 @@
client
-dev DEVICE
+dev tun
persist-key
persist-tun
-cipher DES-EDE3-CBC
+cipher AES-256-CBC
remote IP
port 1194
proto udp