added feature for selecting custom subnet-configuration for openvpn-installation including regarding questions

2025-03-14 14:43:13 +01:00 · 2020-02-29 11:58:56 +01:00 · 2020-02-29 11:58:56 +01:00 · 618eb61da2
commit 618eb61da2
parent 3a5bcf5d2d
1 changed files with 41 additions and 19 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -112,8 +112,8 @@ function installUnbound() {
 			apt-get install -y unbound
 			# Configuration
-			echo 'interface: 10.8.0.1
+			echo 'interface: $VPN_SUBNET.1
-access-control: 10.8.0.1/24 allow
+access-control: $VPN_SUBNET.1/24 allow
 hide-identity: yes
 hide-version: yes
 use-caps-for-id: yes
@ -123,8 +123,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf
 			yum install -y unbound
 			# Configuration
-			sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf
+			sed -i 's|# interface: 0.0.0.0$|interface: $VPN_SUBNET.1|' /etc/unbound/unbound.conf
-			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf
+			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: $VPN_SUBNET.1/24 allow|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -133,8 +133,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf
 			dnf install -y unbound
 			# Configuration
-			sed -i 's|# interface: 0.0.0.0$|interface: 10.8.0.1|' /etc/unbound/unbound.conf
+			sed -i 's|# interface: 0.0.0.0$|interface: $VPN_SUBNET.1|' /etc/unbound/unbound.conf
-			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow|' /etc/unbound/unbound.conf
+			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: $VPN_SUBNET.1/24 allow|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@ -156,8 +156,8 @@ prefetch: yes' >>/etc/unbound/unbound.conf
 	directory: "/etc/unbound"
 	trust-anchor-file: trusted-key.key
 	root-hints: root.hints
-	interface: 10.8.0.1
+	interface: $VPN_SUBNET.1
-	access-control: 10.8.0.1/24 allow
+	access-control: $VPN_SUBNET.1/24 allow
 	port: 53
 	num-threads: 2
 	use-caps-for-id: yes
@ -191,8 +191,8 @@ private-address: ::ffff:0:0/96" >>/etc/unbound/unbound.conf
 		# Add Unbound 'server' for the OpenVPN subnet
 		echo 'server:
-interface: 10.8.0.1
+interface: $VPN_SUBNET.1
-access-control: 10.8.0.1/24 allow
+access-control: $VPN_SUBNET.1/24 allow
 hide-identity: yes
 hide-version: yes
 use-caps-for-id: yes
@ -295,6 +295,31 @@ function installQuestions() {
 		;;
 	esac
 	echo ""
 	echo "Custom octets: Notice when using custom octets only private networks as from RFC 1918 (https://tools.ietf.org/html/rfc1918) are allowed: (10.x.x.0, 192.168.x.0)."
 	until [[ "$CUSTOM_OCTETS" =~ (y|n) ]]; do
 		read -rp "Do you want to define custom octets for your OpenVPN-Adressing (default is $VPN_SUBNET.x)? [y/n] " -e -i 'n' CUSTOM_OCTETS
 	done
 	if [[ $CUSTOM_OCTETS == "y" ]];then
 		until [[ "$OCTET01" =~ ^[0-9]+$ ]] && ([ "$OCTET01" -eq 10 ] || [ "$OCTET01" -eq 192 ]); do
 				read -rp "First octet [10,192]: " -e -i 10 OCTET01
 		done
 		if [[ $OCTET01 -eq 192 ]];then
 			$OCTET02 = 168
 		else
 			until [[ "$OCTET02" =~ ^[0-9]+$ ]] && ([ "$OCTET02" -ge 0 ] && [ "$OCTET02" -le 255 ]); do
 				read -rp "Second octet [0-255]: " -e -i 8 OCTET02
 			done
 		fi
 		until [[ "$OCTET03" =~ ^[0-9]+$ ]] && ([ "$OCTET03" -ge 0 ] && [ "$OCTET03" -le 255 ]); do
 			read -rp "Third octet [0-255]: " -e -i 0 OCTET03
 		done
 		VPN_SUBNET="$OCTET01.$OCTET02.$OCTET03"
 		echo "Using subnet $VPN_SUBNET.0 for further installation"
 	else
 		VPN_SUBNET="$VPN_SUBNET"
 	fi
 	echo ""
 	echo "What protocol do you want OpenVPN to use?"
 	echo "UDP is faster. Unless it is not available, you shouldn't use TCP."
 	echo "   1) UDP"
@ -780,7 +805,7 @@ persist-key
 persist-tun
 keepalive 10 120
 topology subnet
-server 10.8.0.0 255.255.255.0
+server $VPN_SUBNET.0 255.255.255.0
 ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
 	# DNS resolvers
@ -801,11 +826,8 @@ ifconfig-pool-persist ipp.txt" >>/etc/openvpn/server.conf
 			fi
 		done
 		;;
-	2) # Self-hosted DNS resolver (Unbound)
+		2)
-		echo 'push "dhcp-option DNS 10.8.0.1"' >>/etc/openvpn/server.conf
+			echo 'push "dhcp-option DNS $VPN_SUBNET.1"' >> /etc/openvpn/server.conf
 		if [[ $IPV6_SUPPORT == 'y' ]]; then
 			echo 'push "dhcp-option DNS fd42:42:42:42::1"' >>/etc/openvpn/server.conf
 		fi
 		;;
 	3) # Cloudflare
 		echo 'push "dhcp-option DNS 1.0.0.1"' >>/etc/openvpn/server.conf
@ -962,7 +984,7 @@ verb 3" >>/etc/openvpn/server.conf
 	# Script to add rules
 	echo "#!/bin/sh
-iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o $NIC -j MASQUERADE
+iptables -t nat -I POSTROUTING 1 -s $VPN_SUBNET.0/24 -o $NIC -j MASQUERADE
 iptables -I INPUT 1 -i tun0 -j ACCEPT
 iptables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
 iptables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
@ -978,7 +1000,7 @@ ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT" >>/etc/iptabl
 	# Script to remove rules
 	echo "#!/bin/sh
-iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o $NIC -j MASQUERADE
+iptables -t nat -D POSTROUTING -s $VPN_SUBNET.0/24 -o $NIC -j MASQUERADE
 iptables -D INPUT -i tun0 -j ACCEPT
 iptables -D FORWARD -i $NIC -o tun0 -j ACCEPT
 iptables -D FORWARD -i tun0 -o $NIC -j ACCEPT