From 2b6cea053e5878890c1c38a89b6fcd6fec4ec94b Mon Sep 17 00:00:00 2001 From: tuckyapps Date: Wed, 19 Dec 2018 17:44:35 -0300 Subject: [PATCH] Add connection to server through IPv6 interface Adds option to establish connection with openvpn server through IPv6. This way, if your ISP is already giving you an IPv6 address, you will still be able to connect to your server. The IPv6 address is added on client's configuration file, below the IPv4 remote instruction. This way, a user will always try to connect to the IPv4 one, and only if it has no luck, it will then try to connect using IPv6. Note: When using udp, client will need to wait until keepalive time elapses before it tries to connect through IPv6. If you would like this switch to be fast, I suggest you use TCP protocol instead. --- openvpn-install.sh | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index d02ffe4..6e88299 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -198,7 +198,7 @@ function installQuestions () { # Detect public IPv4 address and pre-fill for the user IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) read -rp "IP address: " -e -i "$IP" IP - # If $IP is a private IP address, the server must be behind NAT + # If $IP is a private IP address, the server must be behind NAT if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then echo "" echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?" @@ -229,6 +229,21 @@ function installQuestions () { until [[ $IPV6_SUPPORT =~ (y|n) ]]; do read -rp "Do you want to enable IPv6 support (NAT)? [y/n]: " -e -i $SUGGESTION IPV6_SUPPORT done + echo "" + + # Ask the user for its public IPv6 address. + if [[ "$IPV6_SUPPORT" = 'y' ]]; then + until [[ $WANTS_CONNECTION_THROUGH_IPv6 =~ (y|n) ]]; do + read -rp "Do you want to add connection to server through IPv6? [y/n]: " -e -i $SUGGESTION WANTS_CONNECTION_THROUGH_IPv6 + done + fi + + if [[ "$WANTS_CONNECTION_THROUGH_IPv6" = 'y' ]]; then + until [[ "$PUBLICIPv6" != "" ]]; do + read -rp "Public IPv6 address or hostname: " -e PUBLICIPv6 + done + fi + echo "" echo "What port do you want OpenVPN to listen to?" echo " 1) Default: 1194" @@ -883,13 +898,11 @@ ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/rm-openvpn-rule Description=iptables rules for OpenVPN Before=network-online.target Wants=network-online.target - [Service] Type=oneshot ExecStart=/etc/iptables/add-openvpn-rules.sh ExecStop=/etc/iptables/rm-openvpn-rules.sh RemainAfterExit=yes - [Install] WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service @@ -906,12 +919,17 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service # client-template.txt is created so we have a template to add further users later echo "client" > /etc/openvpn/client-template.txt if [[ "$PROTOCOL" = 'udp' ]]; then - echo "proto udp" >> /etc/openvpn/client-template.txt + PROTO4="udp" + PROTO6="udp6" elif [[ "$PROTOCOL" = 'tcp' ]]; then - echo "proto tcp-client" >> /etc/openvpn/client-template.txt + PROTO4="tcp-client" + PROTO6="tcp6-client" fi - echo "remote $IP $PORT -dev tun + echo "remote $IP $PORT $PROTO4" >> /etc/openvpn/client-template.txt + if [[ "$WANTS_CONNECTION_THROUGH_IPv6" = 'y' ]]; then + echo "remote $PUBLICIPv6 $PORT $PROTO6" >> /etc/openvpn/client-template.txt + fi +echo "dev tun resolv-retry infinite nobind persist-key