Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################
- # Sample OpenVPN config file for
- # 2.0-style multi-client udp server
- #
- # Adapted from http://openvpn.sourceforge.net/20notes.html
- #
- # tun-style tunnel
- port 1194
- dev tun
- # Use "local" to set the source address on multi-homed hosts
- #local [IP address]
- # TLS parms
- tls-server
- ca keys/ca.crt
- cert keys/static.crt
- key keys/static.key
- dh keys/dh1024.pem
- proto tcp-server
- # Tell OpenVPN to be a multi-client udp server
- mode server
- # The server's virtual endpoints
- ifconfig 10.8.0.1 10.8.0.2
- # Pool of /30 subnets to be allocated to clients.
- # When a client connects, an --ifconfig command
- # will be automatically generated and pushed back to
- # the client.
- ifconfig-pool 10.8.0.4 10.8.0.255
- # Push route to client to bind it to our local
- # virtual endpoint.
- push "route 10.8.0.1 255.255.255.255"
- push "dhcp-option DNS 10.8.0.1"
- # Push any routes the client needs to get in
- # to the local network.
- #push "route 192.168.0.0 255.255.255.0"
- # Push DHCP options to Windows clients.
- push "dhcp-option DOMAIN ABC.COM"
- #push "dhcp-option DNS 192.168.0.1"
- #push "dhcp-option WINS 192.168.0.1"
- # Client should attempt reconnection on link
- # failure.
- keepalive 10 60
- # Delete client instances after some period
- # of inactivity.
- inactive 600
- # Route the --ifconfig pool range into the
- # OpenVPN server.
- route 10.8.0.0 255.255.255.0
- # The server doesn't need privileges
- user openvpn
- group openvpn
- # Keep TUN devices and keys open across restarts.
- persist-tun
- persist-key
- verb 4
- {17:12}/etc/NetworkManager ➭ nslookup git.ABC.COM 10.8.0.1
- Server: 10.8.0.1
- Address: 10.8.0.1#53
- Name: git.ABC.COM
- Address: 10.8.0.1
- {17:18}/etc/NetworkManager ➭ nslookup ABC.COM 10.8.0.1
- Server: 10.8.0.1
- Address: 10.8.0.1#53
- Name: ABC.COM
- Address: 18X.XX.XX.71
- openvpn[13257]: TCPv4_SERVER link remote: [AF_INET]83.30.135.214:37658
- openvpn[13257]: 83.30.135.214:37658 TLS: Initial packet from [AF_INET]83.30.135.214:37658, sid=3251df51 915772f3
- openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
- openvpn[13257]: 83.30.135.214:37658 VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
- openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
- openvpn[13257]: 83.30.135.214:37658 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
- openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
- openvpn[13257]: 83.30.135.214:37658 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
- openvpn[13257]: 83.30.135.214:37658 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
- openvpn[13257]: 83.30.135.214:37658 [jacek] Peer Connection Initiated with [AF_INET]83.30.135.214:37658
- openvpn[13257]: jacek/83.30.135.214:37658 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
- openvpn[13257]: jacek/83.30.135.214:37658 MULTI: Learn: 10.8.0.10 -> jacek/83.30.135.214:37658
- openvpn[13257]: jacek/83.30.135.214:37658 MULTI: primary virtual IP for jacek/83.30.135.214:37658: 10.8.0.10
- openvpn[13257]: jacek/83.30.135.214:37658 PUSH: Received control message: 'PUSH_REQUEST'
- openvpn[13257]: jacek/83.30.135.214:37658 send_push_reply(): safe_cap=940
- openvpn[13257]: jacek/83.30.135.214:37658 SENT CONTROL [jacek]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9' (status=1)
- Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TCPv4_CLIENT link remote: [AF_INET]XXX.XX.37.71:1194
- Aug 05 17:13:55 localhost.localdomain openvpn[1198]: TLS: Initial packet from [AF_INET]XXX.XX.37.71:1194, sid=89cc981c d57dd826
- Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=1, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
- Aug 05 17:13:56 localhost.localdomain openvpn[1198]: VERIFY OK: depth=0, C=XX, ST=XX, L=XXX, O=XXX, OU=XXX, CN=XXX, name=XXX, emailAddress=mail@ABC.COM
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
- Aug 05 17:13:58 localhost.localdomain openvpn[1198]: [static] Peer Connection Initiated with [AF_INET]XXX.XX.37.71:1194
- Aug 05 17:14:00 localhost.localdomain openvpn[1198]: SENT CONTROL [static]: 'PUSH_REQUEST' (status=1)
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,dhcp-option DNS 10.8.0.1,dhcp-option DOMAIN ABC.COM,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.9'
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: timers and/or timeouts modified
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ifconfig/up options modified
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: route options modified
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: ROUTE_GATEWAY 10.123.123.1/255.255.255.0 IFACE=wlan0 HWADDR=44:6d:57:32:81:2e
