terminal

LinuxScripts

menu

OPEN VPN

Install/Uninstall script OVPN Script Just commands Link to project

Install Script (Debian/Ubuntu / clean)

download content_copy expand_more 
#!/bin/bash
set -e

# ========== COLORS ==========
NC='\033[0m'
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[1;34m'
BOLD='\033[1m'

# ========== SPINNER ==========
spinner_pid=""
start_spinner() {
  local msg="$1"
  echo -ne "${BLUE}[INFO] ℹ️${NC} ${msg}... "

  trap stop_spinner INT

  (
    local spin='-\|/'
    while true; do
      for i in $(seq 0 $(( ${#spin} - 1 )) ); do
        echo -ne "\b${spin:$i:1}"
        sleep 0.1
      done
    done
  ) &

  spinner_pid=$!
  disown
}

stop_spinner() {
  if [[ -n "$spinner_pid" ]]; then
    kill "$spinner_pid" &>/dev/null || true
    wait "$spinner_pid" 2>/dev/null || true
    spinner_pid=""
  fi
  echo -e "\b${GREEN}[OK] ✓${NC}"
  trap - INT
}

run_step() {
  start_spinner "$1"
  shift
  "$@" &>/dev/null
  stop_spinner
}

run_multistep() {
  start_spinner "$1"
  shift
  {
    "$@"
  } &>/dev/null
  stop_spinner
}

echo -e "\n${BOLD}${YELLOW}=== OpenVPN Install Script ===${NC}\n"

# ========== START ==========
run_step "Updating the system" sudo apt update -y && sudo apt upgrade -y
run_step "Installing OpenVPN, Easy-RSA and firewalld" sudo apt install -y openvpn easy-rsa firewalld
run_step "Starting firewalld" sudo systemctl start firewalld
run_step "Enabling firewalld" sudo systemctl enable firewalld
run_step "Creating Easy-RSA directory" make-cadir ~/openvpn-ca
cd ~/openvpn-ca

run_step "Initializing PKI" ./easyrsa init-pki
run_multistep "Building CA (non-interactive)" bash -c 'yes "" | ./easyrsa build-ca nopass'
run_multistep "Generating server key" bash -c 'yes "" | ./easyrsa gen-req server nopass'
run_multistep "Signing server certificate" bash -c 'echo yes | ./easyrsa sign-req server server'
run_step "Generating DH parameters" ./easyrsa gen-dh
run_step "Creating TLS-auth key" openvpn --genkey --secret ta.key

run_step "Copying files to /etc/openvpn" sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key pki/dh.pem ta.key /etc/openvpn/

run_multistep "Creating OpenVPN server config" bash -c 'sudo tee /etc/openvpn/server.conf > /dev/null << EOF
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA256
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
EOF'

run_step "Enabling IP forwarding" bash -c "sudo sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf && sudo sysctl -p"

run_step "Opening UDP port 1194" sudo firewall-cmd --permanent --add-port=1194/udp
run_step "Enabling NAT with firewalld" sudo firewall-cmd --permanent --zone=public --add-masquerade
run_step "Reloading firewalld" sudo firewall-cmd --reload

run_step "Enabling OpenVPN service" sudo systemctl enable openvpn@server
run_step "Starting OpenVPN service" sudo systemctl start openvpn@server

# ========== DONE ==========
echo -e "\n${GREEN}[DONE] ✅${NC} OpenVPN has been successfully installed."
echo -e "${BOLD}Check status:${NC} sudo systemctl status openvpn@server"

Use the following command to auto-download and run: content_copy 

wget "https://krotek.serveminecraft.net/how-to-install/VPN/OPEN-VPN/generate.php?system=debian&type=install&variant=clean" -O install.sh && chmod +x install.sh && sudo ./install.sh

Uninstall Script (Debian/Ubuntu / clean)

download content_copy expand_more 
#!/bin/bash
set -e

# ========== COLORS ==========
NC='\033[0m'
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[1;34m'
BOLD='\033[1m'

# ========== SPINNER ==========
spinner_pid=""
start_spinner() {
  local msg="$1"
  echo -ne "${BLUE}[INFO] ℹ️${NC} ${msg}... "

  trap stop_spinner INT

  (
    local spin='-\|/'
    while true; do
      for i in $(seq 0 $(( ${#spin} - 1 )) ); do
        echo -ne "\b${spin:$i:1}"
        sleep 0.1
      done
    done
  ) &

  spinner_pid=$!
  disown
}

stop_spinner() {
  if [[ -n "$spinner_pid" ]]; then
    kill "$spinner_pid" &>/dev/null || true
    wait "$spinner_pid" 2>/dev/null || true
    spinner_pid=""
  fi
  echo -e "\b${GREEN}[OK] ✓${NC}"
  trap - INT
}

run_step() {
  start_spinner "$1"
  shift
  "$@" &>/dev/null
  stop_spinner
}

run_multistep() {
  start_spinner "$1"
  shift
  {
    "$@"
  } &>/dev/null
  stop_spinner
}

