From 09f89cd3d88400f77a614e63f75b435cba7d9d3e Mon Sep 17 00:00:00 2001 From: angristan Date: Sat, 15 Sep 2018 18:51:23 +0200 Subject: [PATCH] Fix unbound setup for existing installations --- openvpn-install.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 3bf222d..fd8039f 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -176,27 +176,26 @@ private-address: ::ffff:0:0/96" >> /etc/unbound/unbound.conf else echo "" echo "Unbound is already installed." - echo "You can allow the script to configure it automatically for OpenVPN integration:" - echo "an 'include:' statement will be added to 'unbound.conf' with the necessary changes in a separate 'openvpn-server.conf' file." - echo "No other changes are made to the current configuration." + echo "You can allow the script to configure it in order to use it from your OpenVPN clients" + echo "We will simply add a second server to /etc/unbound/unbound.conf for the OpenVPN subnet." + echo "No changes are made to the current configuration." while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do read -rp "Apply configuration changes? [y/n]: " -e CONTINUE done if [[ $CONTINUE = "y" ]]; then - # Add include: statement - awk '{ print } !flag && /server:/ { print " include: /etc/unbound/openvpn-server.conf"; flag = 1 }' /etc/unbound/unbound.conf > /etc/unbound/unbound.conf # Add OpenVPN integration - echo 'interface: 10.8.0.1 -access-control: 10.8.0.1/24 allow' > /etc/unbound/openvpn-server.conf + echo 'server: + interface: 10.8.0.1 + access-control: 10.8.0.1/24 allow' >> /etc/unbound/unbound.conf # Restart the service systemctl restart unbound else - echo "OpenVPN will be configured to use 10.8.0.1 IP for clients DNS" - echo "You need to manually configure Unbound to listen on this interface and accept connections from the subnet" + echo "OpenVPN clients will be configured to use 10.8.0.1 as DNS resolver." + echo "You need to manually configure Unbound to listen on this interface and accept connections from the subnet." fi fi }