Fabio/openvpn-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge a3153868aa into ecd2b45c9f

Browse source
This commit is contained in:
brnl 2020-04-26 16:44:57 +00:00 committed by GitHub
commit 6df98b718e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -65,6 +65,7 @@ If you want to customise your installation, you can export them or specify them
- `CUSTOMIZE_ENC=n`
- `CLIENT=clientname`
- `PASS=1`
- `TUNNEL_CIDR_BLOCKS="10.0.1.0/24 10.0.2.0/16"`
If the server is behind NAT, you can specify its endpoint with the `ENDPOINT` variable. If the endpoint is the public IP address which it is behind, you can use `ENDPOINT=$(curl -4 ifconfig.co)` (the script will default to this). The endpoint can be an IPv4 or a domain.
@ -85,6 +86,23 @@ export PASS="1"
./openvpn-install.sh
```
### Split-tunnel usage
If you only want to tunnel specific subnets through the VPN-tunnel, you can enable Split-tunnel configuration by passing the TUNNEL_CIDR_BLOCKS environment variable. For example, if you want to tunnel just the subnets 10.0.1.0 with netmask 255.255.255.0 and 10.0.2.0 with netmask 255.255.255.0, you specify 10.0.1.0/24 and 10.0.2.0/24:
On the command line:
```bash
TUNNEL_CIDR_BLOCKS=(10.0.1.0/24 10.0.2.0/24) ./openvpn-install.sh
```
On in a script:
```bash
#!/bin/bash
export TUNNEL_CIDR_BLOCKS="10.0.1.0/24 10.0.2.0/24"
./openvpn-install.sh
```
_Notes:_
- _Currently only 8-, 16-, 24- and 32-bits subnets are supported!_
- _/bin/sh doesn't support array's, so bash is required._
## Features
- Installs and configures a ready-to-use OpenVPN server
@ -101,6 +119,7 @@ export PASS="1"
- Block DNS leaks on Windows 10
- Randomised server certificate name
- Choice to protect clients with a password (private key encryption)
- Split-tunnel configuration (experimental)
- Many other little things!
## Compatibility

21
openvpn-install.sh
View file

@ -808,7 +808,26 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
fi
;;
esac
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
# Allow split-tunnel via custom CIDR blocks (ie. 192.168.0.0/24)
if [ ${#TUNNEL_CIDR_BLOCKS[@]} -gt 0 ]; then
for cidr in ${TUNNEL_CIDR_BLOCKS[@]}; do
echo "Adding $cidr to routed subnets...";
ROUTE_IP=$(echo $cidr | cut -d"/" -f1)
ROUTE_BITS=$(echo $cidr | cut -d"/" -f2)
case $ROUTE_BITS in
8) ROUTE_MASK="255.0.0.0" ;;
16) ROUTE_MASK="255.255.0.0" ;;
24) ROUTE_MASK="255.255.255.0" ;;
32) ROUTE_MASK="255.255.255.255" ;;
esac
echo "push \"route ${ROUTE_IP} ${ROUTE_MASK}\"" >> /etc/openvpn/server.conf
done
else
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
fi
# IPv6 network settings if needed
if [[ "$IPV6_SUPPORT" == 'y' ]]; then