Last active
June 3, 2017 18:22
-
-
Save NotoriousPyro/a671b33a586d56e374fbbc6d9422a8de to your computer and use it in GitHub Desktop.
OpenVPN DNS update (learn-address) for OpenWrt (Can be changed to support others) - Requires knot-nsupdate and knot-dig
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ash | |
| # For use with OpenVPN learn-address (and other things you adapt it to) | |
| # Takes the following as paramters: | |
| # openvpn-dnsupdate.sh operation address hostname | |
| # Example: openvpn-dnsupdate.sh update 10.8.1.50 test.pyronexus.lan | |
| # This creates an A record and a PTR for the IP 10.8.1.50 to test.pyronexus.lan | |
| # This will replace any hostname provided by OpenVPN and will rewrite it to your FWDZONE specified below. | |
| # E.g. test.test.pyronexus.com would be rewritten to test.vpn.pyronexus.lan with the config below. | |
| # original script by http://openvpn.net/archive/openvpn-users/2005-08/msg00146.html | |
| # contribued by Charles Duffy <cduffy@xxxxxxxxxxx> Thu, 11 Aug 2005 19:07:45 -0500 | |
| # edited by NotoriousPyro <PyroNexus.com> 11/05/2017 | |
| DNSSERVER="pyronexus.lan" ## your DNS server | |
| FWDZONE="vpn.pyronexus.lan" ## forward resolution zone (ie. vpn.company.com) | |
| REVZONE="1.8.10.in-addr.arpa" ## reverse resolution zone (ie. "1.0.0.in-addr.arpa") | |
| NSUOPTS="" ## extra arguments for nsupdate (ie. "-k /path/to/key") | |
| if [ -n "$DEBUG" ] ; then | |
| NSUOPTS="$NSUOPTS -d" | |
| set -x | |
| fi | |
| reverseRecord() { | |
| echo $1 | sed -re 's/^([0-9]+).([0-9]+).([0-9]+).([0-9]+)$/\4.\3.\2.\1.in-addr.arpa./' | |
| } | |
| addRecord() { | |
| local ADDRESS="$1" | |
| local CN="$2" | |
| local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX) | |
| local REVERSE=$(reverseRecord $ADDRESS) | |
| cat >$TEMPFILE <<EOF | |
| server $DNSSERVER | |
| zone $FWDZONE | |
| update delete ${CN}. A | |
| update add ${CN}. 3600 A $ADDRESS | |
| send | |
| EOF | |
| if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi | |
| knsupdate $NSUOPTS $TEMPFILE | |
| cat >$TEMPFILE <<EOF | |
| server $DNSSERVER | |
| zone $REVZONE | |
| update delete $REVERSE PTR | |
| update add $REVERSE 3600 PTR $CN. | |
| send | |
| EOF | |
| if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi | |
| knsupdate $NSUOPTS $TEMPFILE | |
| rm -f $TEMPFILE | |
| } | |
| removeRecord() { | |
| local ADDRESS="$1" | |
| local CN="$2" | |
| local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX) | |
| local REVERSE=$(reverseRecord $ADDRESS) | |
| cat >$TEMPFILE <<EOF | |
| server $DNSSERVER | |
| zone $FWDZONE | |
| update delete ${CN}. A | |
| send | |
| EOF | |
| if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi | |
| knsupdate $NSUOPTS $TEMPFILE | |
| cat >$TEMPFILE <<EOF | |
| server $DNSSERVER | |
| zone $REVZONE | |
| update delete $REVERSE PTR | |
| send | |
| EOF | |
| if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi | |
| knsupdate $NSUOPTS $TEMPFILE | |
| rm -f $TEMPFILE | |
| } | |
| getCN() { | |
| local IPADDR=$1 | |
| local FULLNAME=$(kdig +short -x ${IPADDR} ) | |
| if [ -n "$FULLNAME" ] ; then | |
| echo $FULLNAME | sed -re 's/.$//' | |
| return 0 | |
| else | |
| return 1 | |
| fi | |
| } | |
| OPERATION=$1 | |
| ADDRESS=$2 | |
| CN=$(echo "$3" | cut -d "." -f 1 | sed "s|$|.$FWDZONE|") | |
| REVERSE=$(reverseRecord $ADDRESS) | |
| case "$OPERATION" in | |
| add|update) | |
| addRecord "$ADDRESS" "$CN" | |
| ;; | |
| delete) | |
| CN=$(getCN "$ADDRESS") | |
| removeRecord "$ADDRESS" "$CN" | |
| ;; | |
| *) | |
| echo "ERROR: don't know operation "$OPERATION"." | |
| exit 1 | |
| esac | |
| return 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment