Created
October 2, 2017 10:07
-
-
Save svicknesh/0c46876ce40a018f15646da0580fb5d0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "${VPN_NAME}" ] | |
| then | |
| VPN_NAME="vpnname" | |
| fi | |
| if [ -z "${MY_NAME}" ] | |
| then | |
| MY_NAME="thisisme" | |
| fi | |
| if [ -z "${VPN_IP}" ] | |
| then | |
| # IP of the VPN node. Make sure to give a different IP to each node | |
| VPN_IP="172.16.1.1" | |
| fi | |
| if [ -z "${CONNECTION}" ] | |
| then | |
| # set it to "WAN" or "LAN". For LAN, the "Address" parameter is not needed. Useful when connecting to a Tinc node that functions as a relay. | |
| CONNECTION="WAN" | |
| fi | |
| CONNECTION=${CONNECTION,,} | |
| if [ -z "${TINC_PORT}" ] | |
| then | |
| # Tinc default port. Change to something else if you want to. | |
| TINC_PORT="655" | |
| fi | |
| if [ -z "${AUTO_START}" ] | |
| then | |
| # Tinc default port. Change to something else if you want to. | |
| AUTO_START="TRUE" | |
| fi | |
| AUTO_START=${AUTO_START,,} | |
| echo -e "VPN Name: \"${VPN_NAME}\"" | |
| echo -e "Creating Tinc folder for \"${VPN_NAME}\"." | |
| TINC_FOLDER="/etc/tinc" | |
| TINC_VPN="${TINC_FOLDER}/${VPN_NAME}" | |
| TINC_VPN_HOSTS="${TINC_VPN}/hosts" | |
| TINC_VPN_ME="${TINC_VPN_HOSTS}/${MY_NAME}" | |
| TINC_CONF="${TINC_VPN}/tinc.conf" | |
| # create a new VPN entry. Start afresh. | |
| rm -fr ${TINC_VPN} | |
| mkdir -p ${TINC_VPN_HOSTS} | |
| echo " | |
| Name = ${MY_NAME} | |
| AddressFamily = ipv4 | |
| Interface = tun0 | |
| " > ${TINC_CONF} | |
| case "${CONNECTION}" in | |
| "wan" ) | |
| if [ -z ${MY_IP} ] | |
| then | |
| MY_IP=$(curl --silent https://api.ipify.org/) | |
| fi | |
| ;; | |
| "lan" ) | |
| MY_IP="" | |
| ;; | |
| esac | |
| if [ ! -z "${MY_HOSTNAME}" ] | |
| then | |
| echo "Address = ${MY_HOSTNAME}" >> ${TINC_VPN_ME} | |
| fi | |
| echo "Subnet = ${VPN_IP}/32 | |
| Port = ${TINC_PORT} | |
| " >> ${TINC_VPN_ME} | |
| TINCD=$(which tincd) | |
| ${TINCD} -K 4096 -n ${VPN_NAME} | |
| #TINC_PUBKEY="${TINC_VPN}/rsa_key.pub" | |
| # create the necessary tinc-up and tinc-down scripts | |
| TINC_IFUP="${TINC_VPN}/tinc-up" | |
| TINC_IFDOWN="${TINC_VPN}/tinc-down" | |
| echo "ip link set \$INTERFACE up | |
| ip addr add ${VPN_IP}/24 dev \$INTERFACE" > ${TINC_IFUP} | |
| echo "ip link set \$INTERFACE down" > ${TINC_IFDOWN} | |
| chmod 755 ${TINC_IFUP} | |
| chmod 755 ${TINC_IFDOWN} | |
| UFW=$(which ufw) | |
| if [ ! -z "${UFW}" ] | |
| then | |
| # in the event UFW is enabled | |
| ${UFW} allow proto any from any to any port ${TINC_PORT} | |
| fi | |
| # Auto enable this VPN during start-up | |
| if [ "${AUTO_START}" == "true" ] | |
| then | |
| systemctl enable tinc@${VPN_NAME} | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment