iankelling.org
/
git
/
vpn-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add ipv6 support
[vpn-setup]
/
vpn-server-setup
diff --git
a/vpn-server-setup
b/vpn-server-setup
index ded2a785f59250b265f2307a85ccdb3e04cfb98c..30080d4f073b44cc88127fd583b4011786fc1bda 100755
(executable)
--- a/
vpn-server-setup
+++ b/
vpn-server-setup
@@
-21,7
+21,7
@@
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
usage() {
cat <<'EOF'
usage() {
cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help]
[IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
-r Do not push default route
-d Do not push dns
-r Do not push default route
-d Do not push dns
@@
-32,6
+32,8
@@
Sets up a vpn server which pushes gateway route and dns server so all
traffic goes through the vpn. requires systemd, and might have some
debian specific paths.
traffic goes through the vpn. requires systemd, and might have some
debian specific paths.
+For ipv6, we assume ipv6_addr routes to the server.
+
You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
the script will not generate them if it sees they exist already.
You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
the script will not generate them if it sees they exist already.
@@
-56,6
+58,9
@@
while true; do
esac
done
esac
done
+read -r ip6 ip6route <<<"$@"
+
+
apt-get update
# suggests get's us openssl. policy-rc.d is to prevent install from starting services
f=/usr/sbin/policy-rc.d;
apt-get update
# suggests get's us openssl. policy-rc.d is to prevent install from starting services
f=/usr/sbin/policy-rc.d;
@@
-184,11
+189,24
@@
push "dhcp-option DNS 10.8.0.1"
EOF
fi
EOF
fi
+if $ip6; then
+ cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6_route
+EOF
+fi
+
+
if $route; then
cat >>$server_dir/server.conf <<'EOF'
# Be the default gateway for clients.
push "redirect-gateway def1"
EOF
if $route; then
cat >>$server_dir/server.conf <<'EOF'
# Be the default gateway for clients.
push "redirect-gateway def1"
EOF
+ if $ip6; then
+ cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+ fi
fi
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf
fi
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf