Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Set static IPs when using OpenVPN

Browse source 
- Preparation for feature request from issue #942
This commit is contained in:
Orazio 2020-02-09 18:51:30 +01:00
parent 3f616d9254
commit ead280e60f
5 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
auto_install/install.sh
View file

@ -1740,6 +1740,13 @@ confOpenVPN(){
$SUDO rm /etc/openvpn/server.conf $SUDO rm /etc/openvpn/server.conf
fi fi
if [ -d /etc/openvpn/ccd ]; then
$SUDO rm -rf /etc/openvpn/ccd
fi
# Create folder to store client specific directives used to push static IPs
$SUDO mkdir /etc/openvpn/ccd
# If easy-rsa exists, remove it # If easy-rsa exists, remove it
if [[ -d /etc/openvpn/easy-rsa/ ]]; then if [[ -d /etc/openvpn/easy-rsa/ ]]; then
$SUDO rm -rf /etc/openvpn/easy-rsa/ $SUDO rm -rf /etc/openvpn/easy-rsa/

1
files/etc/openvpn/server_config.txt
View file

@ -17,6 +17,7 @@ push "block-outside-dns"
# overriding but not wiping out the original default gateway. # overriding but not wiping out the original default gateway.
push "redirect-gateway def1" push "redirect-gateway def1"
client-to-client client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120 keepalive 15 120
remote-cert-tls client remote-cert-tls client
tls-version-min 1.2 tls-version-min 1.2

11
scripts/openvpn/makeOVPN.sh
View file

@ -405,6 +405,17 @@ else
fi fi
# Find an unused number for the last octet of the client IP
for i in {2..254}; do
# find returns 0 if the folder is empty, so we create the 'ls -A [...]'
# exception to stop at the first static IP (10.8.0.2). Otherwise it would
# cycle to the end without finding and available octet.
if [ -z "$(ls -A /etc/openvpn/ccd)" ] || ! find /etc/openvpn/ccd -type f -exec grep -q "10.8.0.$i" {} +; then
COUNT="$i"
echo "ifconfig-push 10.8.0.$i 255.255.255.0" >> /etc/openvpn/ccd/"${NAME}"
break
fi
done
# Copy the .ovpn profile to the home directory for convenient remote access # Copy the .ovpn profile to the home directory for convenient remote access
cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT" cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT"

1
scripts/openvpn/removeOVPN.sh
View file

@ -119,6 +119,7 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req"
rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key"
rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt"
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn"
rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn"

1
scripts/uninstall.sh
View file

@ -203,6 +203,7 @@ removeAll(){
rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem rm -f /etc/openvpn/crl.pem
rm -rf /etc/openvpn/easy-rsa rm -rf /etc/openvpn/easy-rsa
rm -rf /etc/openvpn/ccd
rm -rf "$install_home/ovpns" rm -rf "$install_home/ovpns"
fi fi