OneOfOne · March 18, 2016 19:47
diff --git a/client.conf b/client.conf
 client
 dev tun
 proto udp
 remote remote-server.com 1194
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
 ca /etc/openvpn/pki/ca.crt
 cert /etc/openvpn/pki/issued/myclienthost.crt
 key /etc/openvpn/pki/private/myclienthost.key
 remote-cert-tls server
 comp-lzo
 verb 3
 askpass /etc/openvpn/myclienthost.pass
diff --git a/sever.conf b/sever.conf
 port 1194
 dev tun
 tls-server 
 ca pki/ca.crt
 cert pki/issued/myhost.crt
 key pki/private/myhost.key
 dh pki/dh.pem
 mode server
 ifconfig 10.8.0.1 10.8.0.2
 ifconfig-pool 10.8.0.4 10.8.0.255
 push "route 10.8.0.1 255.255.255.255"
 push "dhcp-option DNS 8.8.8.8"
 push "redirect-gateway def1"
 keepalive 10 60
 inactive 600
 route 10.8.0.0 255.255.255.0
 user openvpn
 group openvpn
 persist-tun
 persist-key
 comp-lzo
diff --git a/vpn-ctrl.sh b/vpn-ctrl.sh
 #!/bin/sh

 # based on https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf

 if [[ $UID != 0 ]]; then
 	exec sudo $0 $@
 	exit $?
 fi

 USER=oneofone # user to run commands as
 NAME=genericsvpn # namespace for this connection
 IFACE=vpn0 # virtual interface name
 OIFACE=eth0 # external interface



 function start() {
 	if [ -f /tmp/opvpn-$NAME.pid ]; then
 		echo already running >/dev/stderr
 		return
 	fi
 	ip netns add $NAME

 	ip netns exec $NAME ip addr add 127.0.0.1/8 dev lo
 	ip netns exec $NAME ip link set lo up

 	ip link add $IFACE type veth peer name vpn1
 	ip link set $IFACE up
 	ip link set vpn1 netns $NAME up

 	ip addr add 10.80.0.1/24 dev $IFACE
 	ip netns exec $NAME ip addr add 10.80.0.6/24 dev vpn1
 	ip netns exec $NAME ip route add default via 10.80.0.1 dev vpn1

 	iptables -A INPUT \! -i $IFACE -s 10.80.0.0/24 -j DROP
 	iptables -t nat -A POSTROUTING -s 10.80.0.0/24 -o eth0 -j MASQUERADE

 	sysctl -q net.ipv4.ip_forward=1

 	mkdir -p /etc/netns/$NAME
 	echo 'nameserver 8.8.8.8' > /etc/netns/$NAME/resolv.conf

 	ip netns exec $NAME openvpn --config /etc/openvpn/client.conf --log /var/log/openvpn-client.log --writepid /tmp/opvpn-$NAME.pid --daemon

 	while ! ip netns exec $NAME ping -I tun0 -4 -c 1 google.com &>/dev/null; do
 		sleep 0.2
 	done
 }

 function stop() {
 	ip netns delete $NAME
 	ip link delete $IFACE
 	iptables -D INPUT \! -i $IFACE -s 10.80.0.0/24 -j DROP
 	iptables -t nat -D POSTROUTING -s 10.80.0.0/24 -o $OIFACE -j MASQUERADE
 	kill $(cat /tmp/opvpn-$NAME.pid)
 	rm /tmp/opvpn-$NAME.pid
 }

 function run() {
 	test -f /tmp/opvpn-$NAME.pid || start
 	shift
 	exec ip netns exec $NAME sudo -u $USER "$@"
 }

 case "$1" in
 	status)
 		ip netns exec $NAME ip route ;;
 	run)
 		run "$@" ;;
 	start)
 		start ;;
 	stop)
 		stop ;;
 	restart)
 		stop; start ;;
 	*)
 		echo "Syntax: $0 start|stop|status|run"
 		exit 1
 		;;
 esac
	client
	dev tun
	proto udp
	remote remote-server.com 1194
	resolv-retry infinite
	nobind
	persist-key
	persist-tun
	ca /etc/openvpn/pki/ca.crt
	cert /etc/openvpn/pki/issued/myclienthost.crt
	key /etc/openvpn/pki/private/myclienthost.key
	remote-cert-tls server
	comp-lzo
	verb 3
	askpass /etc/openvpn/myclienthost.pass
	port 1194
	dev tun
	tls-server
	ca pki/ca.crt
	cert pki/issued/myhost.crt
	key pki/private/myhost.key
	dh pki/dh.pem
	mode server
	ifconfig 10.8.0.1 10.8.0.2
	ifconfig-pool 10.8.0.4 10.8.0.255
	push "route 10.8.0.1 255.255.255.255"
	push "dhcp-option DNS 8.8.8.8"
	push "redirect-gateway def1"
	keepalive 10 60
	inactive 600
	route 10.8.0.0 255.255.255.0
	user openvpn
	group openvpn
	persist-tun
	persist-key
	comp-lzo
	#!/bin/sh

	# based on https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf

	if [[ $UID != 0 ]]; then
	exec sudo $0 $@
	exit $?
	fi

	USER=oneofone # user to run commands as
	NAME=genericsvpn # namespace for this connection
	IFACE=vpn0 # virtual interface name
	OIFACE=eth0 # external interface



	function start() {
	if [ -f /tmp/opvpn-$NAME.pid ]; then
	echo already running >/dev/stderr
	return
	fi
	ip netns add $NAME

	ip netns exec $NAME ip addr add 127.0.0.1/8 dev lo
	ip netns exec $NAME ip link set lo up

	ip link add $IFACE type veth peer name vpn1
	ip link set $IFACE up
	ip link set vpn1 netns $NAME up

	ip addr add 10.80.0.1/24 dev $IFACE
	ip netns exec $NAME ip addr add 10.80.0.6/24 dev vpn1
	ip netns exec $NAME ip route add default via 10.80.0.1 dev vpn1

	iptables -A INPUT \! -i $IFACE -s 10.80.0.0/24 -j DROP
	iptables -t nat -A POSTROUTING -s 10.80.0.0/24 -o eth0 -j MASQUERADE

	sysctl -q net.ipv4.ip_forward=1

	mkdir -p /etc/netns/$NAME
	echo 'nameserver 8.8.8.8' > /etc/netns/$NAME/resolv.conf

	ip netns exec $NAME openvpn --config /etc/openvpn/client.conf --log /var/log/openvpn-client.log --writepid /tmp/opvpn-$NAME.pid --daemon

	while ! ip netns exec $NAME ping -I tun0 -4 -c 1 google.com &>/dev/null; do
	sleep 0.2
	done
	}

	function stop() {
	ip netns delete $NAME
	ip link delete $IFACE
	iptables -D INPUT \! -i $IFACE -s 10.80.0.0/24 -j DROP
	iptables -t nat -D POSTROUTING -s 10.80.0.0/24 -o $OIFACE -j MASQUERADE
	kill $(cat /tmp/opvpn-$NAME.pid)
	rm /tmp/opvpn-$NAME.pid
	}

	function run() {
	test -f /tmp/opvpn-$NAME.pid \|\| start
	shift
	exec ip netns exec $NAME sudo -u $USER "$@"
	}

	case "$1" in
	status)
	ip netns exec $NAME ip route ;;
	run)
	run "$@" ;;
	start)
	start ;;
	stop)
	stop ;;
	restart)
	stop; start ;;
	*)
	echo "Syntax: $0 start\|stop\|status\|run"
	exit 1
	;;
	esac