Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-07-07 06:54:23 +02:00
Code Issues Projects Releases Wiki Activity

Update openvpn-install.sh

Browse Source
This commit is contained in:
BornToBeRoot 2019-04-29 03:53:38 +02:00 committed by GitHub
parent e95c9b519c
commit aad2ec848b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openvpn-install.sh
View File

@ -856,20 +856,20 @@ verb 3" >> /etc/openvpn/server.conf
if pgrep firewalld; then
# Allow incoming traffic
if [[ "$PORT" == '1194' ]]; then
firewall-cmd --zone=public --add-service=openvpn
firewall-cmd --zone=public --add-service=openvpn
firewall-cmd --permanent --zone=public --add-service=openvpn
else
firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
fi
fi
# Add trusted zone
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --zone=trusted --add-source=10.8.0.0/24
firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
# Set NAT for the VPN subnet
firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
else
# Add iptables rules in two scripts
mkdir /etc/iptables
@ -1147,15 +1147,15 @@ function removeOpenVPN () {
# Remove firewall rules --> firewalld / iptable (systemd scripts)
if pgrep firewalld; then
IP=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10)
IP=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10)
if [[ "$PORT" == '1194' ]]; then
if [[ "$PORT" == '1194' ]]; then
firewall-cmd --zone=public --remove-service=openvpn
firewall-cmd --permanent --zone=public --remove-service=openvpn
else
firewall-cmd --zone=public --remove-port=$PORT/$PROTOCOL
firewall-cmd --permanent --zone=public --remove-port=$PORT/$PROTOCOL
fi
fi
firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24