From c2ee4ced281a9fbfd36e5e930f935a0c240812b2 Mon Sep 17 00:00:00 2001
From: "root@culturestrings" <root@culturestrings>
Date: Tue, 1 Sep 2020 18:44:10 +0000
Subject: openvpn: support two distinct (masquerading and non-masquerading)
vpn's.
---
public/fs/etc/openvpn/hostvpn-conf.sh | 59 ++++++++++++++++++++++++++++-------
public/fs/etc/openvpn/hostvpn.conf.in | 10 +++---
2 files changed, 52 insertions(+), 17 deletions(-)
(limited to 'public/fs/etc/openvpn')
diff --git a/public/fs/etc/openvpn/hostvpn-conf.sh b/public/fs/etc/openvpn/hostvpn-conf.sh
index 24cb390..72f828c 100755
--- a/public/fs/etc/openvpn/hostvpn-conf.sh
+++ b/public/fs/etc/openvpn/hostvpn-conf.sh
@@ -3,6 +3,7 @@
set -eu
sitezone="$1"
+vpn_type="$2"
cfg_script="$0"
cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
@@ -10,17 +11,51 @@ cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
source /root/config/private/config/server.ports
source /root/config/private/config/hostinfo/${sitezone}
-if [ ${vpn_route_all} = 'yes' ]; then
- vpn_route_all_subst='s/^@vpn_route_all@ //g'
+if [ ${vpn_type} = 'primary' ]; then
+ vpn_tunnel=tun0
+ ipv6_subnet=8000
+
+ if [ ${vpn_route_all} = 'yes' ]; then
+ vpn_route_all_subst='s/^@vpn_route_all@ //g'
+ else
+ vpn_route_all_subst='/^@vpn_route_all@ /d'
+ fi
+
+ sed -e 's/@vpn_tunnel@/'${vpn_tunnel}'/g' \
+ -e 's/@vpn_type@/'${vpn_type}'/g' \
+ -e 's/@vpn_port@/'${vpn_port}'/g' \
+ -e 's/@hostname@/'${hostname}'/g' \
+ -e 's/@vpn_net4@/'${vpn_net4}'/g' \
+ -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \
+ -e 's/@host_ipv4@/'${host_ipv4}'/g' \
+ -e 's/@host_ipv6@/'${host_ipv6}'/g' \
+ -e 's/@ipv6_subnet@/'${ipv6_subnet}'/g' \
+ -e "${vpn_route_all_subst}" \
+ "${cfg_srcdir}/hostvpn.conf.in"
+
+elif [ ${vpn_type} = 'secondary' ]; then
+ vpn_tunnel=tun1
+ ipv6_subnet=c000
+
+ if [ ${avpn_route_all} = 'yes' ]; then
+ vpn_route_all_subst='s/^@vpn_route_all@ //g'
+ else
+ vpn_route_all_subst='/^@vpn_route_all@ /d'
+ fi
+
+ sed -e 's/@vpn_tunnel@/'${vpn_tunnel}'/g' \
+ -e 's/@vpn_type@/'${vpn_type}'/g' \
+ -e 's/@vpn_port@/'${avpn_port}'/g' \
+ -e 's/@hostname@/'${hostname}'/g' \
+ -e 's/@vpn_net4@/'${avpn_net4}'/g' \
+ -e 's/@vpn_ipv4@/'${avpn_ipv4}'/g' \
+ -e 's/@host_ipv4@/'${host_ipv4}'/g' \
+ -e 's/@host_ipv6@/'${host_ipv6}'/g' \
+ -e 's/@ipv6_subnet@/'${ipv6_subnet}'/g' \
+ -e "${vpn_route_all_subst}" \
+ "${cfg_srcdir}/hostvpn.conf.in"
+
else
- vpn_route_all_subst='/^@vpn_route_all@ /d'
+ printf '%s\n' 'usage: ./hostvpn-conf.sh sitezone {primary|secondary}'
+ exit 2
fi
-
-sed -e 's/@vpn_port@/'${vpn_port}'/g' \
- -e 's/@hostname@/'${hostname}'/g' \
- -e 's/@vpn_net4@/'${vpn_net4}'/g' \
- -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \
- -e 's/@host_ipv4@/'${host_ipv4}'/g' \
- -e 's/@host_ipv6@/'${host_ipv6}'/g' \
- -e "${vpn_route_all_subst}" \
- "${cfg_srcdir}/hostvpn.conf.in"
diff --git a/public/fs/etc/openvpn/hostvpn.conf.in b/public/fs/etc/openvpn/hostvpn.conf.in
index fb85982..b82bbec 100644
--- a/public/fs/etc/openvpn/hostvpn.conf.in
+++ b/public/fs/etc/openvpn/hostvpn.conf.in
@@ -1,7 +1,7 @@
port @vpn_port@
proto udp
-dev tun0
+dev @vpn_tunnel@
topology subnet
cipher AES-256-CBC
@@ -13,14 +13,14 @@ askpass /srv/webroot/openvpn/@hostname@.pass
key /etc/easy-rsa/pki/private/@hostname@.key
dh /etc/easy-rsa/pki/dh.pem
-status /var/log/openvpn/openvpn-status.log
-log-append /var/log/openvpn/openvpn.log
+status /var/log/openvpn/openvpn-@vpn_type@-status.log
+log-append /var/log/openvpn/openvpn-@vpn_type@.log
server @vpn_net4@ 255.255.255.0
-server-ipv6 @host_ipv6@:8000::/65
+server-ipv6 @host_ipv6@:@ipv6_subnet@::/66
push "route-ipv6 2000::/3"
-push "route-ipv6 host_ipv6::/64"
+push "route-ipv6 @host_ipv6@::/64"
push "route 192.168.0.0 255.255.255.0"
@vpn_route_all@ push "block-outside-dns"
--
cgit v1.2.3