diff --git a/README.md b/README.md index 521d4c0f..6e6f00e1 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,37 @@ Run the script and follow the assistant: Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. -### I want to run my own VPN but don't have a server for that -You can get a VPS from just $1/month at [VirMach](https://billing.virmach.com/aff.php?aff=4109&url=billing.virmach.com/cart.php?gid=18). - -### Donations - -If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks! +### Extended +This script has been extended to automatically assign a static ip address to a client. +All static ip addresses are stored in ccd directory and the ipp.txt file. +To use static ip routing follow stpes below +1. Create folder with name ccd where static ip addresses will be stored: + mkdir /etc/openvpn/server/ccd +2. Change server.conf configuration file. + Add line: client-config-dir /etc/openvpn/server/ccd + Remove line: ifconfig-pool-persist ipp.txt + Change subnet mask: server 10.8.0.0 255.255.0.0 +3. Run ipPoolMigration.sh script to create static ip addreses for existing users. + sudo ./ipPoolMigration.sh +4. Restart openvpn server + sudo systemctl restart openvpn-server@server + +To add a new client run openvpn-ubuntu-install.sh script. It will +automatically give static ip to a client. +Don't delete ipp.txt. All ip addresses are stored there. + +To add or change static ip manually: +1. Create file with a profile name in ccd directody: + touch /etc/openvpn/server/ccd/client1 +2. Add `ifconfig-push {ip} {subnet_mask}` command to the file. ex: + ifconfig-push 10.8.0.236 255.255.0.0 +3. Add profile name and ip address to ipp.txt file in following format: + client1,10.8.0.236 + +You should not restart openvpn server after adding static ip address. + +### Info +You can find more info about static ip routing and how to use it below + +https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ +https://kifarunix.com/assign-static-ip-addresses-for-openvpn-clients/ diff --git a/ipPoolMigration.sh b/ipPoolMigration.sh new file mode 100755 index 00000000..47e38302 --- /dev/null +++ b/ipPoolMigration.sh @@ -0,0 +1,9 @@ +#!/bin/bash +ip_pool="/etc/openvpn/server/ipp.txt" + +while IFS="," read -ra line; do + name="${line[0]}" + address="${line[1]}" + + echo "ifconfig-push $address 255.255.0.0" > /etc/openvpn/server/ccd/$name +done <"$ip_pool" diff --git a/openvpn-install.sh b/openvpn-install.sh old mode 100644 new mode 100755 index 4df57832..bc795d7a --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -96,6 +96,33 @@ new_client () { sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key echo "" } > ~/"$client".ovpn + + # add address to ccd + last_address=$(grep -oE '\b[0-9]{1,3}(\.[0-9]{1,3}){3}\b' /etc/openvpn/server/ipp.txt | + sort -t . -k 3,3n -k 4,4n | + tail -n1 + ) + if [ -z "$last_address" ]; then + last_address=$(grep server /etc/openvpn/server/server.conf | grep -oE '\b[0-9]{1,3}(\.[0-9]{1,3}){3}\b\s' | xargs) + fi + + IFS="." read -ra array <<< "$last_address" + + if [[ ${array[2]} -eq 0 ]] && [[ ${array[3]} -eq 0 ]]; then + array[3]=2 + elif [[ ${array[2]} -gt 253 ]] && [[ ${array[3]} -gt 253 ]]; then + array[3]=0 + let array[2]=${array[2]}+1 + else + let array[3]=${array[3]}+1 + fi + + printf -v new_ip "%s." "${array[@]}" + new_ip=${new_ip%?} + echo "$client,$new_ip" >> /etc/openvpn/server/ipp.txt + echo "ifconfig-push $new_ip 255.255.0.0" >> /etc/openvpn/server/ccd/"$client" + #don't give last 2 addresses (10.8.254.253 - 10.8.254.254) + #and first 2 (10.8.0.0 - 10.8.0.1) } if [[ ! -e /etc/openvpn/server/server.conf ]]; then @@ -491,6 +518,8 @@ else EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl rm -f /etc/openvpn/server/crl.pem cp /etc/openvpn/server/easy-rsa/pki/crl.pem /etc/openvpn/server/crl.pem + rm -f /etc/openvpn/server/ccd/"$client" + sed -ni "/$client/!p" /etc/openvpn/server/ipp.txt # CRL is read with each client connection, when OpenVPN is dropped to nobody chown nobody:"$group_name" /etc/openvpn/server/crl.pem echo