1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-23 05:10:21 +00:00

Use variables to define VPN ranges instead of hard coding IPs

This commit is contained in:
Orazio 2020-02-16 09:09:09 +01:00
parent edbd23a2a1
commit 9846d3787a
7 changed files with 46 additions and 26 deletions

View file

@ -1038,7 +1038,11 @@ askWhichVPN(){
fi fi
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
# Since WireGuard only uses UDP, askCustomProto() is never called so we
# set the protocol here (it's not actually required to save the value, but
# it might be useful for the user when port forwarding).
pivpnPROTO="udp" pivpnPROTO="udp"
echo "pivpnPROTO=${pivpnPROTO}" >> /tmp/setupVars.conf
pivpnDEV="wg0" pivpnDEV="wg0"
pivpnNET="10.6.0.0" pivpnNET="10.6.0.0"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
@ -1048,6 +1052,9 @@ askWhichVPN(){
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
echo "pivpnDEV=${pivpnDEV}" >> /tmp/setupVars.conf
echo "pivpnNET=${pivpnNET}" >> /tmp/setupVars.conf
echo "subnetClass=${subnetClass}" >> /tmp/setupVars.conf
} }
installOpenVPN(){ installOpenVPN(){
@ -1762,6 +1769,13 @@ askEncryption(){
echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> /tmp/setupVars.conf echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> /tmp/setupVars.conf
} }
cidrToMask(){
# Source: https://stackoverflow.com/a/20767392
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
[ $1 -gt 1 ] && shift $1 || shift
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
confOpenVPN(){ confOpenVPN(){
# Grab the existing Hostname # Grab the existing Hostname
host_name=$(hostname -s) host_name=$(hostname -s)
@ -1905,6 +1919,16 @@ set_var EASYRSA_ALGO ${pivpnCERT}" | $SUDO tee vars >/dev/null
$SUDO sed -i "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" /etc/openvpn/server.conf $SUDO sed -i "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" /etc/openvpn/server.conf
fi fi
# if they modified VPN network put value in server.conf
if [ "$pivpnNET" != "10.8.0.0" ]; then
$SUDO sed -i "s/10.8.0.0/${pivpnNET}/g" /etc/openvpn/server.conf
fi
# if they modified VPN subnet class put value in server.conf
if [ "$(cidrToMask "$subnetClass")" != "255.255.255.0" ]; then
$SUDO sed -i "s/255.255.255.0/$(cidrToMask "$subnetClass")/g" /etc/openvpn/server.conf
fi
# if they modified port put value in server.conf # if they modified port put value in server.conf
if [ "$pivpnPORT" != 1194 ]; then if [ "$pivpnPORT" != 1194 ]; then
$SUDO sed -i "s/1194/${pivpnPORT}/g" /etc/openvpn/server.conf $SUDO sed -i "s/1194/${pivpnPORT}/g" /etc/openvpn/server.conf

View file

@ -405,20 +405,29 @@ else
fi fi
cidrToMask(){
# Source: https://stackoverflow.com/a/20767392
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
[ $1 -gt 1 ] && shift $1 || shift
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
NET_REDUCED="${pivpnNET::-2}"
# Find an unused number for the last octet of the client IP # Find an unused number for the last octet of the client IP
for i in {2..254}; do for i in {2..254}; do
# find returns 0 if the folder is empty, so we create the 'ls -A [...]' # find returns 0 if the folder is empty, so we create the 'ls -A [...]'
# exception to stop at the first static IP (10.8.0.2). Otherwise it would # exception to stop at the first static IP (10.8.0.2). Otherwise it would
# cycle to the end without finding and available octet. # cycle to the end without finding and available octet.
if [ -z "$(ls -A /etc/openvpn/ccd)" ] || ! find /etc/openvpn/ccd -type f -exec grep -q "10.8.0.$i" {} +; then if [ -z "$(ls -A /etc/openvpn/ccd)" ] || ! find /etc/openvpn/ccd -type f -exec grep -q "${NET_REDUCED}.${i}" {} +; then
COUNT="$i" COUNT="${i}"
echo "ifconfig-push 10.8.0.$i 255.255.255.0" >> /etc/openvpn/ccd/"${NAME}" echo "ifconfig-push ${NET_REDUCED}.${i} $(cidrToMask "$subnetClass")" >> /etc/openvpn/ccd/"${NAME}"
break break
fi fi
done done
if [ -f /etc/pivpn/hosts.openvpn ]; then if [ -f /etc/pivpn/hosts.openvpn ]; then
echo "10.8.0.${COUNT} ${NAME}.pivpn" >> /etc/pivpn/hosts.openvpn echo "${NET_REDUCED}.${COUNT} ${NAME}.pivpn" >> /etc/pivpn/hosts.openvpn
if killall -SIGHUP pihole-FTL; then if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole" echo "::: Updated hosts file for Pi-hole"
else else

View file

@ -121,7 +121,8 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt"
# Grab the client IP address # Grab the client IP address
STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE '10.8.0\.[0-9]{1,3}') NET_REDUCED="${pivpnNET::-2}"
STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}")
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn"

View file

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
subnetClass="24"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
ERR=0 ERR=0
@ -12,14 +11,9 @@ fi
source "${setupVars}" source "${setupVars}"
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
VPN_SERVICE="wg-quick@wg0" VPN_SERVICE="wg-quick@wg0"
VPN_PRETTY_NAME="WireGuard" VPN_PRETTY_NAME="WireGuard"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
VPN_SERVICE="openvpn" VPN_SERVICE="openvpn"
VPN_PRETTY_NAME="OpenVPN" VPN_PRETTY_NAME="OpenVPN"
fi fi

View file

@ -6,7 +6,6 @@
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update"
subnetClass="24"
dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf" dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
@ -60,16 +59,6 @@ removeAll(){
# Removing firewall rules. # Removing firewall rules.
echo "::: Removing firewall rules..." echo "::: Removing firewall rules..."
### FIXME: introduce global config space!
if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
elif [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
fi
if [ "$USING_UFW" -eq 1 ]; then if [ "$USING_UFW" -eq 1 ]; then
### FIXME: SC2154 ### FIXME: SC2154

View file

@ -86,9 +86,11 @@ for i in {2..254}; do
fi fi
done done
NET_REDUCED="${pivpnNET::-2}"
echo -n "[Interface] echo -n "[Interface]
PrivateKey = $(cat "keys/${CLIENT_NAME}_priv") PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")
Address = 10.6.0.${COUNT}/24 Address = ${NET_REDUCED}.${COUNT}/${subnetClass}
DNS = ${pivpnDNS1}" > "configs/${CLIENT_NAME}.conf" DNS = ${pivpnDNS1}" > "configs/${CLIENT_NAME}.conf"
if [ -n "${pivpnDNS2}" ]; then if [ -n "${pivpnDNS2}" ]; then
@ -109,12 +111,12 @@ echo "# begin ${CLIENT_NAME}
[Peer] [Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub") PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat keys/psk) PresharedKey = $(cat keys/psk)
AllowedIPs = 10.6.0.${COUNT}/32 AllowedIPs = ${NET_REDUCED}.${COUNT}/32
# end ${CLIENT_NAME}" >> wg0.conf # end ${CLIENT_NAME}" >> wg0.conf
echo "::: Updated server config" echo "::: Updated server config"
if [ -f /etc/pivpn/hosts.wireguard ]; then if [ -f /etc/pivpn/hosts.wireguard ]; then
echo "10.6.0.${COUNT} ${CLIENT_NAME}.pivpn" >> /etc/pivpn/hosts.wireguard echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" >> /etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole" echo "::: Updated hosts file for Pi-hole"
else else

View file

@ -106,7 +106,8 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
# If using Pi-hole, remove the client from the hosts file # If using Pi-hole, remove the client from the hosts file
if [ -f /etc/pivpn/hosts.wireguard ]; then if [ -f /etc/pivpn/hosts.wireguard ]; then
sed "\#10.6.0.${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard NET_REDUCED="${pivpnNET::-2}"
sed "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole" echo "::: Updated hosts file for Pi-hole"
else else