Create setup_vpn.sh
Browse files- setup_vpn.sh +82 -0
setup_vpn.sh
ADDED
|
@@ -0,0 +1,82 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash
|
| 2 |
+
|
| 3 |
+
# VPN Setup Script for Hugging Face
|
| 4 |
+
# This script sets up OpenVPN server
|
| 5 |
+
|
| 6 |
+
set -e
|
| 7 |
+
|
| 8 |
+
echo "Starting VPN setup..."
|
| 9 |
+
|
| 10 |
+
# Create directories
|
| 11 |
+
mkdir -p /etc/openvpn/server/keys
|
| 12 |
+
mkdir -p /etc/openvpn/easy-rsa
|
| 13 |
+
|
| 14 |
+
# Generate server key and certificate (simplified for demo)
|
| 15 |
+
cd /etc/openvpn/server/keys
|
| 16 |
+
|
| 17 |
+
# Generate DH parameters (using small size for demo)
|
| 18 |
+
openssl dhparam -out dh2048.pem 2048
|
| 19 |
+
|
| 20 |
+
# Generate server private key
|
| 21 |
+
openssl genrsa -out server.key 2048
|
| 22 |
+
|
| 23 |
+
# Generate server certificate
|
| 24 |
+
openssl req -new -key server.key -out server.csr -subj "/C=US/ST=State/L=City/O=VPN/CN=vpn-server"
|
| 25 |
+
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
|
| 26 |
+
|
| 27 |
+
# Generate CA certificate (self-signed for demo)
|
| 28 |
+
openssl req -new -x509 -days 365 -key server.key -out ca.crt -subj "/C=US/ST=State/L=City/O=VPN-CA/CN=vpn-ca"
|
| 29 |
+
|
| 30 |
+
# Generate client key and certificate
|
| 31 |
+
openssl genrsa -out client.key 2048
|
| 32 |
+
openssl req -new -key client.key -out client.csr -subj "/C=US/ST=State/L=City/O=VPN/CN=vpn-client"
|
| 33 |
+
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey server.key -CAcreateserial -out client.crt
|
| 34 |
+
|
| 35 |
+
# Generate TLS auth key
|
| 36 |
+
openvpn --genkey --secret ta.key
|
| 37 |
+
|
| 38 |
+
# Set proper permissions
|
| 39 |
+
chmod 600 /etc/openvpn/server/keys/*
|
| 40 |
+
|
| 41 |
+
echo "Certificates generated successfully"
|
| 42 |
+
|
| 43 |
+
# Create client configuration file
|
| 44 |
+
cat > /etc/openvpn/server/client.ovpn << EOF
|
| 45 |
+
client
|
| 46 |
+
dev tun
|
| 47 |
+
proto udp
|
| 48 |
+
remote YOUR_HF_SPACE_URL 7860
|
| 49 |
+
resolv-retry infinite
|
| 50 |
+
nobind
|
| 51 |
+
persist-key
|
| 52 |
+
persist-tun
|
| 53 |
+
remote-cert-tls server
|
| 54 |
+
cipher AES-256-CBC
|
| 55 |
+
verb 3
|
| 56 |
+
|
| 57 |
+
<ca>
|
| 58 |
+
$(cat /etc/openvpn/server/keys/ca.crt)
|
| 59 |
+
</ca>
|
| 60 |
+
|
| 61 |
+
<cert>
|
| 62 |
+
$(cat /etc/openvpn/server/keys/client.crt)
|
| 63 |
+
</cert>
|
| 64 |
+
|
| 65 |
+
<key>
|
| 66 |
+
$(cat /etc/openvpn/server/keys/client.key)
|
| 67 |
+
</key>
|
| 68 |
+
|
| 69 |
+
<tls-auth>
|
| 70 |
+
$(cat /etc/openvpn/server/keys/ta.key)
|
| 71 |
+
</tls-auth>
|
| 72 |
+
key-direction 1
|
| 73 |
+
EOF
|
| 74 |
+
|
| 75 |
+
echo "Client configuration created"
|
| 76 |
+
|
| 77 |
+
# Enable IP forwarding
|
| 78 |
+
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
|
| 79 |
+
sysctl -p
|
| 80 |
+
|
| 81 |
+
echo "VPN setup completed successfully!"
|
| 82 |
+
echo "Note: Replace YOUR_HF_SPACE_URL in client.ovpn with your actual Hugging Face Space URL"
|