the generator keeps track, so you can't generate.
-c CLIENT_HOST default is localhost. Else we ssh to root@CLIENT_HOST
-n CONFIG_NAME default is client
--s SCRIPT_PATH Use custom up/down script at PATH, copied to same path
- on client.
+-s SCRIPT_PATH Use custom up/down script at SCRIPT_PATH. copied to same path
+ on client, if client is not localhost.
Generate a client cert and config and install it on locally or on
CLIENT_HOST if given. Uses default config options, and expects be able
# matching server config
cipher AES-256-CBC
-
# example config has the commented line, but this other thing looks stronger,
# and I've seen it in a vpn provider I trust
# ns-cert-type server
usage() {
cat <<'EOF'
-usage: ${0##*/} [-d|-h|--help]
+usage: ${0##*/} [-d|-h|--help] [IPV6_ADDR/BITS IPV6_DEFAULT_ROUTE]
-r Do not push default route
-d Do not push dns
traffic goes through the vpn. requires systemd, and might have some
debian specific paths.
+For ipv6, we assume ipv6_addr routes to the server.
+
You can save all the keys by storing /etc/openvpn/easy-rsa/keys, and
the script will not generate them if it sees they exist already.
esac
done
+read -r ip6 ip6route <<<"$@"
+
+
apt-get update
# suggests get's us openssl. policy-rc.d is to prevent install from starting services
f=/usr/sbin/policy-rc.d;
EOF
fi
+if $ip6; then
+ cat >>$server_dir/server.conf <<EOF
+push tun-ipv6 # legacy option that flidas needs, has no harm.
+ifconfig-ipv6 $ip6 $ip6_route
+EOF
+fi
+
+
if $route; then
cat >>$server_dir/server.conf <<'EOF'
# Be the default gateway for clients.
push "redirect-gateway def1"
EOF
+ if $ip6; then
+ cat >>$server_dir/server.conf <<'EOF'
+push "route-ipv6 2000::/3"
+EOF
+ fi
fi
sed -i --follow-symlinks '/^ *net\.ipv4\.ip_forward=.*/d' /etc/sysctl.conf
iankelling.org / git / vpn-setup / commitdiff