From bf50da4ee239f7d6f0ddbc772cadb242501d35f3 Mon Sep 17 00:00:00 2001 From: Omri Iluz Date: Fri, 16 Jan 2015 03:36:47 -0800 Subject: [PATCH 1/5] Remove hard coded DNS push. TODO: control with cmdline option --- bin/ovpn_genconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 5f7a928..d853d50 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -140,8 +140,8 @@ key-direction 0 keepalive 10 60 persist-key persist-tun -push "dhcp-option DNS 8.8.4.4" -push "dhcp-option DNS 8.8.8.8" +#push "dhcp-option DNS 8.8.4.4" +#push "dhcp-option DNS 8.8.8.8" proto $OVPN_PROTO # Rely on Docker to do port mapping, internally always 1194 From 97f231b4e7c81489c52b81bdecc4e5d8cea3bd61 Mon Sep 17 00:00:00 2001 From: Omri Iluz Date: Sat, 17 Jan 2015 00:56:21 -0800 Subject: [PATCH 2/5] Control default DNS push with -D flag --- bin/ovpn_genconfig | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index d853d50..e0d23b0 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -41,6 +41,7 @@ usage() { echo "optional arguments:" echo " -d Disable NAT routing and default route" echo " -c Enable client-to-client option" + echo " -D Disable built in external dns (google dns)" } set -ex @@ -48,6 +49,7 @@ set -ex OVPN_ENV=$OPENVPN/ovpn_env.sh OVPN_SERVER=192.168.255.0/24 OVPN_DEFROUTE=1 +OVPN_DNS=1 OVPN_ROUTES=() OVPN_PUSH=() @@ -55,7 +57,7 @@ OVPN_PUSH=() [ -r "$OVPN_ENV" ] && source "$OVPN_ENV" # Parse arguments -while getopts ":r:s:du:cp:" opt; do +while getopts ":r:s:du:cp:D" opt; do case $opt in r) OVPN_ROUTES+=("$OPTARG") @@ -75,6 +77,9 @@ while getopts ":r:s:du:cp:" opt; do p) OVPN_PUSH+=("$OPTARG") ;; + D) + OVPN_DNS=0 + ;; \?) set +x echo "Invalid option: -$OPTARG" >&2 @@ -140,8 +145,6 @@ key-direction 0 keepalive 10 60 persist-key persist-tun -#push "dhcp-option DNS 8.8.4.4" -#push "dhcp-option DNS 8.8.8.8" proto $OVPN_PROTO # Rely on Docker to do port mapping, internally always 1194 @@ -156,7 +159,8 @@ group nogroup EOF [ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf" - +[ "$OVPN_DNS" == "1" ] && echo push "dhcp-option DNS 8.8.4.4" >> "$conf" +[ "$OVPN_DNS" == "1" ] && echo push "dhcp-option DNS 8.8.8.8" >> "$conf" # Append Routes for i in "${OVPN_ROUTES[@]}"; do # If user passed "0" skip this, assume no extra routes From 1e2418ae37499d406e84e5cd96c0fb8e96b58778 Mon Sep 17 00:00:00 2001 From: Omri Iluz Date: Sat, 17 Jan 2015 00:56:46 -0800 Subject: [PATCH 3/5] Control external NAT creation --- bin/ovpn_genconfig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index e0d23b0..cf44986 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -42,6 +42,7 @@ usage() { echo " -d Disable NAT routing and default route" echo " -c Enable client-to-client option" echo " -D Disable built in external dns (google dns)" + echo " -N Configure NAT to access external server network" } set -ex @@ -49,6 +50,7 @@ set -ex OVPN_ENV=$OPENVPN/ovpn_env.sh OVPN_SERVER=192.168.255.0/24 OVPN_DEFROUTE=1 +OVPN_NAT=0 OVPN_DNS=1 OVPN_ROUTES=() OVPN_PUSH=() @@ -57,7 +59,7 @@ OVPN_PUSH=() [ -r "$OVPN_ENV" ] && source "$OVPN_ENV" # Parse arguments -while getopts ":r:s:du:cp:D" opt; do +while getopts ":r:s:du:cp:DN" opt; do case $opt in r) OVPN_ROUTES+=("$OPTARG") @@ -80,6 +82,9 @@ while getopts ":r:s:du:cp:D" opt; do D) OVPN_DNS=0 ;; + N) + OVPN_NAT=1 + ;; \?) set +x echo "Invalid option: -$OPTARG" >&2 From 3eeee022fd5a91af8594de3ebbc02d946eb9cdde Mon Sep 17 00:00:00 2001 From: Omri Iluz Date: Sat, 17 Jan 2015 01:00:18 -0800 Subject: [PATCH 4/5] Create NAT if OVPN_NAT is set (flag -N) --- bin/ovpn_run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ovpn_run b/bin/ovpn_run index 0d1adc6..78ce09d 100755 --- a/bin/ovpn_run +++ b/bin/ovpn_run @@ -18,7 +18,7 @@ if [ ! -d "$OPENVPN/ccd" ]; then fi # Setup NAT forwarding if requested -if [ "$OVPN_DEFROUTE" != "0" ];then +if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o eth0 -j MASQUERADE || { iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o eth0 -j MASQUERADE } From 1cb38ce14668079fcc447cb327495a953f0d8086 Mon Sep 17 00:00:00 2001 From: omriiluz Date: Sat, 17 Jan 2015 01:07:52 -0800 Subject: [PATCH 5/5] Support client mtu push --- bin/ovpn_genconfig | 8 ++++++-- bin/ovpn_getclient | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index cf44986..abbceb5 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -43,6 +43,7 @@ usage() { echo " -c Enable client-to-client option" echo " -D Disable built in external dns (google dns)" echo " -N Configure NAT to access external server network" + echo " -m Set client MTU" } set -ex @@ -59,7 +60,7 @@ OVPN_PUSH=() [ -r "$OVPN_ENV" ] && source "$OVPN_ENV" # Parse arguments -while getopts ":r:s:du:cp:DN" opt; do +while getopts ":r:s:du:cp:DNm:" opt; do case $opt in r) OVPN_ROUTES+=("$OPTARG") @@ -85,6 +86,9 @@ while getopts ":r:s:du:cp:DN" opt; do N) OVPN_NAT=1 ;; + m) + OVPN_MTU=$OPTARG + ;; \?) set +x echo "Invalid option: -$OPTARG" >&2 @@ -120,7 +124,7 @@ fi export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT -export OVPN_CLIENT_TO_CLIENT OVPN_PUSH +export OVPN_CLIENT_TO_CLIENT OVPN_PUSH OVPN_NAT OVPN_DNS OVPN_MTU # Preserve config if [ -f "$OVPN_ENV" ]; then diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient index 1e408de..4aa4acf 100755 --- a/bin/ovpn_getclient +++ b/bin/ovpn_getclient @@ -43,3 +43,5 @@ EOF if [ "$OVPN_DEFROUTE" != "0" ];then echo "redirect-gateway def1" fi + +[ -n "$OVPN_MTU" ] && echo "tun-mtu $OVPN_MTU"