-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconnection-example.sh
executable file
·91 lines (74 loc) · 2.43 KB
/
connection-example.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
## Self documented, ready to use example
set -x # Remove to disable debugging
## SETTINGS
# Assume we start server on the host you-host-with-public-ip.net by the command like that:
# netpunch -secret x -local :10001
# You have to open this port. For example by iptables rule:
# -A INPUT -p udp -m udp --dport 10001 -j ACCEPT
SERVER='you-host-with-public-ip.net:10001'
# Shared secret, has to be the same on all nodes: peers and control one
# You are also able to read secret from file, using -secret-file option
SECRET='Secret'
# Local port, you are free to change it
LPORT='10000'
# On B node you have to set ROLE=b and swap values of LOCALIP and REMOTEIP
# By the way, you are able to pair more nodes using the same control node
# just use roles c and d, e and f and so on up to y and z
ROLE='a'
LOCALIP='192.168.2.1' # Of cause you are free to use and IP like 10.8.8.8 etc.
REMOTEIP='192.168.2.2'
NETPUNCH='./netpunch'
# You may want to setup sudo like that:
# user ALL=(root) NOPASSWD: /usr/bin/openvpn
OPENVPN='sudo /usr/bin/openvpn'
# Shared secret for OpenVPN:
# openvpn --genkey secret secret.key
OPENVPNSECRET='secret.key'
## END OF SETTINGS
test -f $OPENVPNSECRET || {
echo "OpenVPN secret not found: $OPENVPNSECRET"
exit 1
}
while :
do
params=($($NETPUNCH -peer $ROLE -secret $SECRET -local :$LPORT -remote $SERVER)) || {
echo "Error code: $?: sleep and retry..."
sleep 30
continue
}
test 'LADDR/LHOST/LPORT/RADDR/RHOST/RPORT:' = "${params[0]}" || {
echo "Wrong result: ${params[@]}: sleep and retry..."
sleep 30
continue
}
lport=${params[3]}
rhost=${params[5]}
rport=${params[6]}
echo "******* GOT LPORT=$lport RHOST=$rhost RPORT=$rport *******"
$OPENVPN \
--remote $rhost --rport $rport \
--lport $lport \
--proto udp --dev tun \
--ifconfig $LOCALIP $REMOTEIP \
--auth-nocache --secret $OPENVPNSECRET --auth SHA256 --cipher AES-256-CBC \
--ping 10 --ping-exit 40 \
--verb 3
done
# By the way, you are free to rid of ugly manipulations with ${params}
# and use templates (-template and -template-file options) and
# OpenVPN configuration file like that:
#
# remote {{.RemoteIP}}
# rport {{.RemotePort}}
# lport {{.LocalPort}}
# proto udp
# dev tun
# ifconfig 192.168.2.3 192.168.2.4
# auth-nocache
# auth SHA256
# cipher AES-256-CBC
# ping 10
# ping-exit 40
# verb 3
# secret openvpn-secret.key