1. devstack
  2. Commit 78f21408f458528236da87972d62f8211504aff4
Browse code

Change vpn to bridged mode

Dean Troyer authored on 2011/11/15 08:45:37
Showing 1 changed files
tools/install_openvpn.sh
History View file @ 78f2140
... ... 
@@ -10,13 +10,20 @@
10 10 
 # --server mode configures the host with a running OpenVPN server instance
11 11 
 # --client mode creates a tarball of a client configuration for this server
12 12
13 
+# Get config file
14 
+if [ -e localrc.vpn ]; then
15 
+    . localrc.vpn
16 
+fi
17 
+
13 18 
 # VPN Config
14 19 
 VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`}  # 50.56.12.212
15 20 
 VPN_PROTO=${VPN_PROTO:-tcp}
16 21 
 VPN_PORT=${VPN_PORT:-6081}
17 22 
 VPN_DEV=${VPN_DEV:-tun}
23 
+VPN_BRIDGE=${VPN_BRIDGE:-br0}
18 24 
 VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
19 25 
 VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
26 
+VPN_CLIENT_DHCP="${VPN_CLIENT_DHCP:-172.16.28.1 172.16.28.254}"
20 27 
 VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
21 28 
 VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
22 29
... ... 
@@ -39,7 +46,8 @@ if [ -z $1 ]; then
39 39 
 fi
40 40
41 41 
 # Install OpenVPN
42 
-if [ ! -x `which openvpn` ]; then
42 
+VPN_EXEC=`which openvpn`
43 
+if [ -z "$VPN_EXEC" -o ! -x "$VPN_EXEC" ]; then
43 44 
     apt-get install -y openvpn bridge-utils
44 45 
 fi
45 46 
 if [ ! -d $CA_DIR ]; then
... ... 
@@ -73,21 +81,49 @@ do_server() {
73 73 
     (cd $CA_DIR/keys;
74 74 
         cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR
75 75 
     )
76 
+    cat >$VPN_DIR/br-up <<EOF
77 
+#!/bin/bash
78 
+
79 
+BR="$VPN_BRIDGE"
80 
+TAP="\$1"
81 
+
82 
+for t in \$TAP; do
83 
+    openvpn --mktun --dev \$t
84 
+    brctl addif \$BR \$t
85 
+    ifconfig \$t 0.0.0.0 promisc up
86 
+done
87 
+EOF
88 
+    chmod +x $VPN_DIR/br-up
89 
+    cat >$VPN_DIR/br-down <<EOF
90 
+#!/bin/bash
91 
+
92 
+BR="$VPN_BRIDGE"
93 
+TAP="\$1"
94 
+
95 
+for i in \$TAP; do
96 
+    brctl delif \$BR $t
97 
+    openvpn --rmtun --dev \$i
98 
+done
99 
+EOF
100 
+    chmod +x $VPN_DIR/br-down
76 101 
     cat >$VPN_DIR/$NAME.conf <<EOF
77 102 
 proto $VPN_PROTO
78 103 
 port $VPN_PORT
79 104 
 dev $VPN_DEV
105 
+up $VPN_DIR/br-up
106 
+down $VPN_DIR/br-down
80 107 
 cert $NAME.crt
81 108 
 key $NAME.key  # This file should be kept secret
82 109 
 ca ca.crt
83 110 
 dh dh1024.pem
84 111 
 duplicate-cn
85 
-server $VPN_CLIENT_NET $VPN_CLIENT_MASK
112 
+#server $VPN_CLIENT_NET $VPN_CLIENT_MASK
113 
+server-bridge $VPN_CLIENT_NET $VPN_CLIENT_MASK $VPN_CLIENT_DHCP
86 114 
 ifconfig-pool-persist ipp.txt
87 115 
 push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
88 116 
 comp-lzo
89 117 
 user nobody
90 
-group nobody
118 
+group nogroup
91 119 
 persist-key
92 120 
 persist-tun
93 121 
 status openvpn-status.log
... ... 
@@ -121,7 +157,7 @@ remote $VPN_SERVER $VPN_PORT
121 121 
 resolv-retry infinite
122 122 
 nobind
123 123 
 user nobody
124 
-group nobody
124 
+group nogroup
125 125 
 persist-key
126 126 
 persist-tun
127 127 
 comp-lzo