support ipv6

[vpn-setup] / vpn-server-setup

diff --git a/vpn-server-setup b/vpn-server-setup
index ded2a785f59250b265f2307a85ccdb3e04cfb98c..a311ba8d0ae09bbc3f543921af3b06a07451fbbd 100755 (executable)
--- a/vpn-server-setup
+++ b/vpn-server-setup
@@ -21,7 +21,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 usage() {
   cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help] [IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
 
 -r  Do not push default route
 -d  Do not push dns
@@ -32,9 +32,15 @@ Sets up a vpn server which pushes gateway route and dns server so all
 traffic goes through the vpn. requires systemd, and might have some
 debian specific paths.
 
+For ipv6, we assume ipv6_addr routes to the server.
+
 You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
 the script will not generate them if it sees they exist already.
 
+For future updates to this script, this is a good place to
+take inspiration.
+https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh
+
 Note: Uses GNU getopt options parsing style
 EOF
   exit $1
@@ -56,6 +62,9 @@ while true; do
   esac
 done
 
+read -r ip6 ip6route <<<"$@"
+
+
 apt-get update
 # suggests get's us openssl. policy-rc.d is to prevent install from starting services
 f=/usr/sbin/policy-rc.d;
@@ -184,11 +193,24 @@ push "dhcp-option DNS 10.8.0.1"
 EOF
 fi
 
+if $ip6; then
+  cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6_route
+EOF
+fi
+
+
 if $route; then
   cat >>$server_dir/server.conf <<'EOF'
 # Be the default gateway for clients.
 push "redirect-gateway def1"
 EOF
+  if $ip6; then
+    cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+  fi
 fi
 
 sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf