mirror of
https://github.com/pivpn/pivpn.git
synced 2025-04-24 08:10:10 +00:00
Updates to subnet generation and client creation (#1782)
* refactor(core): allow any subnet and netmask * fix(scripts): prevent adding more clients than the subnet allows * fix(scripts): correctly remove leading zeros from ipv6 quartets * refactor(core): new probabilistic subnet generation with fallback to other RFC1918 subnets
This commit is contained in:
Orazio
4s3ti
parent
20d3a4ccd4
commit
850e665642
6 changed files with 339 additions and 106 deletions
|
|
@ -14,6 +14,12 @@ INDEX="/etc/openvpn/easy-rsa/pki/index.txt"
|
|||
# shellcheck disable=SC1090
|
||||
source "${setupVars}"
|
||||
|
||||
if [ ! -r /opt/pivpn/ipaddr_utils.sh ]; then
|
||||
exit 1
|
||||
fi
|
||||
# shellcheck disable=SC1091
|
||||
source /opt/pivpn/ipaddr_utils.sh
|
||||
|
||||
# shellcheck disable=SC2154
|
||||
userGroup="${install_user}:${install_user}"
|
||||
|
||||
|
|
@ -162,16 +168,6 @@ keyPASS() {
|
|||
cd pki || exit
|
||||
}
|
||||
|
||||
cidrToMask() {
|
||||
# Source: https://stackoverflow.com/a/20767392
|
||||
set -- $((5 - (${1} / 8))) \
|
||||
255 255 255 255 \
|
||||
$(((255 << (8 - (${1} % 8))) & 255)) \
|
||||
0 0 0
|
||||
shift "${1}"
|
||||
echo "${1-0}.${2-0}.${3-0}.${4-0}"
|
||||
}
|
||||
|
||||
### Script
|
||||
if [[ ! -f "${setupVars}" ]]; then
|
||||
err "::: Missing setup vars file!"
|
||||
|
|
@ -293,6 +289,35 @@ if [[ ! -d "${install_home}/ovpns" ]]; then
|
|||
chmod 0750 "${install_home}/ovpns"
|
||||
fi
|
||||
|
||||
# Exclude first, last and server addresses
|
||||
# shellcheck disable=SC2154
|
||||
MAX_CLIENTS="$((2 ** (32 - subnetClass) - 3))"
|
||||
|
||||
# shellcheck disable=SC2154
|
||||
FIRST_IPV4_DEC="$(dotIPv4FirstDec "${pivpnNET}" "${subnetClass}")"
|
||||
LAST_IPV4_DEC="$(dotIPv4LastDec "${pivpnNET}" "${subnetClass}")"
|
||||
|
||||
if [ "$(find /etc/openvpn/ccd -type f | wc -l)" -ge "${MAX_CLIENTS}" ]; then
|
||||
echo "::: Can't add any more clients (max. ${MAX_CLIENTS})!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Find an unused address for the client IP
|
||||
for ((ip = FIRST_IPV4_DEC + 2; ip <= LAST_IPV4_DEC - 1; ip++)); do
|
||||
# find returns 0 if the folder is empty, so we create the 'ls -A [...]'
|
||||
# exception to stop at the first static IP (10.8.0.2). Otherwise it would
|
||||
# cycle to the end without finding and available octet.
|
||||
# disabling SC2514, variable sourced externaly
|
||||
ip_dot="$(decIPv4ToDot "${ip}")"
|
||||
|
||||
if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] \
|
||||
|| ! find /etc/openvpn/ccd -type f \
|
||||
-exec grep -q "${ip_dot}" {} +; then
|
||||
UNUSED_IPV4_DOT="${ip_dot}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
#bitWarden
|
||||
if [[ "${BITWARDEN}" =~ "2" ]]; then
|
||||
useBitwarden
|
||||
|
|
@ -469,33 +494,15 @@ if [[ "${iOS}" == 1 ]]; then
|
|||
printf "========================================================\n\n"
|
||||
fi
|
||||
|
||||
#disabling SC2514, variable sourced externaly
|
||||
# shellcheck disable=SC2154
|
||||
NET_REDUCED="${pivpnNET::-2}"
|
||||
|
||||
# Find an unused number for the last octet of the client IP
|
||||
for i in {2..254}; do
|
||||
# find returns 0 if the folder is empty, so we create the 'ls -A [...]'
|
||||
# exception to stop at the first static IP (10.8.0.2). Otherwise it would
|
||||
# cycle to the end without finding and available octet.
|
||||
# disabling SC2514, variable sourced externaly
|
||||
# shellcheck disable=SC2154
|
||||
if [[ -z "$(ls -A /etc/openvpn/ccd)" ]] \
|
||||
|| ! find /etc/openvpn/ccd -type f \
|
||||
-exec grep -q "${NET_REDUCED}.${i}" {} +; then
|
||||
COUNT="${i}"
|
||||
echo -n "ifconfig-push ${NET_REDUCED}.${i} " >> /etc/openvpn/ccd/"${NAME}"
|
||||
# The space after ${i} is important ------^!
|
||||
cidrToMask "${subnetClass}" >> /etc/openvpn/ccd/"${NAME}"
|
||||
# the end resuld should be a line like:
|
||||
# ifconfig-push ${NET_REDUCED}.${i} ${subnetClass}
|
||||
# ifconfig-push 10.205.45.8 255.255.255.0
|
||||
break
|
||||
fi
|
||||
done
|
||||
echo -n "ifconfig-push ${UNUSED_IPV4_DOT} " >> /etc/openvpn/ccd/"${NAME}"
|
||||
# The space after ${UNUSED_IPV4_DOT} is important!
|
||||
cidrToMask "${subnetClass}" >> /etc/openvpn/ccd/"${NAME}"
|
||||
# the end resuld should be a line like:
|
||||
# ifconfig-push ${UNUSED_IPV4_DOT} ${subnetClass}
|
||||
# ifconfig-push 10.205.45.8 255.255.255.0
|
||||
|
||||
if [[ -f /etc/pivpn/hosts.openvpn ]]; then
|
||||
echo "${NET_REDUCED}.${COUNT} ${NAME}.pivpn" >> /etc/pivpn/hosts.openvpn
|
||||
echo "${UNUSED_IPV4_DOT} ${NAME}.pivpn" >> /etc/pivpn/hosts.openvpn
|
||||
|
||||
if killall -SIGHUP pihole-FTL; then
|
||||
echo "::: Updated hosts file for Pi-hole"
|
||||
|
|
|
|||
|
|
@ -4,9 +4,16 @@
|
|||
### Constants
|
||||
setupVars="/etc/pivpn/openvpn/setupVars.conf"
|
||||
INDEX="/etc/openvpn/easy-rsa/pki/index.txt"
|
||||
|
||||
# shellcheck disable=SC1090
|
||||
source "${setupVars}"
|
||||
|
||||
if [ ! -r /opt/pivpn/ipaddr_utils.sh ]; then
|
||||
exit 1
|
||||
fi
|
||||
# shellcheck disable=SC1091
|
||||
source /opt/pivpn/ipaddr_utils.sh
|
||||
|
||||
### Functions
|
||||
err() {
|
||||
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
|
||||
|
|
@ -167,10 +174,8 @@ for ((ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
|
|||
# Disabling SC2154 $pivpnNET sourced externally
|
||||
# shellcheck disable=SC2154
|
||||
# Grab the client IP address
|
||||
NET_REDUCED="${pivpnNET::-2}"
|
||||
STATIC_IP="$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" \
|
||||
| grep -w ifconfig-push \
|
||||
| grep -oE "${NET_REDUCED}\.[0-9]{1,3}")"
|
||||
| grep -w ifconfig-push | awk '{print $2}')"
|
||||
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
|
||||
|
||||
# disablung warning SC2154, $install_home sourced externally
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue