X-Git-Url: https://iankelling.org/git/?p=vpn-setup;a=blobdiff_plain;f=vpn-server-setup;h=1224ff293333eb7c9fc33f009ef1073c84f01302;hp=ded2a785f59250b265f2307a85ccdb3e04cfb98c;hb=fc6198e7dc708aa5abc3a393e55a9f90bbf0f4d3;hpb=50a29b33506900a8bc5d87e67ea0d3fd9bd69369

diff --git a/vpn-server-setup b/vpn-server-setup
index ded2a78..1224ff2 100755
--- a/vpn-server-setup
+++ b/vpn-server-setup
@@ -21,7 +21,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 usage() {
   cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help] [IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
 
 -r  Do not push default route
 -d  Do not push dns
@@ -32,9 +32,15 @@ Sets up a vpn server which pushes gateway route and dns server so all
 traffic goes through the vpn. requires systemd, and might have some
 debian specific paths.
 
+For ipv6, we assume ipv6_addr routes to the server.
+
 You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
 the script will not generate them if it sees they exist already.
 
+For future updates to this script, this is a good place to
+take inspiration.
+https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh
+
 Note: Uses GNU getopt options parsing style
 EOF
   exit $1
@@ -56,6 +62,9 @@ while true; do
   esac
 done
 
+read -r ip6 ip6route <<<"$@"
+
+
 apt-get update
 # suggests get's us openssl. policy-rc.d is to prevent install from starting services
 f=/usr/sbin/policy-rc.d;
@@ -184,18 +193,35 @@ push "dhcp-option DNS 10.8.0.1"
 EOF
 fi
 
+if [[ $ip6 ]]; then
+  cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6route
+EOF
+
+  sed -i --follow-symlinks '/^ *net.ipv6.conf.all.forwarding=.*/d' /etc/sysctl.conf
+  cat >>/etc/sysctl.conf <<'EOF'
+net.ipv6.conf.all.forwarding=1
+EOF
+
+fi
+
+
 if $route; then
   cat >>$server_dir/server.conf <<'EOF'
 # Be the default gateway for clients.
 push "redirect-gateway def1"
 EOF
+  if [[ $ip6 ]]; then
+    cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+  fi
 fi
 
 sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf
-sed -i --follow-symlinks '/^ *net.ipv6.conf.all.forwarding=.*/d' /etc/sysctl.conf
 cat >>/etc/sysctl.conf <<'EOF'
 net.ipv4.ip_forward=1
-net.ipv6.conf.all.forwarding=1
 EOF
 sysctl -p /etc/sysctl.conf