X-Git-Url: https://iankelling.org/git/?p=vpn-setup;a=blobdiff_plain;f=vpn-server-setup;h=c135d4e862cb524b041977018e9cbc377f0bbcf0;hp=6254f0f7a9fe0825232959245f0786b9f82ba311;hb=HEAD;hpb=e6ee9ad43e4e1605f27d73555045f1e82ea5bc1c diff --git a/vpn-server-setup b/vpn-server-setup index 6254f0f..c135d4e 100755 --- a/vpn-server-setup +++ b/vpn-server-setup @@ -1,5 +1,12 @@ #!/bin/bash -# Copyright (C) 2016 Ian Kelling +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. + +# Copyright 2024 Ian Kelling # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,12 +34,15 @@ usage: ${0##*/} [OPTIONS] [IPV6_ADDR/BITS] -6 IP6_NETWORK Do ip6 nat for this network. ipv6 will work without nat, but you may want it in certain circumstances. -d Do not push dns +-i INTERFACE_NAME name of tun interface -n NAME default = server. 2 servers on the same host need different names. -p PORT default 1194 -r Do not push default route -s Do not start openvpn -h --help print help +IPV6_ADDR/BITS Ipv6 address of the vpn interface. + Sets up a vpn server which pushes gateway route and dns server so all traffic goes through the vpn. requires systemd, and might have some debian specific paths. @@ -56,13 +66,14 @@ route=true start=true ip4=10.8.0 name=server -temp=$(getopt -l help 4:6:dn:p:rsh "$@") || usage 1 +temp=$(getopt -l help 4:6:di:n:p:rsh "$@") || usage 1 eval set -- "$temp" while true; do case $1 in -4) ip4=$2; shift 2 ;; -6) ip6net=$2; shift 2 ;; -d) dns=false; shift ;; + -i) ifname=$2; shift 2 ;; -n) name=$2; shift 2 ;; -p) port=$2; shift 2 ;; -r) route=false; shift ;; @@ -77,7 +88,7 @@ read -r ip6 ip6route <<<"$@" source /a/bin/distro-functions/src/package-manager-abstractions -pi-nostart openvpn openssl resolvconf easy-rsa uuid-runtime +pi-nostart openvpn openssl easy-rsa uuid-runtime if [[ -e /lib/systemd/system/openvpn-server@.service ]]; then vpn_service=openvpn-server@$name @@ -139,7 +150,7 @@ if ! $keys_exist; then echo 'set_var EASYRSA_NS_SUPPORT "yes"' >vars ./easyrsa init-pki ./easyrsa --batch build-ca nopass - ./easyrsa build-server-full $name nopass + ./easyrsa --days=3650 build-server-full $name nopass else # dun care about settning cert cn etc from the non-example values source vars @@ -158,8 +169,12 @@ if ! $keys_exist; then fi fi - -gzip -dc /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz >$conf +if [[ -e /usr/share/doc/openvpn/examples/sample-config-files/server.conf ]]; then + cat /usr/share/doc/openvpn/examples/sample-config-files/server.conf >$conf +else + # pre-bullsye name + gzip -dc /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz >$conf +fi cafile=$server_dir/ca-$name.crt cp $ca_origin $cafile @@ -220,6 +235,12 @@ push "dhcp-option DNS $ip4.1" EOF fi +if [[ $ifname ]]; then + cat >>$conf <>$conf <