# ========== PROMPTS ==========
echo -e "\n${BOLD}${YELLOW}=== OpenVPN Removal Script ===${NC}\n"

read -rp "$(echo -e "${BLUE}[INFO] ℹ️${NC} Do you want to close port 1194/UDP and remove firewalld rules? (yes/no): ")" REMOVE_RULES
read -rp "$(echo -e "${BLUE}[INFO] ℹ️${NC} Do you want to uninstall firewalld completely? (yes/no): ")" REMOVE_FIREWALLD
read -rp "$(echo -e "${BLUE}[INFO] ℹ️${NC} Do you want to remove generated .ovpn files? (yes/no): ")" REMOVE_OVPN

# ========== START ==========
if [[ "$REMOVE_RULES" =~ ^[Yy][Ee]?[Ss]?$ ]]; then
  run_multistep "Removing firewalld rules" bash -c '
    sudo firewall-cmd --permanent --remove-port=1194/udp || true
    sudo firewall-cmd --permanent --zone=public --remove-masquerade || true
    sudo firewall-cmd --reload || true
  '
else
  echo -e "${YELLOW}[SKIP] ⏭️${NC} Skipping firewalld rule cleanup."
fi

run_step "Stopping OpenVPN service" sudo systemctl stop openvpn@server
run_step "Disabling OpenVPN service" sudo systemctl disable openvpn@server
run_step "Removing OpenVPN config and keys" sudo rm -rf /etc/openvpn/*

run_step "Restoring IP forwarding setting" bash -c "
  sudo sed -i 's/^net.ipv4.ip_forward=1/#net.ipv4.ip_forward=1/' /etc/sysctl.conf
  sudo sysctl -p
"

if [[ "$REMOVE_FIREWALLD" =~ ^[Yy][Ee]?[Ss]?$ ]]; then
  run_step "Removing firewalld package" sudo apt remove --purge -y firewalld
else
  echo -e "${YELLOW}[SKIP] ⏭️${NC} Skipping firewalld uninstallation."
fi

run_step "Removing Easy-RSA and OpenVPN packages" sudo apt remove --purge -y openvpn easy-rsa
run_step "Removing Easy-RSA directory" rm -rf ~/openvpn-ca

# ========== REMOVE OVPN FILES ==========
if [[ "$REMOVE_OVPN" =~ ^[Yy][Ee]?[Ss]?$ ]]; then
  if [ "$EUID" -eq 0 ]; then
    # Root: check /root and all /home/* users
    for dir in /root /home/*; do
      CONFIG_DIR="$dir/client-configs/files"
      if [ -d "$CONFIG_DIR" ]; then
        run_step "Removing .ovpn files in $CONFIG_DIR" rm -rf "$CONFIG_DIR"
      else
        echo -e "${YELLOW}[SKIP] ⏭️${NC} Directory ${CONFIG_DIR} does not exist."
      fi
    done
  else
    # Normal user
    CLIENT_CONFIGS_DIR="$HOME/client-configs/files"
    if [ -d "$CLIENT_CONFIGS_DIR" ]; then
      run_step "Removing .ovpn files" rm -rf "$CLIENT_CONFIGS_DIR"
    else
      echo -e "${YELLOW}[SKIP] ⏭️${NC} Directory ${CLIENT_CONFIGS_DIR} does not exist."
    fi
  fi
else
  echo -e "${YELLOW}[SKIP] ⏭️${NC} Keeping .ovpn files."
fi

# ========== DONE ==========
echo -e "\n${GREEN}[DONE] ✅${NC} ${BOLD}OpenVPN has been successfully removed.${NC}\n"

Use the following command to auto-download and run: content_copy 

wget "https://krotek.serveminecraft.net/how-to-install/VPN/OPEN-VPN/generate.php?system=debian&type=uninstall&variant=clean" -O uninstall.sh && chmod +x uninstall.sh && sudo ./uninstall.sh

