Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add connection to server through IPv6 interface

Browse source 
Adds option to establish connection with openvpn server through IPv6. This way, if your ISP is already giving you an IPv6 address, you will still be able to connect to your server.
The IPv6 address is added on client's configuration file, below the IPv4 remote instruction. This way, a user will always try to connect to the IPv4 one, and only if it has no luck, it will then try to connect using IPv6.

Note: When using udp, client will need to wait until keepalive time elapses before it tries to connect through IPv6. If you would like this switch to be fast, I suggest you use TCP protocol instead.
This commit is contained in:
tuckyapps 2018-12-19 17:44:35 -03:00 committed by GitHub
parent 676e68fe4f
commit 2b6cea053e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
openvpn-install.sh
View file

@ -198,7 +198,7 @@ function installQuestions () {
# Detect public IPv4 address and pre-fill for the user
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
read -rp "IP address: " -e -i "$IP" IP
# If $IP is a private IP address, the server must be behind NAT
# If $IP is a private IP address, the server must be behind NAT
if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
echo ""
echo "It seems this server is behind NAT. What is its public IPv4 address or hostname?"
@ -229,6 +229,21 @@ function installQuestions () {
until [[ $IPV6_SUPPORT =~ (y|n) ]]; do
read -rp "Do you want to enable IPv6 support (NAT)? [y/n]: " -e -i $SUGGESTION IPV6_SUPPORT
done
echo ""
# Ask the user for its public IPv6 address.
if [[ "$IPV6_SUPPORT" = 'y' ]]; then
until [[ $WANTS_CONNECTION_THROUGH_IPv6 =~ (y|n) ]]; do
read -rp "Do you want to add connection to server through IPv6? [y/n]: " -e -i $SUGGESTION WANTS_CONNECTION_THROUGH_IPv6
done
fi
if [[ "$WANTS_CONNECTION_THROUGH_IPv6" = 'y' ]]; then
until [[ "$PUBLICIPv6" != "" ]]; do
read -rp "Public IPv6 address or hostname: " -e PUBLICIPv6
done
fi
echo ""
echo "What port do you want OpenVPN to listen to?"
echo " 1) Default: 1194"
@ -883,13 +898,11 @@ ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT" >> /etc/iptables/rm-openvpn-rule
Description=iptables rules for OpenVPN
Before=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/etc/iptables/add-openvpn-rules.sh
ExecStop=/etc/iptables/rm-openvpn-rules.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service
@ -906,12 +919,17 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables-openvpn.service
# client-template.txt is created so we have a template to add further users later
echo "client" > /etc/openvpn/client-template.txt
if [[ "$PROTOCOL" = 'udp' ]]; then
echo "proto udp" >> /etc/openvpn/client-template.txt
PROTO4="udp"
PROTO6="udp6"
elif [[ "$PROTOCOL" = 'tcp' ]]; then
echo "proto tcp-client" >> /etc/openvpn/client-template.txt
PROTO4="tcp-client"
PROTO6="tcp6-client"
fi
echo "remote $IP $PORT
dev tun
echo "remote $IP $PORT $PROTO4" >> /etc/openvpn/client-template.txt
if [[ "$WANTS_CONNECTION_THROUGH_IPv6" = 'y' ]]; then
echo "remote $PUBLICIPv6 $PORT $PROTO6" >> /etc/openvpn/client-template.txt
fi
echo "dev tun
resolv-retry infinite
nobind
persist-key