small tweak to make openvpn example server config valid
This commit is contained in:
Blake Harnden
parent
9216683902
commit
3b0a8ebc37
3 changed files with 10 additions and 10 deletions
|
|
@ -73,7 +73,7 @@ cat << EOF
|
||||||
# openvpn server config
|
# openvpn server config
|
||||||
local $vpnserver
|
local $vpnserver
|
||||||
server $vpnsubnet 255.255.255.0
|
server $vpnsubnet 255.255.255.0
|
||||||
push redirect-gateway def1
|
push "redirect-gateway def1"
|
||||||
EOF
|
EOF
|
||||||
)> $PWD/server.conf
|
)> $PWD/server.conf
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,13 +13,13 @@ keyname=client1
|
||||||
vpnserver="10.0.2.10"
|
vpnserver="10.0.2.10"
|
||||||
|
|
||||||
# optional next hop for adding a static route to reach the VPN server
|
# optional next hop for adding a static route to reach the VPN server
|
||||||
nexthop="10.0.1.1"
|
#nexthop="10.0.1.1"
|
||||||
|
|
||||||
# --------- END CUSTOMIZATION --------
|
# --------- END CUSTOMIZATION --------
|
||||||
|
|
||||||
# validate addresses
|
# validate addresses
|
||||||
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
|
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
|
||||||
echo "WARNING: ip validation disabled because package sipcalc not installed
|
echo "WARNING: ip validation disabled because package sipcalc not installed
|
||||||
" > $PWD/vpnclient.log
|
" > $PWD/vpnclient.log
|
||||||
else
|
else
|
||||||
if [ "$(sipcalc "$vpnserver" "$nexthop" | grep ERR)" != "" ]; then
|
if [ "$(sipcalc "$vpnserver" "$nexthop" | grep ERR)" != "" ]; then
|
||||||
|
|
@ -59,5 +59,5 @@ verb 4
|
||||||
daemon
|
daemon
|
||||||
EOF
|
EOF
|
||||||
) > client.conf
|
) > client.conf
|
||||||
|
|
||||||
openvpn --config client.conf
|
openvpn --config client.conf
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ keydir=/etc/core/keys
|
||||||
# the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
|
# the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
|
||||||
keyname=server2
|
keyname=server2
|
||||||
|
|
||||||
# the VPN subnet address from which the client VPN IP (for the TUN/TAP)
|
# the VPN subnet address from which the client VPN IP (for the TUN/TAP)
|
||||||
# will be allocated
|
# will be allocated
|
||||||
vpnsubnet=10.0.200.0
|
vpnsubnet=10.0.200.0
|
||||||
|
|
||||||
|
|
@ -22,18 +22,18 @@ vpnserver=10.0.2.10
|
||||||
# optional list of private subnets reachable behind this VPN server
|
# optional list of private subnets reachable behind this VPN server
|
||||||
# each subnet and next hop is separated by a space
|
# each subnet and next hop is separated by a space
|
||||||
# "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..."
|
# "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..."
|
||||||
privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1"
|
#privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1"
|
||||||
|
|
||||||
# optional list of VPN clients, for statically assigning IP addresses to
|
# optional list of VPN clients, for statically assigning IP addresses to
|
||||||
# clients; also, an optional client subnet can be specified for adding static
|
# clients; also, an optional client subnet can be specified for adding static
|
||||||
# routes via the client
|
# routes via the client
|
||||||
# Note: VPN addresses x.x.x.0-3 are reserved
|
# Note: VPN addresses x.x.x.0-3 are reserved
|
||||||
# "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..."
|
# "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..."
|
||||||
vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
|
#vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
|
||||||
|
|
||||||
# NOTE: you may need to enable the StaticRoutes service on nodes within the
|
# NOTE: you may need to enable the StaticRoutes service on nodes within the
|
||||||
# private subnet, in order to have routes back to the client.
|
# private subnet, in order to have routes back to the client.
|
||||||
# /sbin/ip ro add <vpnsubnet>/24 via <vpnServerRemoteInterface>
|
# /sbin/ip ro add <vpnsubnet>/24 via <vpnServerRemoteInterface>
|
||||||
# /sbin/ip ro add <vpnClientSubnet>/24 via <vpnServerRemoteInterface>
|
# /sbin/ip ro add <vpnClientSubnet>/24 via <vpnServerRemoteInterface>
|
||||||
|
|
||||||
# -------- END CUSTOMIZATION --------
|
# -------- END CUSTOMIZATION --------
|
||||||
|
|
@ -60,7 +60,7 @@ else
|
||||||
$vpnsubnet or $vpnserver " >> $PWD/vpnserver.log
|
$vpnsubnet or $vpnserver " >> $PWD/vpnserver.log
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create client vpn ip pool file
|
# create client vpn ip pool file
|
||||||
(
|
(
|
||||||
cat << EOF
|
cat << EOF
|
||||||
|
|
@ -73,7 +73,7 @@ cat << EOF
|
||||||
# openvpn server config
|
# openvpn server config
|
||||||
local $vpnserver
|
local $vpnserver
|
||||||
server $vpnsubnet 255.255.255.0
|
server $vpnsubnet 255.255.255.0
|
||||||
push redirect-gateway def1
|
push "redirect-gateway def1"
|
||||||
EOF
|
EOF
|
||||||
)> $PWD/server.conf
|
)> $PWD/server.conf
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue