From c2ee4ced281a9fbfd36e5e930f935a0c240812b2 Mon Sep 17 00:00:00 2001 From: "root@culturestrings" Date: Tue, 1 Sep 2020 18:44:10 +0000 Subject: openvpn: support two distinct (masquerading and non-masquerading) vpn's. --- public/fs/etc/openvpn/hostvpn-conf.sh | 59 ++++++++++++++++++++++++++++------- public/fs/etc/openvpn/hostvpn.conf.in | 10 +++--- 2 files changed, 52 insertions(+), 17 deletions(-) (limited to 'public') diff --git a/public/fs/etc/openvpn/hostvpn-conf.sh b/public/fs/etc/openvpn/hostvpn-conf.sh index 24cb390..72f828c 100755 --- a/public/fs/etc/openvpn/hostvpn-conf.sh +++ b/public/fs/etc/openvpn/hostvpn-conf.sh @@ -3,6 +3,7 @@ set -eu sitezone="$1" +vpn_type="$2" cfg_script="$0" cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) @@ -10,17 +11,51 @@ cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) source /root/config/private/config/server.ports source /root/config/private/config/hostinfo/${sitezone} -if [ ${vpn_route_all} = 'yes' ]; then - vpn_route_all_subst='s/^@vpn_route_all@ //g' +if [ ${vpn_type} = 'primary' ]; then + vpn_tunnel=tun0 + ipv6_subnet=8000 + + if [ ${vpn_route_all} = 'yes' ]; then + vpn_route_all_subst='s/^@vpn_route_all@ //g' + else + vpn_route_all_subst='/^@vpn_route_all@ /d' + fi + + sed -e 's/@vpn_tunnel@/'${vpn_tunnel}'/g' \ + -e 's/@vpn_type@/'${vpn_type}'/g' \ + -e 's/@vpn_port@/'${vpn_port}'/g' \ + -e 's/@hostname@/'${hostname}'/g' \ + -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + -e 's/@host_ipv4@/'${host_ipv4}'/g' \ + -e 's/@host_ipv6@/'${host_ipv6}'/g' \ + -e 's/@ipv6_subnet@/'${ipv6_subnet}'/g' \ + -e "${vpn_route_all_subst}" \ + "${cfg_srcdir}/hostvpn.conf.in" + +elif [ ${vpn_type} = 'secondary' ]; then + vpn_tunnel=tun1 + ipv6_subnet=c000 + + if [ ${avpn_route_all} = 'yes' ]; then + vpn_route_all_subst='s/^@vpn_route_all@ //g' + else + vpn_route_all_subst='/^@vpn_route_all@ /d' + fi + + sed -e 's/@vpn_tunnel@/'${vpn_tunnel}'/g' \ + -e 's/@vpn_type@/'${vpn_type}'/g' \ + -e 's/@vpn_port@/'${avpn_port}'/g' \ + -e 's/@hostname@/'${hostname}'/g' \ + -e 's/@vpn_net4@/'${avpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${avpn_ipv4}'/g' \ + -e 's/@host_ipv4@/'${host_ipv4}'/g' \ + -e 's/@host_ipv6@/'${host_ipv6}'/g' \ + -e 's/@ipv6_subnet@/'${ipv6_subnet}'/g' \ + -e "${vpn_route_all_subst}" \ + "${cfg_srcdir}/hostvpn.conf.in" + else - vpn_route_all_subst='/^@vpn_route_all@ /d' + printf '%s\n' 'usage: ./hostvpn-conf.sh sitezone {primary|secondary}' + exit 2 fi - -sed -e 's/@vpn_port@/'${vpn_port}'/g' \ - -e 's/@hostname@/'${hostname}'/g' \ - -e 's/@vpn_net4@/'${vpn_net4}'/g' \ - -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ - -e 's/@host_ipv4@/'${host_ipv4}'/g' \ - -e 's/@host_ipv6@/'${host_ipv6}'/g' \ - -e "${vpn_route_all_subst}" \ - "${cfg_srcdir}/hostvpn.conf.in" diff --git a/public/fs/etc/openvpn/hostvpn.conf.in b/public/fs/etc/openvpn/hostvpn.conf.in index fb85982..b82bbec 100644 --- a/public/fs/etc/openvpn/hostvpn.conf.in +++ b/public/fs/etc/openvpn/hostvpn.conf.in @@ -1,7 +1,7 @@ port @vpn_port@ proto udp -dev tun0 +dev @vpn_tunnel@ topology subnet cipher AES-256-CBC @@ -13,14 +13,14 @@ askpass /srv/webroot/openvpn/@hostname@.pass key /etc/easy-rsa/pki/private/@hostname@.key dh /etc/easy-rsa/pki/dh.pem -status /var/log/openvpn/openvpn-status.log -log-append /var/log/openvpn/openvpn.log +status /var/log/openvpn/openvpn-@vpn_type@-status.log +log-append /var/log/openvpn/openvpn-@vpn_type@.log server @vpn_net4@ 255.255.255.0 -server-ipv6 @host_ipv6@:8000::/65 +server-ipv6 @host_ipv6@:@ipv6_subnet@::/66 push "route-ipv6 2000::/3" -push "route-ipv6 host_ipv6::/64" +push "route-ipv6 @host_ipv6@::/64" push "route 192.168.0.0 255.255.255.0" @vpn_route_all@ push "block-outside-dns" -- cgit v1.2.3