20
20
# This gets zipped and run on the cloudpipe-managed OpenVPN server
22
export SUPERVISOR="http://10.255.255.1:8773/cloudpipe"
23
export VPN_IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'`
24
export BROADCAST=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $1}'`
25
export DHCP_MASK=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $1}'`
23
export VPN_IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $$1}'`
24
export BROADCAST=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $$1}'`
25
export DHCP_MASK=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $$1}'`
26
26
export GATEWAY=`netstat -r | grep default | cut -d' ' -f10`
27
export SUBJ="/C=US/ST=California/L=MountainView/O=AnsoLabs/OU=NovaDev/CN=customer-vpn-$VPN_IP"
29
DHCP_LOWER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 10 }'`
30
DHCP_UPPER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 1 }'`
28
DHCP_LOWER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - ${num_vpn} }'`
29
DHCP_UPPER=`echo $$BROADCAST | awk -F. '{print $$1"."$$2"."$$3"." $$4 - 1 }'`
32
31
# generate a server DH
33
32
openssl dhparam -out /etc/openvpn/dh1024.pem 1024
35
# generate a server priv key
36
openssl genrsa -out /etc/openvpn/server.key 2048
38
# generate a server CSR
39
openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -batch -subj "$SUBJ"
42
CSRTEXT=`cat /etc/openvpn/server.csr`
43
CSRTEXT=$(python -c "import urllib; print urllib.quote('''$CSRTEXT''')")
45
# SIGN the csr and save as server.crt
46
# CURL fetch to the supervisor, POSTing the CSR text, saving the result as the CRT file
47
curl --fail $SUPERVISOR -d "cert=$CSRTEXT" > /etc/openvpn/server.crt
48
curl --fail $SUPERVISOR/getca/ > /etc/openvpn/ca.crt
34
cp crl.pem /etc/openvpn/
35
cp server.key /etc/openvpn/
36
cp ca.crt /etc/openvpn/
37
cp server.crt /etc/openvpn/
50
38
# Customize the server.conf.template
53
sed -e s/VPN_IP/$VPN_IP/g server.conf.template > server.conf
54
sed -i -e s/DHCP_SUBNET/$DHCP_MASK/g server.conf
55
sed -i -e s/DHCP_LOWER/$DHCP_LOWER/g server.conf
56
sed -i -e s/DHCP_UPPER/$DHCP_UPPER/g server.conf
41
sed -e s/VPN_IP/$$VPN_IP/g server.conf.template > server.conf
42
sed -i -e s/DHCP_SUBNET/$$DHCP_MASK/g server.conf
43
sed -i -e s/DHCP_LOWER/$$DHCP_LOWER/g server.conf
44
sed -i -e s/DHCP_UPPER/$$DHCP_UPPER/g server.conf
57
45
sed -i -e s/max-clients\ 1/max-clients\ 10/g server.conf
59
echo "\npush \"route 10.255.255.1 255.255.255.255 $GATEWAY\"\n" >> server.conf
60
echo "\npush \"route 10.255.255.253 255.255.255.255 $GATEWAY\"\n" >> server.conf
61
echo "\nduplicate-cn\n" >> server.conf
47
echo "push \"route ${dmz_net} ${dmz_mask} $$GATEWAY\"" >> server.conf
48
echo "duplicate-cn" >> server.conf
49
echo "crl-verify /etc/openvpn/crl.pem" >> server.conf
63
51
/etc/init.d/openvpn start