iankelling.org
/
git
/
vpn-setup
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
support ipv6
[vpn-setup]
/
vpn-server-setup
diff --git
a/vpn-server-setup
b/vpn-server-setup
index ded2a785f59250b265f2307a85ccdb3e04cfb98c..a311ba8d0ae09bbc3f543921af3b06a07451fbbd 100755
(executable)
--- a/
vpn-server-setup
+++ b/
vpn-server-setup
@@
-21,7
+21,7
@@
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
usage() {
cat <<'EOF'
usage() {
cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help]
[IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
-r Do not push default route
-d Do not push dns
-r Do not push default route
-d Do not push dns
@@
-32,9
+32,15
@@
Sets up a vpn server which pushes gateway route and dns server so all
traffic goes through the vpn. requires systemd, and might have some
debian specific paths.
traffic goes through the vpn. requires systemd, and might have some
debian specific paths.
+For ipv6, we assume ipv6_addr routes to the server.
+
You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
the script will not generate them if it sees they exist already.
You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
the script will not generate them if it sees they exist already.
+For future updates to this script, this is a good place to
+take inspiration.
+https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh
+
Note: Uses GNU getopt options parsing style
EOF
exit $1
Note: Uses GNU getopt options parsing style
EOF
exit $1
@@
-56,6
+62,9
@@
while true; do
esac
done
esac
done
+read -r ip6 ip6route <<<"$@"
+
+
apt-get update
# suggests get's us openssl. policy-rc.d is to prevent install from starting services
f=/usr/sbin/policy-rc.d;
apt-get update
# suggests get's us openssl. policy-rc.d is to prevent install from starting services
f=/usr/sbin/policy-rc.d;
@@
-184,11
+193,24
@@
push "dhcp-option DNS 10.8.0.1"
EOF
fi
EOF
fi
+if $ip6; then
+ cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6_route
+EOF
+fi
+
+
if $route; then
cat >>$server_dir/server.conf <<'EOF'
# Be the default gateway for clients.
push "redirect-gateway def1"
EOF
if $route; then
cat >>$server_dir/server.conf <<'EOF'
# Be the default gateway for clients.
push "redirect-gateway def1"
EOF
+ if $ip6; then
+ cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+ fi
fi
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf
fi
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf