From ead280e60f3613eccdd6bc7e99ef3e3167f6b7d1 Mon Sep 17 00:00:00 2001 From: Orazio Date: Sun, 9 Feb 2020 18:51:30 +0100 Subject: [PATCH] Set static IPs when using OpenVPN - Preparation for feature request from issue #942 --- auto_install/install.sh | 7 +++++++ files/etc/openvpn/server_config.txt | 1 + scripts/openvpn/makeOVPN.sh | 11 +++++++++++ scripts/openvpn/removeOVPN.sh | 1 + scripts/uninstall.sh | 1 + 5 files changed, 21 insertions(+) diff --git a/auto_install/install.sh b/auto_install/install.sh index 3015a84..48907e5 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -1740,6 +1740,13 @@ confOpenVPN(){ $SUDO rm /etc/openvpn/server.conf fi + if [ -d /etc/openvpn/ccd ]; then + $SUDO rm -rf /etc/openvpn/ccd + fi + + # Create folder to store client specific directives used to push static IPs + $SUDO mkdir /etc/openvpn/ccd + # If easy-rsa exists, remove it if [[ -d /etc/openvpn/easy-rsa/ ]]; then $SUDO rm -rf /etc/openvpn/easy-rsa/ diff --git a/files/etc/openvpn/server_config.txt b/files/etc/openvpn/server_config.txt index 5032a12..87aff92 100644 --- a/files/etc/openvpn/server_config.txt +++ b/files/etc/openvpn/server_config.txt @@ -17,6 +17,7 @@ push "block-outside-dns" # overriding but not wiping out the original default gateway. push "redirect-gateway def1" client-to-client +client-config-dir /etc/openvpn/ccd keepalive 15 120 remote-cert-tls client tls-version-min 1.2 diff --git a/scripts/openvpn/makeOVPN.sh b/scripts/openvpn/makeOVPN.sh index 4e4bcc4..d9cf974 100755 --- a/scripts/openvpn/makeOVPN.sh +++ b/scripts/openvpn/makeOVPN.sh @@ -405,6 +405,17 @@ else fi +# Find an unused number for the last octet of the client IP +for i in {2..254}; do + # find returns 0 if the folder is empty, so we create the 'ls -A [...]' + # exception to stop at the first static IP (10.8.0.2). Otherwise it would + # cycle to the end without finding and available octet. + if [ -z "$(ls -A /etc/openvpn/ccd)" ] || ! find /etc/openvpn/ccd -type f -exec grep -q "10.8.0.$i" {} +; then + COUNT="$i" + echo "ifconfig-push 10.8.0.$i 255.255.255.0" >> /etc/openvpn/ccd/"${NAME}" + break + fi +done # Copy the .ovpn profile to the home directory for convenient remote access cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT" diff --git a/scripts/openvpn/removeOVPN.sh b/scripts/openvpn/removeOVPN.sh index f191eab..62a8f4e 100755 --- a/scripts/openvpn/removeOVPN.sh +++ b/scripts/openvpn/removeOVPN.sh @@ -119,6 +119,7 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" + rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 657da63..2a7409c 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -203,6 +203,7 @@ removeAll(){ rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/crl.pem rm -rf /etc/openvpn/easy-rsa + rm -rf /etc/openvpn/ccd rm -rf "$install_home/ovpns" fi