Set sane defaults, get config info from localrc
Change-Id: If8f942723c5e796207f3caf15a65c8501cd63d83
This commit is contained in:
parent
59cd090515
commit
f44e98d1c7
1 changed files with 43 additions and 15 deletions
|
@ -11,24 +11,41 @@
|
||||||
# --client mode creates a tarball of a client configuration for this server
|
# --client mode creates a tarball of a client configuration for this server
|
||||||
|
|
||||||
# Get config file
|
# Get config file
|
||||||
if [ -e localrc.vpn ]; then
|
if [ -e localrc ]; then
|
||||||
. localrc.vpn
|
. localrc
|
||||||
fi
|
fi
|
||||||
|
if [ -e vpnrc ]; then
|
||||||
|
. vpnrc
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Do some IP manipulation
|
||||||
|
function cidr2netmask() {
|
||||||
|
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
|
||||||
|
if [[ $1 -gt 1 ]]; then
|
||||||
|
shift $1
|
||||||
|
else
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
echo ${1-0}.${2-0}.${3-0}.${4-0}
|
||||||
|
}
|
||||||
|
|
||||||
|
FIXED_NET=`echo $FIXED_RANGE | cut -d'/' -f1`
|
||||||
|
FIXED_CIDR=`echo $FIXED_RANGE | cut -d'/' -f2`
|
||||||
|
FIXED_MASK=`cidr2netmask $FIXED_CIDR`
|
||||||
|
|
||||||
# VPN Config
|
# VPN Config
|
||||||
VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212
|
VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212
|
||||||
VPN_PROTO=${VPN_PROTO:-tcp}
|
VPN_PROTO=${VPN_PROTO:-tcp}
|
||||||
VPN_PORT=${VPN_PORT:-6081}
|
VPN_PORT=${VPN_PORT:-6081}
|
||||||
VPN_DEV=${VPN_DEV:-tun}
|
VPN_DEV=${VPN_DEV:-tap0}
|
||||||
VPN_BRIDGE=${VPN_BRIDGE:-br0}
|
VPN_BRIDGE=${VPN_BRIDGE:-br100}
|
||||||
VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
|
VPN_BRIDGE_IF=${VPN_BRIDGE_IF:-$FLAT_INTERFACE}
|
||||||
VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
|
VPN_CLIENT_NET=${VPN_CLIENT_NET:-$FIXED_NET}
|
||||||
VPN_CLIENT_DHCP="${VPN_CLIENT_DHCP:-172.16.28.1 172.16.28.254}"
|
VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-$FIXED_MASK}
|
||||||
VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
|
VPN_CLIENT_DHCP="${VPN_CLIENT_DHCP:-net.1 net.254}"
|
||||||
VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
|
|
||||||
|
|
||||||
VPN_DIR=/etc/openvpn
|
VPN_DIR=/etc/openvpn
|
||||||
CA_DIR=/etc/openvpn/easy-rsa
|
CA_DIR=$VPN_DIR/easy-rsa
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo "$0 - OpenVPN install and certificate generation"
|
echo "$0 - OpenVPN install and certificate generation"
|
||||||
|
@ -54,7 +71,16 @@ if [ ! -d $CA_DIR ]; then
|
||||||
cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR
|
cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR
|
||||||
fi
|
fi
|
||||||
|
|
||||||
OPWD=`pwd`
|
# Keep track of the current directory
|
||||||
|
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
|
||||||
|
TOP_DIR=$(cd $TOOLS_DIR/.. && pwd)
|
||||||
|
|
||||||
|
WEB_DIR=$TOP_DIR/../vpn
|
||||||
|
if [[ ! -d $WEB_DIR ]]; then
|
||||||
|
mkdir -p $WEB_DIR
|
||||||
|
fi
|
||||||
|
WEB_DIR=$(cd $TOP_DIR/../vpn && pwd)
|
||||||
|
|
||||||
cd $CA_DIR
|
cd $CA_DIR
|
||||||
source ./vars
|
source ./vars
|
||||||
|
|
||||||
|
@ -87,6 +113,10 @@ do_server() {
|
||||||
BR="$VPN_BRIDGE"
|
BR="$VPN_BRIDGE"
|
||||||
TAP="\$1"
|
TAP="\$1"
|
||||||
|
|
||||||
|
if [[ ! -d /sys/class/net/\$BR ]]; then
|
||||||
|
brctl addbr \$BR
|
||||||
|
fi
|
||||||
|
|
||||||
for t in \$TAP; do
|
for t in \$TAP; do
|
||||||
openvpn --mktun --dev \$t
|
openvpn --mktun --dev \$t
|
||||||
brctl addif \$BR \$t
|
brctl addif \$BR \$t
|
||||||
|
@ -117,10 +147,8 @@ key $NAME.key # This file should be kept secret
|
||||||
ca ca.crt
|
ca ca.crt
|
||||||
dh dh1024.pem
|
dh dh1024.pem
|
||||||
duplicate-cn
|
duplicate-cn
|
||||||
#server $VPN_CLIENT_NET $VPN_CLIENT_MASK
|
|
||||||
server-bridge $VPN_CLIENT_NET $VPN_CLIENT_MASK $VPN_CLIENT_DHCP
|
server-bridge $VPN_CLIENT_NET $VPN_CLIENT_MASK $VPN_CLIENT_DHCP
|
||||||
ifconfig-pool-persist ipp.txt
|
ifconfig-pool-persist ipp.txt
|
||||||
push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
|
|
||||||
comp-lzo
|
comp-lzo
|
||||||
user nobody
|
user nobody
|
||||||
group nogroup
|
group nogroup
|
||||||
|
@ -163,9 +191,9 @@ persist-tun
|
||||||
comp-lzo
|
comp-lzo
|
||||||
verb 3
|
verb 3
|
||||||
EOF
|
EOF
|
||||||
(cd $TMP_DIR; tar cf $OPWD/$NAME.tar *)
|
(cd $TMP_DIR; tar cf $WEB_DIR/$NAME.tar *)
|
||||||
rm -rf $TMP_DIR
|
rm -rf $TMP_DIR
|
||||||
echo "Client certificate and configuration is in $OPWD/$NAME.tar"
|
echo "Client certificate and configuration is in $WEB_DIR/$NAME.tar"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Process command line args
|
# Process command line args
|
||||||
|
|
Loading…
Reference in a new issue