OVPN Script for connection (Debian/Ubuntu / clean)

download content_copy expand_more 
#!/bin/bash
set -e

# ========== COLORS ==========
NC='\033[0m'
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[1;34m'
BOLD='\033[1m'

# ========== SPINNER ==========
spinner_pid=""
start_spinner() {
  local msg="$1"
  echo -ne "${BLUE}[INFO] ℹ️${NC} ${msg}... "

  trap stop_spinner INT

  (
    local spin='-\|/'
    while true; do
      for i in $(seq 0 $(( ${#spin} - 1 )) ); do
        echo -ne "\b${spin:$i:1}"
        sleep 0.1
      done
    done
  ) &

  spinner_pid=$!
  disown
}

stop_spinner() {
  if [[ -n "$spinner_pid" ]]; then
    kill "$spinner_pid" &>/dev/null || true
    wait "$spinner_pid" 2>/dev/null || true
    spinner_pid=""
  fi
  echo -e "\b${GREEN}[OK] ✓${NC}"
  trap - INT
}

run_step() {
  start_spinner "$1"
  shift
  "$@" &>/dev/null
  stop_spinner
}

echo -e "\n${BOLD}${YELLOW}=== OpenVPN OVPN file creating ===${NC}\n"

# ========== INPUT ==========
if [ $# -eq 2 ]; then
  CLIENT_NAME=$1
  REMOTE_ADDR=$2
else
  echo -e "${YELLOW}[?] ❓${NC} No arguments provided. Please enter manually:"
  read -rp "🔹 Enter client name (CLIENT_NAME): " CLIENT_NAME
  read -rp "🔹 Enter server IP or domain (SERVER_IP_OR_DOMAIN): " REMOTE_ADDR

  if [ -z "$CLIENT_NAME" ] || [ -z "$REMOTE_ADDR" ]; then
    echo -e "${RED}[ERROR] ❌ Both values are required. Aborting.${NC}"
    exit 1
  fi
fi

# ========== CONSTANTS ==========
EASYRSA_DIR=~/openvpn-ca

# Detect actual user if run via sudo
if [ "$EUID" -eq 0 ] && [ -n "$SUDO_USER" ]; then
  MAIN_USER="$SUDO_USER"
else
  MAIN_USER=$(whoami)
fi

if [ "$MAIN_USER" == "root" ]; then
  OUTPUT_DIR="/root/client-configs/files"
else
  OUTPUT_DIR="/home/$MAIN_USER/client-configs/files"
fi

PORT=1194
PROTO=udp

mkdir -p "$OUTPUT_DIR"

# ========== CERT GENERATION ==========
run_step "Generating key and certificate request for client, please press [ENTER] to continue: : ${CLIENT_NAME}" bash -c "cd $EASYRSA_DIR && ./easyrsa gen-req $CLIENT_NAME nopass"
run_step "Signing client certificate" bash -c "cd $EASYRSA_DIR && echo yes | ./easyrsa sign-req client $CLIENT_NAME"

# ========== CREATING .OVPN ==========
run_step "Creating .ovpn file for ${CLIENT_NAME}" bash -c "
cat > \"${OUTPUT_DIR}/${CLIENT_NAME}.ovpn\" << EOF
client
dev tun
proto $PROTO
remote $REMOTE_ADDR $PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher AES-256-CBC
key-direction 1
verb 3

<ca>
\$(cat ${EASYRSA_DIR}/pki/ca.crt)
</ca>

<cert>
\$(awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/' ${EASYRSA_DIR}/pki/issued/${CLIENT_NAME}.crt)
</cert>

<key>
\$(cat ${EASYRSA_DIR}/pki/private/${CLIENT_NAME}.key)
</key>

<tls-auth>
\$(cat ${EASYRSA_DIR}/ta.key)
</tls-auth>
EOF
"

# ========== DONE ==========
echo -e "\n${GREEN}[DONE] ✅${NC} Configuration file has been created."
echo -e "${BOLD}File location:${NC} ${OUTPUT_DIR}/${CLIENT_NAME}.ovpn"

Use the following command to auto-download and run: content_copy 

wget "https://krotek.serveminecraft.net/how-to-install/VPN/OPEN-VPN/generate.php?system=debian&type=ovpn&variant=clean" -O ovpn.sh && chmod +x ovpn.sh && sudo ./ovpn.sh

Just commands (Debian/Ubuntu / clean)

expand_more 
sudo apt update && sudo apt upgrade -y
sudo apt install -y openvpn easy-rsa firewalld

sudo systemctl start firewalld
sudo systemctl enable firewalld

make-cadir ~/openvpn-ca
cd ~/openvpn-ca

./easyrsa init-pki
./easyrsa build-ca nopass

./easyrsa gen-req server nopass
./easyrsa sign-req server server

./easyrsa gen-dh
openvpn --genkey --secret ta.key

sudo cp pki/ca.crt pki/issued/server.crt pki/private/server.key pki/dh.pem ta.key /etc/openvpn/

sudo nano /etc/openvpn/server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA256
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p

sudo firewall-cmd --permanent --add-port=1194/udp
sudo firewall-cmd --permanent --zone=public --add-masquerade
sudo firewall-cmd --reload

sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server