daily pastebin goal
9%
SHARE
TWEET

Untitled

a guest Dec 13th, 2018 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ########################################
  2. # Sample OpenVPN config file for
  3. # 2.0-style multi-client udp server
  4. #
  5. # Adapted from http://openvpn.sourceforge.net/20notes.html
  6. #
  7. # tun-style tunnel
  8.  
  9. port 1194
  10. dev tun
  11.  
  12. # Use "local" to set the source address on multi-homed hosts
  13. #local [IP address]
  14.  
  15. # TLS parms
  16. tls-server
  17. ca keys/ca.crt
  18. cert keys/static.crt
  19. key keys/static.key
  20. dh keys/dh1024.pem
  21. proto tcp-server
  22.  
  23. # Tell OpenVPN to be a multi-client udp server
  24. mode server
  25.  
  26. # The server's virtual endpoints
  27. ifconfig 10.8.0.1 10.8.0.2
  28.  
  29. # Pool of /30 subnets to be allocated to clients.
  30. # When a client connects, an --ifconfig command
  31. # will be automatically generated and pushed back to
  32. # the client.
  33. ifconfig-pool 10.8.0.4 10.8.0.255
  34.  
  35. # Push route to client to bind it to our local
  36. # virtual endpoint.
  37. push "route 10.8.0.1 255.255.255.255"
  38.  
  39. push "dhcp-option DNS 10.8.0.1"
  40.  
  41. # Push any routes the client needs to get in
  42. # to the local network.
  43. #push "route 192.168.0.0 255.255.255.0"
  44.  
  45. # Push DHCP options to Windows clients.
  46. push "dhcp-option DOMAIN ABC.COM"
  47. #push "dhcp-option DNS 192.168.0.1"
  48. #push "dhcp-option WINS 192.168.0.1"
  49.  
  50. # Client should attempt reconnection on link
  51. # failure.
  52. keepalive 10 60
  53.  
  54. # Delete client instances after some period
  55. # of inactivity.
  56. inactive 600
  57.  
  58. # Route the --ifconfig pool range into the
  59. # OpenVPN server.
  60. route 10.8.0.0 255.255.255.0
  61.  
  62. # The server doesn't need privileges
  63. user openvpn
  64. group openvpn
  65.  
  66. # Keep TUN devices and keys open across restarts.
  67. persist-tun
  68. persist-key
  69.  
  70. verb 4
  71.    
  72. {17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1
  73. Server:     10.8.0.1
  74. Address:    10.8.0.1#53
  75.  
  76. Name:   git.ABC.COM
  77. Address: 10.8.0.1
  78.  
  79. {17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1  
  80. Server:     10.8.0.1
  81. Address:    10.8.0.1#53
  82.  
  83. Name:   ABC.COM
  84. Address: 18X.XX.XX.71
  85.    
  86. openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658
  87. openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3
  88. openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
  89. openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
  90. openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
  91. openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  92. openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
  93. openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  94. openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  95. openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658
  96. openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
  97. openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658
  98. openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10
  99. openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'
  100. openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940
  101. openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)
  102.    
  103. Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194
  104. Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826
  105. Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
  106. Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
  107. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
  108. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  109. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
  110. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  111. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  112. Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194
  113. Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)
  114. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'
  115. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified
  116. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified
  117. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified
  118. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  119. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e
  120. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened
  121. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100
  122. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  123. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500
  124. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
  125. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9
  126. Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed
  127.    
  128. Aug  5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
  129.    
  130. 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
  131.     link/none
  132.     inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0
  133.        valid_lft forever preferred_lft forever
  134.    
  135. # route -n
  136. Kernel IP routing table
  137. Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
  138. 0.0.0.0         10.123.123.1    0.0.0.0         UG    0      0        0 wlan0
  139. 10.8.0.1        10.8.0.9        255.255.255.255 UGH   0      0        0 tun0
  140. 10.8.0.9        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
  141. 10.123.123.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0
  142.    
  143. # Generated by NetworkManager
  144. domain home
  145. search home
  146. nameserver 10.123.123.1
  147.    
  148. up /etc/openvpn/update-resolv-conf
  149. down /etc/openvpn/update-resolv-conf
  150.    
  151. #dns=dnsmasq
  152.    
  153. sudo restart network-manager
  154.    
  155. up /home/gadgeteering/tools/vpn/up.sh
  156. down /home/gadgeteering/tools/vpn/down.sh
  157.    
  158. #! /bin/bash
  159. DEV=$1
  160.  
