[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Re: Re: IP Allocation


  • Subject: Re: [Openvpn-users] Re: Re: Re: IP Allocation
  • From: Helder Miguel Gaspar Rodrigues <crash@xxxxxxxx>
  • Date: Wed, 12 Jan 2005 20:38:20 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yehhh I did it!

my openvpn server conf:
port 5000
fast-io
dev tap
tls-server
ca ca.crt
cert gateway.crt
key gateway.key
dh dh1024.pem
tls-auth ta.key 0
mode server
client-connect /etc/openvpn/ip.py
duplicate-cn
ifconfig 192.168.3.1 255.255.255.0 # openvpn gateway
push "dhcp-option DNS 192.168.1.1" # push DNS entries to openvpn client
push "route-gateway 192.168.3.1" # push default gateway
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 192.168.1.0 255.255.255.0 192.168.3.1" # add route to to
protected network
push "route 192.168.0.0 255.255.255.0 192.168.3.1" # add route to to
protected network
push "route 192.168.3.0 255.255.255.0 192.168.3.1"
push "redirect-gateway"
comp-lzo
status openvpn-status.log
verb 4

My script:
#!/usr/bin/python
from os import environ
from sys import argv,exit

class ArgumentException(Exception):
~    pass
class EnvironmentException(Exception):
~    pass

def writeNewIp(oldIp, outputFilename):

~    newIp = oldIp.split(".")
~    newIp[2] = "3"
~    newIp = ".".join(newIp)

~    try:
~        outputFile = file(argv[1],"w")
~    except IndexError:
~        raise ArgumentException("Syntax is %s <name of outputfile>" %
argv[0])
~    outputString = """ifconfig-push %s 255.255.255.0""" % newIp
~    outputFile.write(outputString)
~    outputFile.close()

if __name__ == "__main__":
~    try:
~        writeNewIp(oldIp = environ['trusted_ip'], outputFilename = argv[1])
~        exit(0)
~    except KeyError:
~        raise EnvironmentException("Environment variable 'trusted_ip'
not found")

my openvpn.conf client
port 5000
dev tap
remote 192.168.1.1 # w.x.y.z is external IP of the OpenVPN server
tls-client
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
verb 4

Its working :) soo wonderfoul..

What you think about the configuration settings? its a wifi enviroment.

Thank you a lot Charles

Charles Duffy wrote:
| On Wed, 12 Jan 2005 18:14:57 +0000, Helder Miguel Gaspar Rodrigues wrote:
|
|
|>I got this line too:
|>Jan 12 17:53:26 xpto openvpn-local[1517]: wifi.frew.org/192.168.1.11:5000
|>client-connect command failed: could not execute shell command
|
|
| It's probably what I was suggesting, then -- make sure the script is
| executable and your config file contains a valid path relative to the
| OpenVPN process's cwd.
|
| Here's a hint: If you cd into /etc/openvpn (presuming that's the cwd of
| your OpenVPN process -- if you're using the stock init scripts, it will
| be) and run "ip.sh", does it Do The Right Thing? If you need to do
| something else (say, running "./ip.sh"), change you client-connect
| directive appropriately.
|
|
|>The ip.sh have to be in the vpn server right? There is any problem if my
|>vpn client is running in a windows xp?
|
|
| The client-connect script is only on the server.
|
|
|>I was thinking that ip.sh could generate an ip based on the $trusted_ip
|>env var.
|
|
| Yup.
|
|
|>Supose that $trusted_ip was 192.168.1.11 Basicaly the script will do a
|>ifconfig-push "192.168.3.11 255.255.255.0"
|
|
| Exactly.
|
|
|>The script can be in perl or python? If it yes, how can the perl script
|>send the ifconfig-push "192.168.3.11 255.255.255.0" to openvpn?
|>writing into the temporary filed passed to script, right?
|
|
| Yes, you can use any language (scripting or otherwise) that functions on
| your machine; yes, you pass commands to OpenVPN by writing them to the
| temporary file passed on the command line.
|
|
|>Do i have to have perl running in my xp machine?
|
|
| No.
|
|
|
| -------------------------------------------------------
| The SF.Net email is sponsored by: Beat the post-holiday blues
| Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
| It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
| _______________________________________________
| Openvpn-users mailing list
| Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
| https://lists.sourceforge.net/lists/listinfo/openvpn-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5Yq7XuDuuXe+pHkRArDNAKCxWtL2m19g18hlbw6kS41tEx8fUQCgqr+x
EIp+VhqlLu96tVRFVXdoo58=
=p/fA
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users