|
|
In answering a question asked on the #openvpn channel on
irc.freenode.org, I noticed that the origional mailing list post with my
DNS update script isn't readily available via either Google, GMANE or
the openvpn.net archive.
There was at one point in time when I had a message sent to this mailing
list removed at the request of my employer -- I suspect that this was
the message in question, and will this time avoid making the extranious
comment which resulted in said request being sent.
In any event, this permits me to post a version with any bug fixes (and,
IIRC, there have indeed been some). Note that it's expected that:
* all certificates' common names will be valid DNS names
(foo.vpn.mycompany.com)
* FWDZONE is set to the forward-lookup zone where such names will
be added (vpn.mycompany.com)
* REVZONE is set to the reverse-lookup zone appropriate given the
address range in use (99.168.192.in-addr.arpa)
Have fun!
------------------------------------------------------------------------------
#!/bin/bash
DNSSERVER="10.0.0.254" ## your DNS server
FWDZONE="vpn.isgenesis.com" ## forward resolution zone (ie. vpn.company.com)
REVZONE="99.168.192.in-addr.arpa" ## reverse resolution zone (ie. "1.0.0.in-addr.arpa")
NSUOPTS="" ## extra arguments for nsupdate (ie. "-k /path/to/key")
if [ -n "$DEBUG" ] ; then
NSUOPTS="$NSUOPTS -d"
set -x
fi
reverseRecord() {
echo $1 | sed -re 's/^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$/\4.\3.\2.\1.in-addr.arpa./'
}
addRecord() {
local ADDRESS="$1"
local CN="$2"
local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
local REVERSE=$(reverseRecord $ADDRESS)
cat >$TEMPFILE <<EOF
server $DNSSERVER
zone $FWDZONE
update delete ${CN}. A
update add ${CN}. 3600 A $ADDRESS
send
EOF
if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
nsupdate $NSUOPTS $TEMPFILE
cat >$TEMPFILE <<EOF
server $DNSSERVER
zone $REVZONE
update delete $REVERSE PTR
update add $REVERSE 3600 PTR $CN.
send
EOF
if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
nsupdate $NSUOPTS $TEMPFILE
rm -f $TEMPFILE
}
removeRecord() {
local ADDRESS="$1"
local CN="$2"
local TEMPFILE=$(mktemp /tmp/nsupdate.XXXXXX)
local REVERSE=$(reverseRecord $ADDRESS)
cat >$TEMPFILE <<EOF
server $DNSSERVER
zone $FWDZONE
update delete ${CN}. A
send
EOF
if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
nsupdate $NSUOPTS $TEMPFILE
cat >$TEMPFILE <<EOF
server $DNSSERVER
zone $REVZONE
update delete $REVERSE PTR
send
EOF
if [ -n "$DEBUG" ] ; then cat $TEMPFILE; fi
nsupdate $NSUOPTS $TEMPFILE
rm -f $TEMPFILE
}
getCN() {
local IPADDR=$1
local FULLNAME=$(dig +noadditional +noqr +noquestion +nocmd +noauthority +nostats +nocomments -x ${IPADDR} | gawk '{print $5}')
if [ -n "$FULLNAME" ] ; then
echo $FULLNAME | sed -re 's/\.$//'
return 0
else
return 1
fi
}
case "$script_type" in
learn-address)
OPERATION=$1
ADDRESS=$2
CN=$3
REVERSE=$(reverseRecord $ADDRESS)
case "$OPERATION" in
add|update)
addRecord "$ADDRESS" "$CN"
;;
delete)
CN=$(getCN "$ADDRESS")
removeRecord "$ADDRESS" "$CN"
;;
*)
echo "ERROR: don't know operation \"$OPERATION\"."
exit 1
esac
;;
*)
echo "\"${script_type}\" not handled"
esac
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00146.html on line 301
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-08/msg00146.html on line 301
|