  161. if [ ! -d /tmp/openvpn ]; then
  162. mkdir /tmp/openvpn
  163. fi
  164. CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"
  165. echo -n "" > $CACHE_NAMESERVER
  166.  
  167. dns=dns
  168. for opt in ${!foreign_option_*}
  169. do
  170. eval "dns=${$opt#dhcp-option DNS }"
  171. if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then
  172. if [ ! -f /etc/resolv.conf.default ]; then
  173. cp /etc/resolv.conf /etc/resolv.conf.default
  174. fi
  175.  
  176. cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf
  177. echo "nameserver $dns" >> /tmp/resolv.conf
  178. echo $dns >> $CACHE_NAMESERVER
  179. cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf
  180. mv /tmp/resolv.conf /etc/resolv.conf
  181.  
  182. fi
  183. done
  184.    
  185. #! /bin/bash
  186. DEV=$1
  187. CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"
  188. echo $CACHE_NAMESERVER
  189.  
  190. if [ -f $CACHE_NAMESERVER ]; then
  191. for ns in `cat $CACHE_NAMESERVER`; do
  192. echo "Removing $ns from /etc/resolv.conf"
  193. cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf
  194. mv /tmp/resolv.conf /etc/resolv.conf
  195.  
  196. done
  197. fi
  198.    
  199. #!/bin/bash
  200. case "$2" in
  201.     vpn-up)
  202.     tmp=$(mktemp)
  203.     func=$(mktemp)
  204.     echo 'ping -c 1 -w 1 -q $1 > /dev/null ;
  205.           if [ 0 -eq $? ]; then echo $1; fi' > $func
  206.     grep -v "^#" /etc/resolv.conf > $tmp
  207.     grep -rl type=vpn /etc/NetworkManager/system-connections
  208.         | xargs -n 1 sed -rne 's|dns=||p'
  209.         | sed -re 's|;|n|g'
  210.         | grep -v "^s*$"
  211.         | xargs -n 1 bash $func
  212.         | sed -re "s|(.*)|nameserver 1|"
  213.         | cat - $tmp
  214.         > /etc/resolv.conf
  215.     rm -f $tmp $func;;
  216.     vpn-down) resolvconf -u;;
  217. esac
  218.    
  219. #!/usr/bin/env bash
  220. #
  221. # Parses DHCP options from openvpn to update resolv.conf
  222. # To use set as 'up' and 'down' script in your openvpn *.conf:
  223. # up /etc/openvpn/update-resolv-conf
  224. # down /etc/openvpn/update-resolv-conf
  225. #
  226. # Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
  227. # and Chris Hanson
  228. # Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
  229. # 12/2018 palswim+code+openvpn-resolv@palswim.net Updated to work with NetworkManager
  230. # 07/2013 colin@daedrum.net Fixed intet name
  231. # 05/2006 chlauber@bnc.ch
  232. #
  233. # Example envs set from openvpn:
  234. # foreign_option_1='dhcp-option DNS 193.43.27.132'
  235. # foreign_option_2='dhcp-option DNS 193.43.27.133'
  236. # foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
  237. # foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
  238.  
  239. case $script_type in
  240.  
  241. up)
  242.     for optionname in ${!foreign_option_*} ; do
  243.         option="${!optionname}"
  244.         echo $option
  245.         part1=$(echo "$option" | cut -d " " -f 1)
  246.         if [ "$part1" == "dhcp-option" ] ; then
  247.             part2=$(echo "$option" | cut -d " " -f 2)
  248.             part3=$(echo "$option" | cut -d " " -f 3)
  249.             if [ "$part2" == "DNS" ] ; then
  250.                 IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
  251.             fi
  252.             if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
  253.                 IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
  254.             fi
  255.         fi
  256.     done
  257.     if [ -n "$IF_DNS_SEARCH" ]; then
  258.         nmcli connection modify "${dev}" dns-search "$IF_DNS_SEARCH"
  259.     fi
  260.     if [ -n "$IF_DNS_NAMESERVERS" ]; then
  261.         nmcli connection modify "${dev}" dns "$IF_DNS_NAMESERVERS"
  262.     fi
  263.     nmcli connection up "${dev}" # Force NM to reevaluate the properties
  264.     ;;
  265. esac
  266.  
  267. # Workaround / jm@epiclabs.io
  268. # force exit with no errors. Due to an apparent conflict with the Network Manager
  269. # $RESOLVCONF sometimes exits with error code 6 even though it has performed the
  270. # action correctly and OpenVPN shuts down.
  271. exit 0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand