setup_vpn.sh

#!/bin/bash

# VPN Setup Script for Hugging Face
# This script sets up OpenVPN server

set -e

echo "Starting VPN setup..."

# Create directories
mkdir -p /etc/openvpn/server/keys
mkdir -p /etc/openvpn/easy-rsa

# Generate server key and certificate (simplified for demo)
cd /etc/openvpn/server/keys

# Generate DH parameters (using small size for demo)
openssl dhparam -out dh2048.pem 2048

# Generate server private key
openssl genrsa -out server.key 2048

# Generate server certificate
openssl req -new -key server.key -out server.csr -subj "/C=US/ST=State/L=City/O=VPN/CN=vpn-server"
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# Generate CA certificate (self-signed for demo)
openssl req -new -x509 -days 365 -key server.key -out ca.crt -subj "/C=US/ST=State/L=City/O=VPN-CA/CN=vpn-ca"

# Generate client key and certificate
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj "/C=US/ST=State/L=City/O=VPN/CN=vpn-client"
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey server.key -CAcreateserial -out client.crt

# Generate TLS auth key
openvpn --genkey --secret ta.key

# Set proper permissions
chmod 600 /etc/openvpn/server/keys/*

echo "Certificates generated successfully"

# Create client configuration file
cat > /etc/openvpn/server/client.ovpn << EOF
client
dev tun
proto udp
remote YOUR_HF_SPACE_URL 7860
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3

<ca>
$(cat /etc/openvpn/server/keys/ca.crt)
</ca>

<cert>
$(cat /etc/openvpn/server/keys/client.crt)
</cert>

<key>
$(cat /etc/openvpn/server/keys/client.key)
</key>

<tls-auth>
$(cat /etc/openvpn/server/keys/ta.key)
</tls-auth>
key-direction 1
EOF

echo "Client configuration created"

# Enable IP forwarding
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p

echo "VPN setup completed successfully!"
echo "Note: Replace YOUR_HF_SPACE_URL in client.ovpn with your actual Hugging Face Space URL"