iankelling.org
/
git
/
vpn-setup
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e1e49f5
)
minor rename and improvements
author
Ian Kelling
<ian@iankelling.org>
Tue, 24 Jan 2017 06:24:56 +0000
(22:24 -0800)
committer
Ian Kelling
<ian@iankelling.org>
Tue, 24 Jan 2017 06:24:56 +0000
(22:24 -0800)
vpn-server-setup
patch
|
blob
|
history
diff --git
a/vpn-server-setup
b/vpn-server-setup
index 8d25c1f4c62918ade08c916ec35c2fa5a3918b51..4dcb2158c721f709dff01a5bc977e515e8a31f0a 100755
(executable)
--- a/
vpn-server-setup
+++ b/
vpn-server-setup
@@
-83,7
+83,11
@@
teeu /etc/openvpn/server.conf <<'EOF'
cipher aes-256-cbc
# Be the default gateway for clients.
push "redirect-gateway def1"
cipher aes-256-cbc
# Be the default gateway for clients.
push "redirect-gateway def1"
+# just sets up the ability to have client specific configs
+client-config-dir /etc/openvpn/client-config
EOF
EOF
+mkdir -p /etc/openvpn/client-config
+
if $dns; then
# Be the dns server for clients
if $dns; then
# Be the dns server for clients
@@
-101,7
+105,7
@@
EOF
gw=$(ip route | sed -rn 's/^default via .* dev (\S+).*/\1/p')
gw=$(ip route | sed -rn 's/^default via .* dev (\S+).*/\1/p')
-sudo dd of=/etc/systemd/system/
my
nat.service <<EOF
+sudo dd of=/etc/systemd/system/
vpn
nat.service <<EOF
[Unit]
Description=Turns on nat iptables setting
[Unit]
Description=Turns on nat iptables setting
@@
-112,10
+116,10
@@
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERA
ExecStop=/sbin/iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE
[Install]
ExecStop=/sbin/iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $gw -j MASQUERADE
[Install]
-WantedBy=
multi-user.target
+WantedBy=
openvpn.service
EOF
systemctl daemon-reload # needed if the file was already there
EOF
systemctl daemon-reload # needed if the file was already there
-systemctl enable
my
nat.service
-systemctl start
my
nat.service
+systemctl enable
vpn
nat.service
+systemctl start
vpn
nat.service
systemctl restart openvpn@server
systemctl restart openvpn@server