#!/bin/bash # OpenVPN + Laravel VPN Manager Installation Script # For Ubuntu 22.04/24.04 # Lambicall VPN System set -e # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # Variables VPN_DIR="/var/www/html/openvpn" WEB_DIR="$VPN_DIR/web" SERVER_IP=$(curl -s ifconfig.me) echo -e "${GREEN}===============================================${NC}" echo -e "${GREEN} Lambicall VPN Manager Installation${NC}" echo -e "${GREEN}===============================================${NC}" # Check if running as root if [ "$EUID" -ne 0 ]; then echo -e "${RED}Please run as root (sudo)${NC}" exit 1 fi # Update system echo -e "${YELLOW}Updating system packages...${NC}" apt-get update apt-get upgrade -y # Install dependencies echo -e "${YELLOW}Installing dependencies...${NC}" apt-get install -y \ openvpn \ easy-rsa \ apache2 \ postgresql \ postgresql-contrib \ php8.3 \ php8.3-fpm \ php8.3-cli \ php8.3-common \ php8.3-pgsql \ php8.3-mbstring \ php8.3-xml \ php8.3-zip \ php8.3-curl \ php8.3-gd \ php8.3-bcmath \ php8.3-intl \ composer \ supervisor \ ufw \ curl \ git \ zip \ unzip \ net-tools # Configure firewall echo -e "${YELLOW}Configuring firewall...${NC}" ufw allow 22/tcp ufw allow 80/tcp ufw allow 443/tcp ufw allow 1194/udp ufw --force enable # Enable IP forwarding echo -e "${YELLOW}Enabling IP forwarding...${NC}" echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p # Configure NAT echo -e "${YELLOW}Configuring NAT...${NC}" INTERFACE=$(ip route | grep default | awk '{print $5}') iptables -t nat -A POSTROUTING -s 10.7.0.0/16 -o $INTERFACE -j MASQUERADE apt-get install -y iptables-persistent # Setup EasyRSA echo -e "${YELLOW}Setting up EasyRSA...${NC}" make-cadir /etc/openvpn/easy-rsa cd /etc/openvpn/easy-rsa cat > vars << EOF set_var EASYRSA_REQ_COUNTRY "US" set_var EASYRSA_REQ_PROVINCE "CA" set_var EASYRSA_REQ_CITY "San Francisco" set_var EASYRSA_REQ_ORG "Lambicall" set_var EASYRSA_REQ_EMAIL "admin@lambicall.com" set_var EASYRSA_REQ_OU "VPN" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_CA_EXPIRE 3650 set_var EASYRSA_CERT_EXPIRE 1095 set_var EASYRSA_CRL_DAYS 180 EOF # Initialize PKI ./easyrsa init-pki echo "Lambicall-CA" | ./easyrsa build-ca nopass ./easyrsa gen-dh ./easyrsa build-server-full server nopass # Generate ta.key openvpn --genkey --secret /etc/openvpn/ta.key # Copy server configuration echo -e "${YELLOW}Configuring OpenVPN server...${NC}" cp $VPN_DIR/config/server.conf /etc/openvpn/server.conf # Create directories mkdir -p /etc/openvpn/ccd mkdir -p /var/log/openvpn mkdir -p $VPN_DIR/certificates/clients # Set permissions for script chmod +x $VPN_DIR/scripts/openvpn-manager.sh # Configure PostgreSQL echo -e "${YELLOW}Configuring PostgreSQL...${NC}" sudo -u postgres psql << EOF CREATE DATABASE vpn_manager; CREATE USER vpn_user WITH ENCRYPTED PASSWORD 'secure_password_here'; GRANT ALL PRIVILEGES ON DATABASE vpn_manager TO vpn_user; EOF # Setup Laravel application echo -e "${YELLOW}Setting up Laravel application...${NC}" cd $WEB_DIR composer install --no-dev --optimize-autoloader # Copy environment file cp .env.example .env # Generate application key php artisan key:generate # Update .env file with database credentials sed -i "s/DB_PASSWORD=/DB_PASSWORD=secure_password_here/g" .env sed -i "s/OPENVPN_SERVER_IP=/OPENVPN_SERVER_IP=$SERVER_IP/g" .env # Run migrations php artisan migrate --force # Cache configuration php artisan config:cache php artisan route:cache php artisan view:cache # Set permissions chown -R www-data:www-data $VPN_DIR chmod -R 755 $VPN_DIR chmod -R 775 $WEB_DIR/storage chmod -R 775 $WEB_DIR/bootstrap/cache # Configure Apache echo -e "${YELLOW}Configuring Apache...${NC}" a2enmod rewrite headers ssl proxy proxy_fcgi cp $VPN_DIR/config/apache-vpn.conf /etc/apache2/sites-available/vpn.lambicall.com.conf a2ensite vpn.lambicall.com.conf a2dissite 000-default.conf # Configure Supervisor echo -e "${YELLOW}Configuring Supervisor...${NC}" cp $VPN_DIR/config/supervisor-vpn.conf /etc/supervisor/conf.d/vpn.conf # Configure sudoers echo -e "${YELLOW}Configuring sudo permissions...${NC}" cp $VPN_DIR/config/sudoers-vpn /etc/sudoers.d/vpn chmod 440 /etc/sudoers.d/vpn # Start services echo -e "${YELLOW}Starting services...${NC}" systemctl enable openvpn@server systemctl start openvpn@server systemctl restart apache2 systemctl restart php8.3-fpm supervisorctl reread supervisorctl update supervisorctl start vpn-workers:* # Create admin user echo -e "${YELLOW}Creating admin user for web panel...${NC}" cd $WEB_DIR php artisan tinker --execute=" \$user = new \App\Models\User(); \$user->name = 'Admin'; \$user->email = 'admin@lambicall.com'; \$user->password = bcrypt('admin_password'); \$user->save(); " echo -e "${GREEN}===============================================${NC}" echo -e "${GREEN} Installation Complete!${NC}" echo -e "${GREEN}===============================================${NC}" echo "" echo -e "${YELLOW}Important Information:${NC}" echo -e "Web Panel URL: https://vpn.lambicall.com" echo -e "Admin Email: admin@lambicall.com" echo -e "Admin Password: admin_password (CHANGE THIS!)" echo -e "Server IP: $SERVER_IP" echo -e "VPN Network: 10.7.0.0/16" echo -e "VPN Port: 1194/UDP" echo "" echo -e "${RED}IMPORTANT: Please update the following:${NC}" echo -e "1. Change admin password immediately" echo -e "2. Update PostgreSQL password in .env file" echo -e "3. Install SSL certificates for vpn.lambicall.com" echo -e "4. Configure DNS to point vpn.lambicall.com to $SERVER_IP" echo "" echo -e "${GREEN}To create first VPN client:${NC}" echo "sudo $VPN_DIR/scripts/openvpn-manager.sh generate client_name" echo "" echo -e "${GREEN}Service Status:${NC}" systemctl status openvpn@server --no-pager echo "" supervisorctl status