Merge pull request #193 from cloudbuilders/openvpn

Change install_openvpn.sh to bridged mode
This commit is contained in:
Dean Troyer 2011-11-14 15:57:10 -08:00
commit 147913faca

View file

@ -10,13 +10,20 @@
# --server mode configures the host with a running OpenVPN server instance # --server mode configures the host with a running OpenVPN server instance
# --client mode creates a tarball of a client configuration for this server # --client mode creates a tarball of a client configuration for this server
# Get config file
if [ -e localrc.vpn ]; then
. localrc.vpn
fi
# VPN Config # VPN Config
VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212 VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212
VPN_PROTO=${VPN_PROTO:-tcp} VPN_PROTO=${VPN_PROTO:-tcp}
VPN_PORT=${VPN_PORT:-6081} VPN_PORT=${VPN_PORT:-6081}
VPN_DEV=${VPN_DEV:-tun} VPN_DEV=${VPN_DEV:-tun}
VPN_BRIDGE=${VPN_BRIDGE:-br0}
VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0} VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0} VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
VPN_CLIENT_DHCP="${VPN_CLIENT_DHCP:-172.16.28.1 172.16.28.254}"
VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0} VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0} VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
@ -39,7 +46,8 @@ if [ -z $1 ]; then
fi fi
# Install OpenVPN # Install OpenVPN
if [ ! -x `which openvpn` ]; then VPN_EXEC=`which openvpn`
if [ -z "$VPN_EXEC" -o ! -x "$VPN_EXEC" ]; then
apt-get install -y openvpn bridge-utils apt-get install -y openvpn bridge-utils
fi fi
if [ ! -d $CA_DIR ]; then if [ ! -d $CA_DIR ]; then
@ -73,21 +81,49 @@ do_server() {
(cd $CA_DIR/keys; (cd $CA_DIR/keys;
cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR
) )
cat >$VPN_DIR/br-up <<EOF
#!/bin/bash
BR="$VPN_BRIDGE"
TAP="\$1"
for t in \$TAP; do
openvpn --mktun --dev \$t
brctl addif \$BR \$t
ifconfig \$t 0.0.0.0 promisc up
done
EOF
chmod +x $VPN_DIR/br-up
cat >$VPN_DIR/br-down <<EOF
#!/bin/bash
BR="$VPN_BRIDGE"
TAP="\$1"
for i in \$TAP; do
brctl delif \$BR $t
openvpn --rmtun --dev \$i
done
EOF
chmod +x $VPN_DIR/br-down
cat >$VPN_DIR/$NAME.conf <<EOF cat >$VPN_DIR/$NAME.conf <<EOF
proto $VPN_PROTO proto $VPN_PROTO
port $VPN_PORT port $VPN_PORT
dev $VPN_DEV dev $VPN_DEV
up $VPN_DIR/br-up
down $VPN_DIR/br-down
cert $NAME.crt cert $NAME.crt
key $NAME.key # This file should be kept secret key $NAME.key # This file should be kept secret
ca ca.crt ca ca.crt
dh dh1024.pem dh dh1024.pem
duplicate-cn duplicate-cn
server $VPN_CLIENT_NET $VPN_CLIENT_MASK #server $VPN_CLIENT_NET $VPN_CLIENT_MASK
server-bridge $VPN_CLIENT_NET $VPN_CLIENT_MASK $VPN_CLIENT_DHCP
ifconfig-pool-persist ipp.txt ifconfig-pool-persist ipp.txt
push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK" push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
comp-lzo comp-lzo
user nobody user nobody
group nobody group nogroup
persist-key persist-key
persist-tun persist-tun
status openvpn-status.log status openvpn-status.log
@ -121,7 +157,7 @@ remote $VPN_SERVER $VPN_PORT
resolv-retry infinite resolv-retry infinite
nobind nobind
user nobody user nobody
group nobody group nogroup
persist-key persist-key
persist-tun persist-tun
comp-lzo comp-lzo