GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → xhdix → openconnect-installer

xhdix / openconnect-installer

Licence: Unlicense license
Automatically set up an Openconnect/Anyconnect VPN server(ocserv) with Let's Encrypt with just one command in CentOS 8.

Programming Languages

shell
77523 projects

Labels

linuxletsencryptcentosvpnvpn-serveropenconnectletsencrypt-certificatesanyconnectlets-encryptocservdns-leak-preventionopenconnectservercentos8openconnect-vpn-serveranyconnect-vpn-serversecure-vpnocserv-scriptocserv-installerlinux-vpn-serverip-leak-prevention

Projects that are alternatives of or similar to openconnect-installer

openconnect-gui-menu-bar
OpenConnect Menu Bar - Connect/Disconnect/Status - for Mac OS X (supports Duo push/sms/phone, or Yubikey, Google Authenticator, Duo, or any TOTP)
Stars: ✭ 56 (-12.5%)
Mutual labels:  vpn, openconnect, anyconnect
vpns
A collection of vpns
Stars: ✭ 112 (+75%)
Mutual labels:  vpn, vpn-server, openconnect
Streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
Stars: ✭ 22,605 (+35220.31%)
Mutual labels:  vpn, openconnect, anyconnect
Ikev2 Setup
Set up Ubuntu Server 20.04 (or 18.04) as an IKEv2 VPN server
Stars: ✭ 872 (+1262.5%)
Mutual labels:  letsencrypt, vpn, vpn-server
Wg Install
Wireguard road warrior installer for Ubuntu, Debian, CentOS and Fedora
Stars: ✭ 99 (+54.69%)
Mutual labels:  centos, vpn, vpn-server
docker-haproxy-certbot
Dockerized HAProxy with Let's Encrypt certificates automatic renewal
Stars: ✭ 28 (-56.25%)
Mutual labels:  letsencrypt, lets-encrypt
traefik-letsencrypt-compose
Basic Traefik configuration which includes automatic Let’s Encrypt certificate management and password protected dashboard
Stars: ✭ 38 (-40.62%)
Mutual labels:  letsencrypt, lets-encrypt
Vpstoolbox
一键安装Trojan-GFW代理,Hexo博客,Nextcloud等應用程式。
Stars: ✭ 1,080 (+1587.5%)
Mutual labels:  letsencrypt, vpn
Nginx Proxy Automation
Automated docker nginx proxy integrated with letsencrypt.
Stars: ✭ 2,302 (+3496.88%)
Mutual labels:  letsencrypt, letsencrypt-certificates
ght-acme.sh
Shell script to sign certificate by the letsencrypt CA
Stars: ✭ 31 (-51.56%)
Mutual labels:  letsencrypt, letsencrypt-certificates
Htpc Docker Standup
A simple docker-compose based configuration to stand up a new HTPC w/ Plex, Deluge, Sonarr, Radarr and more!
Stars: ✭ 160 (+150%)
Mutual labels:  letsencrypt, vpn
terraform-aws-pritunl-vpn-server
Pritunl VPN Server for your public/private like VPC on AWS
Stars: ✭ 40 (-37.5%)
Mutual labels:  vpn, vpn-server
lets-encrypt-azure
Azure function based Let's Encrypt automation for Azure CDN & app services
Stars: ✭ 60 (-6.25%)
Mutual labels:  letsencrypt, lets-encrypt
ansible-role-containerized-wordpress
Deploy & run Docker Compose project for WordPress instance with Let's Encrypt HTTPS encryption
Stars: ✭ 15 (-76.56%)
Mutual labels:  letsencrypt, letsencrypt-certificates
acme-dns-01-cloudflare
Cloudflare DNS for Let's Encrypt / ACME dns-01 challenges with Greenlock.js and ACME.js
Stars: ✭ 13 (-79.69%)
Mutual labels:  letsencrypt, lets-encrypt
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (+171.88%)
Mutual labels:  letsencrypt, centos
Linux
🐧 以“标签”形式对Linux的命令进行的梳理
Stars: ✭ 15 (-76.56%)
Mutual labels:  centos, centos8
ucsf-vpn
Linux command-line client to manage a UCSF VPN connection
Stars: ✭ 30 (-53.12%)
Mutual labels:  vpn, openconnect
topvpn.github.io
Top VPN in China (mainland) 在全球(含中國大陆)好用的国外优质付费vpn推荐
Stars: ✭ 27 (-57.81%)
Mutual labels:  vpn, vpn-server
acme
Go client library implementation for ACME v2 (RFC8555)
Stars: ✭ 77 (+20.31%)
Mutual labels:  letsencrypt, lets-encrypt
View All Similar Projects ➔

Automatically set up an Openconnect VPN server(ocserv) with Let's Encrypt with just one command.

  • Secured with a valid certificate from Let's encrypt
  • No IP Leak
  • No DNS Leak
  • No request/send from/to external/third party sources

All you need: A CentOS 8 server with a domain.

Note 05/09/2021: If you had any problem, disable UDP and do not use the Anyconnect client app for a while!

Note 23/09/2021: Change the server or server IP every 3 months to prevent Google from tracking and flagging your server's IP.

Install, configure, run with one command:

Change the username-password list pass.txt (or create a new one) and then just run the command like this :

bash install.sh -f username-list-file -n host-name -e email-address

for example :

bash install.sh -f pass.txt -n my.example.com -e [email protected]

Note: By changing the script, you can get a certificate without an email address. But it is better not to. (--email $EMAIL_ADDR to --register-unsafely-without-email)

If you want to add a list of users again after installation:

bash adduser.sh username-list-file

e.g. :
bash adduser.sh pass2.text

Renew the certificate before/after 3 months:

certbot renew --quiet && systemctl restart ocserv # && systemctl restart ocserv2

Run two copies of ocserv on the same server

Do you want to run ocserv on a new port with a different configuration? Take a look at copyoc.sh.

New ocserv copy

 bash ./copyoc.sh -p <port>

e.g. :
bash ./copyoc.sh -p 8443

New ocserv copy for families (Cloudflare DNS for families)

Will block malware and adult content in the new VPN service

 bash ./copyoc.sh -p <port> -f
 
 e.g. :
 bash ./copyoc.sh -p 2222 -f

Bypass the Internet blackout

Bypass the Internet blackout

(reference: https://ooni.org/post/2019-iran-internet-blackout/#connecting-to-the-internet-from-iran)

After installing Openconnect on a foreign VPS, just enter these commands on the domestic VPS:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT  --to-destination [foreignVPSip]:443
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 443 -j DNAT  --to-destination [foreignVPSip]:443
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 53 -j DNAT  --to-destination [foreignVPSip]:53
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source [domesticVPSip]

(Note: Make sure you use the correct network interface name. e.g. eth0 or enp0s3 or ... )

Then save iptables:

yum install iptables-services -y

systemctl enable iptables

service iptables save

systemctl start iptables

And then use Openconnect like this:

echo password|openconnect --resolve=domain.com:[domesticVPSip] -vu username --passwd-on-stdin https://domain.com

Or temporary change A record to domestic VPS ip.

Note: The amount of incoming and outgoing traffic on your domestic VPS should not be equal.

Please let me know if there is any problem.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].