diff --git a/BashScripts/install-openvpn-server.sh b/BashScripts/install-openvpn-server.sh
index 0422c41..5c5a559 100644
--- a/BashScripts/install-openvpn-server.sh
+++ b/BashScripts/install-openvpn-server.sh
@@ -1,9 +1,29 @@
+#!/bin/bash
 # Install using: sudo su -c "bash <(wget -qO- /url/to/install-openvpn-server.sh)"
 
 # Make sure script is ran as root
 if [[ $EUID -ne 0 ]]; then
 	exec sudo /bin/bash "$0" "$@"
 fi
+# Helper functions
+add_iptables_rule() {
+	local RULE="$1"
+	local TABLE="filter"  # Default table is filter
+	if [[ "$RULE" =~ -t[[:space:]]+(nat|mangle|raw|filter) ]]; then
+		TABLE="${BASH_REMATCH[1]}"
+		RULE="${RULE/-t ${BASH_REMATCH[1]}/}"  # Remove "-t <table>" from RULE
+	fi
+	local RULE_ACTION=$(echo "$RULE" | awk '{print $1}')
+	local RULE_REST=$(echo "$RULE" | cut -d' ' -f2-)
+	if iptables-save -t "$TABLE" | grep -Fq -- "$RULE_REST"; then
+		echo "Rule already exists in table $TABLE, skipping: -t $TABLE $RULE"
+	else
+		echo "Adding iptables rule to table $TABLE: -t $TABLE $RULE"
+		iptables -t "$TABLE" $RULE
+	fi
+}
+
+# Setup script
 read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//' -e 's/.proto.*//') NIC_NAME
 read -e -p "Enter VPN subnet: " -i "172.19.100" VPN_SUBNET
 read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET
@@ -44,6 +64,7 @@ fi
 if [ ! -f /etc/openvpn/myserver.conf ]; then
 	tee /etc/openvpn/myserver.conf > /dev/null <<EOL
 
+#public-host $VPN_PUBLIC_HOST
 port $VPN_PUBLIC_PORT
 proto udp
 dev tun
@@ -79,9 +100,86 @@ sudo sysctl -p /etc/sysctl.conf
 systemctl start openvpn@myserver
 
 echo Settings up NAT rules...
-iptables -t nat -A POSTROUTING -s $VPN_SUBNET.0/24 -o $NIC_NAME -j MASQUERADE
-iptables -A FORWARD -i tun0 -o $NIC_NAME -j ACCEPT
-iptables -A FORWARD -i $NIC_NAME -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+add_iptables_rule "-t nat -A POSTROUTING -s $VPN_SUBNET.0/24 -o $NIC_NAME -j MASQUERADE"
+add_iptables_rule "-A FORWARD -i tun0 -o $NIC_NAME -j ACCEPT"
+add_iptables_rule "-A FORWARD -i $NIC_NAME -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT"
 apt install iptables-persistent -y
 netfilter-persistent save
 
+# Settings up helper scripts using Heredoc 'EOF'
+cat << 'EOF' > /usr/local/bin/add-openvpn-client.sh
+#!/bin/bash
+# Make sure script is ran as root
+if [[ $EUID -ne 0 ]]; then
+	exec sudo /bin/bash "$0" "$@"
+fi
+
+DIR=$(pwd)
+for i in {1..255}; do
+	CLIENT_NAME="client$i"
+	if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
+		break
+	fi
+done
+VPN_SUBNET=$(grep -E '^server ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
+VPN_PUBLIC_HOST=$(grep -E '^#public-host ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
+VPN_PUBLIC_PORT=$(grep -E '^port ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
+echo "Adding VPN client to $VPN_PUBLIC_HOST:$VPN_PUBLIC_PORT"
+read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME
+if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
+	echo Client $CLIENT_NAME already exists...
+	exit 1
+fi
+read -e -p "Use static IP for this client? VPN subnet is $VPN_SUBNET (Leave empty for dynamic): " -i "" CLIENT_IP
+if [ ! -z "${CLIENT_IP}" ]; then
+	echo Setting IP...
+cat > "/etc/openvpn/ccd/$CLIENT_NAME" <<EOL
+ifconfig-push $CLIENT_IP 255.255.255.0
+EOL
+fi
+
+cd /etc/openvpn/easy-rsa
+./easyrsa gen-req $CLIENT_NAME nopass
+./easyrsa sign-req client $CLIENT_NAME
+
+CA_CERT=$(cat "/etc/openvpn/ca.crt")
+CLIENT_CERT=$(cat "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt")
+CLIENT_KEY=$(cat "/etc/openvpn/easy-rsa/pki/private/$CLIENT_NAME.key")
+TA_KEY=$(cat "/etc/openvpn/ta.key")
+
+cd "$DIR"
+cat > $CLIENT_NAME.conf <<EOL
+dev tun
+persist-tun
+persist-key
+cipher AES-256-CBC
+ncp-ciphers AES-256-GCM:AES-128-GCM
+auth SHA1
+# tls-client
+client
+resolv-retry infinite
+remote $VPN_PUBLIC_HOST $VPN_PUBLIC_PORT udp
+# remote-cert-tls server
+float
+verb 3
+
+<ca>
+$CA_CERT
+</ca>
+<cert>
+$CLIENT_CERT
+</cert>
+<key>
+$CLIENT_KEY
+</key>
+key-direction 1
+<tls-auth>
+$TA_KEY
+</tls-auth>
+EOL
+EOF
+chmod +755 /usr/local/bin/add-openvpn-client.sh
+cat << 'EOF' > /usr/local/bin/remove-iptable-dups.sh
+#!/bin/bash
+iptables-save | awk '!seen[$0]++ || /^(\*|COMMIT)/' | iptables-restore
+EOF