... | ... |
@@ -10,13 +10,20 @@ |
10 | 10 |
# --server mode configures the host with a running OpenVPN server instance |
11 | 11 |
# --client mode creates a tarball of a client configuration for this server |
12 | 12 |
|
13 |
+# Get config file |
|
14 |
+if [ -e localrc.vpn ]; then |
|
15 |
+ . localrc.vpn |
|
16 |
+fi |
|
17 |
+ |
|
13 | 18 |
# VPN Config |
14 | 19 |
VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212 |
15 | 20 |
VPN_PROTO=${VPN_PROTO:-tcp} |
16 | 21 |
VPN_PORT=${VPN_PORT:-6081} |
17 | 22 |
VPN_DEV=${VPN_DEV:-tun} |
23 |
+VPN_BRIDGE=${VPN_BRIDGE:-br0} |
|
18 | 24 |
VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0} |
19 | 25 |
VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0} |
26 |
+VPN_CLIENT_DHCP="${VPN_CLIENT_DHCP:-172.16.28.1 172.16.28.254}" |
|
20 | 27 |
VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0} |
21 | 28 |
VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0} |
22 | 29 |
|
... | ... |
@@ -39,7 +46,8 @@ if [ -z $1 ]; then |
39 | 39 |
fi |
40 | 40 |
|
41 | 41 |
# Install OpenVPN |
42 |
-if [ ! -x `which openvpn` ]; then |
|
42 |
+VPN_EXEC=`which openvpn` |
|
43 |
+if [ -z "$VPN_EXEC" -o ! -x "$VPN_EXEC" ]; then |
|
43 | 44 |
apt-get install -y openvpn bridge-utils |
44 | 45 |
fi |
45 | 46 |
if [ ! -d $CA_DIR ]; then |
... | ... |
@@ -73,21 +81,49 @@ do_server() { |
73 | 73 |
(cd $CA_DIR/keys; |
74 | 74 |
cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR |
75 | 75 |
) |
76 |
+ cat >$VPN_DIR/br-up <<EOF |
|
77 |
+#!/bin/bash |
|
78 |
+ |
|
79 |
+BR="$VPN_BRIDGE" |
|
80 |
+TAP="\$1" |
|
81 |
+ |
|
82 |
+for t in \$TAP; do |
|
83 |
+ openvpn --mktun --dev \$t |
|
84 |
+ brctl addif \$BR \$t |
|
85 |
+ ifconfig \$t 0.0.0.0 promisc up |
|
86 |
+done |
|
87 |
+EOF |
|
88 |
+ chmod +x $VPN_DIR/br-up |
|
89 |
+ cat >$VPN_DIR/br-down <<EOF |
|
90 |
+#!/bin/bash |
|
91 |
+ |
|
92 |
+BR="$VPN_BRIDGE" |
|
93 |
+TAP="\$1" |
|
94 |
+ |
|
95 |
+for i in \$TAP; do |
|
96 |
+ brctl delif \$BR $t |
|
97 |
+ openvpn --rmtun --dev \$i |
|
98 |
+done |
|
99 |
+EOF |
|
100 |
+ chmod +x $VPN_DIR/br-down |
|
76 | 101 |
cat >$VPN_DIR/$NAME.conf <<EOF |
77 | 102 |
proto $VPN_PROTO |
78 | 103 |
port $VPN_PORT |
79 | 104 |
dev $VPN_DEV |
105 |
+up $VPN_DIR/br-up |
|
106 |
+down $VPN_DIR/br-down |
|
80 | 107 |
cert $NAME.crt |
81 | 108 |
key $NAME.key # This file should be kept secret |
82 | 109 |
ca ca.crt |
83 | 110 |
dh dh1024.pem |
84 | 111 |
duplicate-cn |
85 |
-server $VPN_CLIENT_NET $VPN_CLIENT_MASK |
|
112 |
+#server $VPN_CLIENT_NET $VPN_CLIENT_MASK |
|
113 |
+server-bridge $VPN_CLIENT_NET $VPN_CLIENT_MASK $VPN_CLIENT_DHCP |
|
86 | 114 |
ifconfig-pool-persist ipp.txt |
87 | 115 |
push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK" |
88 | 116 |
comp-lzo |
89 | 117 |
user nobody |
90 |
-group nobody |
|
118 |
+group nogroup |
|
91 | 119 |
persist-key |
92 | 120 |
persist-tun |
93 | 121 |
status openvpn-status.log |
... | ... |
@@ -121,7 +157,7 @@ remote $VPN_SERVER $VPN_PORT |
121 | 121 |
resolv-retry infinite |
122 | 122 |
nobind |
123 | 123 |
user nobody |
124 |
-group nobody |
|
124 |
+group nogroup |
|
125 | 125 |
persist-key |
126 | 126 |
persist-tun |
127 | 127 |
comp-lzo |