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP device tun0 opened
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: TUN/TAP TX queue length set to 100
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip link set dev tun0 up mtu 1500
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.9
- Aug 05 17:14:01 localhost.localdomain openvpn[1198]: Initialization Sequence Completed
- Aug 5 17:14:01 localhost NetworkManager[761]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
- 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
- link/none
- inet 10.8.0.10 peer 10.8.0.9/32 scope global tun0
- valid_lft forever preferred_lft forever
- # route -n
- Kernel IP routing table
- Destination Gateway Genmask Flags Metric Ref Use Iface
- 0.0.0.0 10.123.123.1 0.0.0.0 UG 0 0 0 wlan0
- 10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
- 10.8.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
- 10.123.123.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
- # Generated by NetworkManager
- domain home
- search home
- nameserver 10.123.123.1
- up /etc/openvpn/update-resolv-conf
- down /etc/openvpn/update-resolv-conf
- #dns=dnsmasq
- sudo restart network-manager
- up /home/gadgeteering/tools/vpn/up.sh
- down /home/gadgeteering/tools/vpn/down.sh
- #! /bin/bash
- DEV=$1
- if [ ! -d /tmp/openvpn ]; then
- mkdir /tmp/openvpn
- fi
- CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"
- echo -n "" > $CACHE_NAMESERVER
- dns=dns
- for opt in ${!foreign_option_*}
- do
- eval "dns=${$opt#dhcp-option DNS }"
- if [[ $dns =~ [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} ]]; then
- if [ ! -f /etc/resolv.conf.default ]; then
- cp /etc/resolv.conf /etc/resolv.conf.default
- fi
- cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf
- echo "nameserver $dns" >> /tmp/resolv.conf
- echo $dns >> $CACHE_NAMESERVER
- cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf
- mv /tmp/resolv.conf /etc/resolv.conf
- fi
- done
- #! /bin/bash
- DEV=$1
- CACHE_NAMESERVER="/tmp/openvpn/$DEV.nameserver"
- echo $CACHE_NAMESERVER
- if [ -f $CACHE_NAMESERVER ]; then
- for ns in `cat $CACHE_NAMESERVER`; do
- echo "Removing $ns from /etc/resolv.conf"
- cat /etc/resolv.conf | grep -v "nameserver $ns" > /tmp/resolv.conf
- mv /tmp/resolv.conf /etc/resolv.conf
- done
- fi
- #!/bin/bash
- case "$2" in
- vpn-up)
- tmp=$(mktemp)
- func=$(mktemp)
- echo 'ping -c 1 -w 1 -q $1 > /dev/null ;
- if [ 0 -eq $? ]; then echo $1; fi' > $func
- grep -v "^#" /etc/resolv.conf > $tmp
- grep -rl type=vpn /etc/NetworkManager/system-connections
- | xargs -n 1 sed -rne 's|dns=||p'
- | sed -re 's|;|n|g'
- | grep -v "^s*$"
- | xargs -n 1 bash $func
- | sed -re "s|(.*)|nameserver 1|"
- | cat - $tmp
- > /etc/resolv.conf
- rm -f $tmp $func;;
- vpn-down) resolvconf -u;;
- esac
- #!/usr/bin/env bash
- #
- # Parses DHCP options from openvpn to update resolv.conf
- # To use set as 'up' and 'down' script in your openvpn *.conf:
- # up /etc/openvpn/update-resolv-conf
- # down /etc/openvpn/update-resolv-conf
- #
- # Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
- # and Chris Hanson
- # Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
- # 12/2018 palswim+code+openvpn-resolv@palswim.net Updated to work with NetworkManager
- # 07/2013 colin@daedrum.net Fixed intet name
- # 05/2006 chlauber@bnc.ch
- #
- # Example envs set from openvpn:
- # foreign_option_1='dhcp-option DNS 193.43.27.132'
- # foreign_option_2='dhcp-option DNS 193.43.27.133'
- # foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
- # foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'
- case $script_type in
- up)
- for optionname in ${!foreign_option_*} ; do
- option="${!optionname}"
- echo $option
- part1=$(echo "$option" | cut -d " " -f 1)
- if [ "$part1" == "dhcp-option" ] ; then
- part2=$(echo "$option" | cut -d " " -f 2)
- part3=$(echo "$option" | cut -d " " -f 3)
- if [ "$part2" == "DNS" ] ; then
- IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
- fi
- if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
- IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
- fi
- fi
- done
- if [ -n "$IF_DNS_SEARCH" ]; then
- nmcli connection modify "${dev}" dns-search "$IF_DNS_SEARCH"
- fi
- if [ -n "$IF_DNS_NAMESERVERS" ]; then
- nmcli connection modify "${dev}" dns "$IF_DNS_NAMESERVERS"
- fi
- nmcli connection up "${dev}" # Force NM to reevaluate the properties
- ;;
- esac
- # Workaround / jm@epiclabs.io
- # force exit with no errors. Due to an apparent conflict with the Network Manager
- # $RESOLVCONF sometimes exits with error code 6 even though it has performed the
- # action correctly and OpenVPN shuts down.
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement