Aketzu · August 29, 2015 14:00
diff --git a/gistfile1.txt b/gistfile1.txt
 -- openvpn config
 client-connect "/etc/openvpn/update-dns add"
 client-disconnect "/etc/openvpn/update-dns remove"


 -- /etc/openvpn/update-dns
 #!/bin/sh

 #Debugging
 #echo $* >> /tmp/dnsupd.txt
 #env >> /tmp/dnsupd.txt

 DNSSERVER="10.0.0.1"            ## your DNS server
 FWDZONE="lan.example.com"       ## forward resolution zone (ie. vpn.company.com)
 REVZONE="0.0.10.in-addr.arpa" ## reverse resolution zone (ie. "1.0.0.in-addr.arpa")
 NSUOPTS=""                        ## extra arguments for nsupdate (ie. "-k /path/to/key")
 SUBDOM=".routers"

 #DEBUG=y

 if [ -n "$DEBUG" ] ; then
  NSUOPTS="$NSUOPTS -d"
  set -x
 fi

 reverseRecord() {
  echo $1 | sed -re 's/^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$/\4.\3.\2.\1.in-addr.arpa./'
 }

 addRecord() {
  local ADDRESS="$1"
  local CN="$2"
  local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
  local REVERSE=$(reverseRecord $ADDRESS)

  cat >$TEMPFILE <<EOF
 server $DNSSERVER
 zone $FWDZONE
 update delete ${CN} A
 update delete ${CN} TXT
 update add ${CN} 300 A $ADDRESS
 update add ${CN} 300 TXT $KEY
 send
 EOF
  if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
  nsupdate $NSUOPTS $TEMPFILE
  cat >$TEMPFILE <<EOF
 server $DNSSERVER
 zone $REVZONE
 update delete $REVERSE PTR
 update delete $REVERSE TXT
 update add $REVERSE 300 PTR $CN.
 update add $REVERSE 300 TXT $KEY
 send
 EOF
  if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
  nsupdate $NSUOPTS $TEMPFILE
  rm -f $TEMPFILE
 }

 removeRecord() {
  local ADDRESS="$1"
  local CN="$2"
  local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
  local REVERSE=$(reverseRecord $ADDRESS)

  cat >$TEMPFILE <<EOF
 server $DNSSERVER
 zone $FWDZONE
 prereq yxrrset ${CN}. TXT $KEY
 update delete ${CN}. A
 send
 EOF
  if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
  nsupdate $NSUOPTS $TEMPFILE
  cat >$TEMPFILE <<EOF
 server $DNSSERVER
 zone $REVZONE
 prereq yxrrset $REVERSE TXT $KEY
 update delete $REVERSE PTR
 send
 EOF
  if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
  nsupdate $NSUOPTS $TEMPFILE
  rm -f $TEMPFILE
 }

 getCN() {
  local IPADDR=$1
  local FULLNAME=$(dig +noadditional +noqr +noquestion +nocmd +noauthority +nostats +nocomments -x ${IPADDR} | gawk '{print $5}')
  if [ -n "$FULLNAME" ] ; then
    echo $FULLNAME | sed -re 's/\.$//'
    return 0
  else
    return 1
  fi
 }

 OPERATION=$1
 ADDRESS=$ifconfig_pool_remote_ip
 CN=$common_name
 KEY=$time_unix

 REVERSE=$(reverseRecord $ADDRESS)

 case "$OPERATION" in
  add|update)
    addRecord "$ADDRESS" "$CN$SUBDOM.$FWDZONE"
    ;;
  delete|remove)
    removeRecord "$ADDRESS" "$CN$SUBDOM.$FWDZONE"
    ;;
  *)
    echo "ERROR: don't know operation \"$OPERATION\"."
    exit 1
 esac
	-- openvpn config
	client-connect "/etc/openvpn/update-dns add"
	client-disconnect "/etc/openvpn/update-dns remove"


	-- /etc/openvpn/update-dns
	#!/bin/sh

	#Debugging
	#echo $* >> /tmp/dnsupd.txt
	#env >> /tmp/dnsupd.txt

	DNSSERVER="10.0.0.1" ## your DNS server
	FWDZONE="lan.example.com" ## forward resolution zone (ie. vpn.company.com)
	REVZONE="0.0.10.in-addr.arpa" ## reverse resolution zone (ie. "1.0.0.in-addr.arpa")
	NSUOPTS="" ## extra arguments for nsupdate (ie. "-k /path/to/key")
	SUBDOM=".routers"

	#DEBUG=y

	if [ -n "$DEBUG" ] ; then
	NSUOPTS="$NSUOPTS -d"
	set -x
	fi

	reverseRecord() {
	echo $1 \| sed -re 's/^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$/\4.\3.\2.\1.in-addr.arpa./'
	}

	addRecord() {
	local ADDRESS="$1"
	local CN="$2"
	local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
	local REVERSE=$(reverseRecord $ADDRESS)

	cat >$TEMPFILE <<EOF
	server $DNSSERVER
	zone $FWDZONE
	update delete ${CN} A
	update delete ${CN} TXT
	update add ${CN} 300 A $ADDRESS
	update add ${CN} 300 TXT $KEY
	send
	EOF
	if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
	nsupdate $NSUOPTS $TEMPFILE
	cat >$TEMPFILE <<EOF
	server $DNSSERVER
	zone $REVZONE
	update delete $REVERSE PTR
	update delete $REVERSE TXT
	update add $REVERSE 300 PTR $CN.
	update add $REVERSE 300 TXT $KEY
	send
	EOF
	if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
	nsupdate $NSUOPTS $TEMPFILE
	rm -f $TEMPFILE
	}

	removeRecord() {
	local ADDRESS="$1"
	local CN="$2"
	local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
	local REVERSE=$(reverseRecord $ADDRESS)

	cat >$TEMPFILE <<EOF
	server $DNSSERVER
	zone $FWDZONE
	prereq yxrrset ${CN}. TXT $KEY
	update delete ${CN}. A
	send
	EOF
	if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
	nsupdate $NSUOPTS $TEMPFILE
	cat >$TEMPFILE <<EOF
	server $DNSSERVER
	zone $REVZONE
	prereq yxrrset $REVERSE TXT $KEY
	update delete $REVERSE PTR
	send
	EOF
	if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
	nsupdate $NSUOPTS $TEMPFILE
	rm -f $TEMPFILE
	}

	getCN() {
	local IPADDR=$1
	local FULLNAME=$(dig +noadditional +noqr +noquestion +nocmd +noauthority +nostats +nocomments -x ${IPADDR} \| gawk '{print $5}')
	if [ -n "$FULLNAME" ] ; then
	echo $FULLNAME \| sed -re 's/\.$//'
	return 0
	else
	return 1
	fi
	}

	OPERATION=$1
	ADDRESS=$ifconfig_pool_remote_ip
	CN=$common_name
	KEY=$time_unix

	REVERSE=$(reverseRecord $ADDRESS)

	case "$OPERATION" in
	add\|update)
	addRecord "$ADDRESS" "$CN$SUBDOM.$FWDZONE"
	;;
	delete\|remove)
	removeRecord "$ADDRESS" "$CN$SUBDOM.$FWDZONE"
	;;
	*)
	echo "ERROR: don't know operation \"$OPERATION\"."
	exit 1
	esac