[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] how to set up more tunnels?


  • Subject: Re: [Openvpn-users] how to set up more tunnels?
  • From: Terry Inzauro <tinzauro@xxxxxxxxxxxxxxxx>
  • Date: Fri, 14 Jan 2005 14:27:34 -0600

osgaldo wrote:
Can some one tell me if I need to write a different tunnel.conf file for each vpn I create (tunnel2.con, tunnel3.conf...)?, Or do I have to put it on the same file?.
Do I have (should?) to create different keys for each tunnels? also in separate files?


Sorry if this is allready explained in the Docs, but I wasnt able to find it...
would apreciate if you could paste me the url where it is explained.



Thanks in advance

               Osgaldo-.


------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users


I manage a lot of tunnels and threw together a little perl script to aid in the creation of the configs. I'm not a perl programmer so don't laugh. I liked the ability to control who/what port/and where the users were able to connect from and that is why I desiged it they way I did.

Basically the script creates server configs(the .nsc files), .conf files(client configs), and static keys, then it zips them and enters the passwords to unzip the files into a plaintext file for reference. you will also need a password generation script(or feel free to remove the zip'ing stuff altogether)

This may not be what you had in mind, but it may get the gears turning in the right direction.

I'd like to hear some constructive criticism if at all possible.


_Terry
#!/usr/bin/perl

######## Edit the following 4 variables to crate the desired configs for their respective point 2 point vpn subnets. leave everything else alone!!!!!
$port = 2251;
$oc1 = 10;
$oc2 = 22;
$oc3 = 51;
########

my $openvpn = '/opt/openvpn/sbin/openvpn';
my $zip = '/usr/bin/zip';

$oc4 = 0;
$locip = 1;
$remip = 2;
$passdb = "$prefix/$newdir/$oc1.$oc2.$oc3.db";
$newdir = "$prefix/$oc1.$oc2.$oc3";
$prefix = "/opt/openvpn/etc";
$clientconfdir = "$prefix/$oc1.$oc2.$oc3.client";
$pass = "$prefix/genpass.sh";

if (-d "$prefix/$newdir") {
   print STDOUT "Directory for subnet $newdir already exists. Check your variables and try again.\n\n";
   exit;
}

else {
   mkdir "$prefix/$newdir", 0700;
   chdir "$prefix/$newdir";
}


if (-e "$passdb") {
   print STDOUT "The password db for subnet $oc1.$oc2.$oc3 alrady exists. Which means someone made a mistake, or the subnet has already been allocated. Check your variables and try again.\n\n";
   exit;
}



else {
  $counter = 0;
  while ($count <= 62) {
 
############ start the server config generation

 	# populate the $passwd scalar with the value returned by `$pass`
 	$passwd = `$pass`; 
 	chomp $passwd;
 
 	# self explanatory
 	$oc4n = $oc4; 
 
 	# create the server config file with filehandle NSC(new server conf)
        open NSC, ">", "$oc1.$oc2.$oc3.$oc4n.nsc"  or die "Cant open file: $!\n";
 	  
 	open PASSDB, ">>", "$oc1.$oc2.$oc3.db" or die "Cant open file $oc1.$oc2.$oc3.db: $!\n";
 	print PASSDB "the passsword / port for tunnel $oc1.$oc2.$oc3.$oc4n.zip  is $passwd / $port \n"; 
 
 	# populate NSC
 	print NSC "ifconfig $oc1.$oc2.$oc3.$locip $oc1.$oc2.$oc3.$remip\n",
	"secret $oc1.$oc2.$oc3.$oc4n.key\n",
	"port $port\n","dev tun\n",
	"user nobody\n",
	"group nobody\n",
	"persist-tun\n",
	"persist-key\n",
	"daemon\n";
 
 	# generate the ovpn keys
 	system($openvpn." --genkey --secret $oc1.$oc2.$oc3.$oc4n.key");
 
	# Set the perms
	chmod(0400, "$prefix/$newdir/$passdb");	
	chmod(0600, "$prefix/$newdir/$oc1.$oc2.$oc3.$oc4n.key");	

############ start the client config generation

	# create the config file for the client with filehandle NCC(new client conf)
        open NCC, ">", "$oc1.$oc2.$oc3.$oc4n.conf"  or die "Cant open file: $!\n";

	# populate NCC
        print NCC "ifconfig $oc1.$oc2.$oc3.$remip $oc1.$oc2.$oc3.$locip\n",
	"route 10.10.10.0 255.255.255.240\n",
	"remote remote.vpn.host.com\n",
	"secret $oc1.$oc2.$oc3.$oc4n.key\n",
	"port $port\n",
	"route-delay 15\n",
	"dev tun\n",
	"persist-tun\n",
	"persist-key\n",
	"mssfix\n",
	"ping 15\n",
	"ping-restart 45\n",
	"ping-timer-rem\n",
	"persist-key\n",
	"verb 3\n";

 	#define the @zip array(used to zip client configs)
 	#print STDOUT "using $passwd for $oc1.$oc2.$oc3.$oc4n.zip\n";
 	@zip = ("zip", "-P",  "$passwd", "$oc1.$oc2.$oc3.$oc4n.zip", "$oc1.$oc2.$oc3.$oc4n.conf", "$oc1.$oc2.$oc3.$oc4n.key");
 
 	# Call the @zip array via system
 	system(@zip) == 0 or die "system @zip failed: $?";

 	# Increment that shit 
	$locip = $locip + 4;
	$remip = $remip + 4;
	$port = ++$port;
        $oc4n = $oc4n + 4;
        $oc4 = $oc4n;
        $count++;
  }
}