[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
dns=true
+route=true
case $1 in
- -d)
- dns=false
- ;;
+ -r) route=false ;;
+ -d) dns=false ;;
-h|--help|*)
cat <<'EOF'
usage: ${0##*/} [-d|-h|--help]
+-r Do not push default route
-d Do not push dns
-h --help print help
/^comp-lzo.*/d
EOF
-teeu() {
- while read -r line; do
- grep -xFq "$line" "$1" || echo "$line" | tee -a "$1"
- done
-}
-teeu /etc/openvpn/server.conf <<'EOF'
+cat >>/etc/openvpn/server.conf <<'EOF'
# not in example config, but openvpn outputs a warning about insecure
# cipher without a setting like this (the default i can understand due
# to compatibility issues, but not changing the example config... not
# cool). exact cipher taken from config of vpn provider I trust. This
# requires the same setting on the client side.
cipher aes-256-cbc
-# Be the default gateway for clients.
-push "redirect-gateway def1"
# just sets up the ability to have client specific configs
client-config-dir /etc/openvpn/client-config
EOF
mkdir -p /etc/openvpn/client-config
+if $route; then
+ cat >>/etc/openvpn/server.conf <<'EOF'
+# Be the default gateway for clients.
+push "redirect-gateway def1"
+EOF
+fi
if $dns; then
# Be the dns server for clients
- teeu /etc/openvpn/server.conf <<'EOF'
+ cat >>/etc/openvpn/server.conf <<'EOF'
push "dhcp-option DNS 10.8.0.1"
EOF
fi
echo "1" > /proc/sys/net/ipv4/ip_forward
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf
-teeu /etc/sysctl.conf <<'EOF'
+cat >>/etc/sysctl.conf <<'EOF'
net.ipv4.ip_forward=1
EOF
gw=$(ip route | sed -rn 's/^default via .* dev (\S+).*/\1/p')
-sudo dd of=/etc/systemd/system/vpnnat.service <<EOF
+cat >/etc/systemd/system/vpnnat.service <<EOF
[Unit]
Description=Turns on nat iptables setting
iankelling.org / git / vpn-setup / commitdiff