add ipv6 support

[vpn-setup] / vpn-server-setup

diff --git a/vpn-server-setup b/vpn-server-setup
index ded2a785f59250b265f2307a85ccdb3e04cfb98c..30080d4f073b44cc88127fd583b4011786fc1bda 100755 (executable)
--- a/vpn-server-setup
+++ b/vpn-server-setup
@@ -21,7 +21,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 usage() {
   cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help] [IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
 
 -r  Do not push default route
 -d  Do not push dns
@@ -32,6 +32,8 @@ Sets up a vpn server which pushes gateway route and dns server so all
 traffic goes through the vpn. requires systemd, and might have some
 debian specific paths.
 
+For ipv6, we assume ipv6_addr routes to the server.
+
 You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
 the script will not generate them if it sees they exist already.
 
@@ -56,6 +58,9 @@ while true; do
   esac
 done
 
+read -r ip6 ip6route <<<"$@"
+
+
 apt-get update
 # suggests get's us openssl. policy-rc.d is to prevent install from starting services
 f=/usr/sbin/policy-rc.d;
@@ -184,11 +189,24 @@ push "dhcp-option DNS 10.8.0.1"
 EOF
 fi
 
+if $ip6; then
+  cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6_route
+EOF
+fi
+
+
 if $route; then
   cat >>$server_dir/server.conf <<'EOF'
 # Be the default gateway for clients.
 push "redirect-gateway def1"
 EOF
+  if $ip6; then
+    cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+  fi
 fi
 
 sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf