[backport] Improve NAT detection

Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway

openvpn-install.sh

@@ -219,6 +219,12 @@ else
 	echo ""
 	echo "What port do you want for OpenVPN?"
 	read -p "Port: " -e -i 1194 PORT
+	# If $IP is a private IP address, the server must be behind NAT
+	if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
+		echo ""
+		echo "This server is behind NAT. What is the public IPv4 address or hostname?"
+		read -p "Public IP address / hostname: " -e PUBLICIP
+	fi
 	echo ""
 	echo "What protocol do you want for OpenVPN?"
 	echo "Unless UDP is blocked, you should not use TCP (unnecessarily slower)"
@@ -649,19 +655,9 @@ verb 3" >> /etc/openvpn/server.conf
 			chkconfig openvpn on
 		fi
 	fi
-	# Try to detect a NATed connection and ask about it to potential LowEndSpirit/Scaleway users
+	# If the server is behind a NAT, use the correct IP address
-	EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
+	if [[ "$PUBLICIP" != "" ]]; then
-	if [[ "$IP" != "$EXTERNALIP" ]]; then
+		IP=$PUBLICIP
-		echo ""
-		echo "Looks like your server is behind a NAT!"
-		echo ""
-        echo "If your server is NATed (e.g. LowEndSpirit, Scaleway, or behind a router),"
-        echo "then I need to know the address that can be used to access it from outside."
-        echo "If that's not the case, just ignore this and leave the next field blank"
-        read -p "External IP or domain name: " -e USEREXTERNALIP
-		if [[ "$USEREXTERNALIP" != "" ]]; then
-			IP=$USEREXTERNALIP
-		fi
 	fi
 	# client-template.txt is created so we have a template to add further users later
 	echo "client" > /etc/openvpn/client-template.txt