Corrections
darcs-hash:20080304125252-af139-093af21107d9ff5907d32e380cc6c5511c311fb4.gz
This commit is contained in:
Jeremie Dimino
parent
71ea3f7535
commit
cb3b38982c
5 changed files with 31 additions and 21 deletions
|
|
@ -5,6 +5,7 @@
|
||||||
daemon tun-ovh
|
daemon tun-ovh
|
||||||
dev tun-ovh
|
dev tun-ovh
|
||||||
|
|
||||||
|
mode server
|
||||||
tls-server
|
tls-server
|
||||||
ca /etc/ssl/certs/root.pem
|
ca /etc/ssl/certs/root.pem
|
||||||
cert /etc/ssl/certs/vpn.pem
|
cert /etc/ssl/certs/vpn.pem
|
||||||
|
|
@ -15,7 +16,7 @@ log-append /var/log/openvpn/ovh.log
|
||||||
|
|
||||||
port 1194
|
port 1194
|
||||||
|
|
||||||
# Du côté crans, le vpn reste toujours actif
|
# Du cote crans, le vpn reste toujours actif
|
||||||
keepalive 15 45
|
keepalive 15 45
|
||||||
persist-tun
|
persist-tun
|
||||||
|
|
||||||
|
|
@ -23,6 +24,6 @@ verb 3
|
||||||
|
|
||||||
dh /etc/openvpn/dh1024.pem
|
dh /etc/openvpn/dh1024.pem
|
||||||
|
|
||||||
# Configuration du réseau lorsque ovh se connecte
|
# Configuration du reseau lorsque ovh se connecte
|
||||||
client-connect /etc/openvpn/ovh.connect
|
client-connect /etc/openvpn/ovh.connect
|
||||||
client-disconnect /etc/openvpn/ovh.disconnect
|
client-disconnect /etc/openvpn/ovh.disconnect
|
||||||
|
|
|
||||||
|
|
@ -5,11 +5,16 @@
|
||||||
# Configuration lorsque ovh se connecte via se point du reseau (komaz
|
# Configuration lorsque ovh se connecte via se point du reseau (komaz
|
||||||
# ou titanic)
|
# ou titanic)
|
||||||
|
|
||||||
iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
|
echo "ovh connected"
|
||||||
|
|
||||||
|
iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
|
||||||
my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
|
my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
|
||||||
ovh_ip=10.231.136.8
|
ovh_ip=10.231.136.8
|
||||||
|
|
||||||
ip addr add $my_ip peer $ovh_ip/32 dev $iface
|
ip addr add $my_ip peer $ovh_ip/32 dev tun-ovh
|
||||||
ip link set up dev $iface
|
ip link set up dev tun-ovh
|
||||||
ip neigh add proxy $ovh_ip dev $iface
|
ip neigh add proxy $ovh_ip dev $iface
|
||||||
|
|
||||||
|
cat > $1 <<EOF
|
||||||
|
ifconfig-push $ovh_ip 255.255.255.0
|
||||||
|
EOF
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,10 @@
|
||||||
#
|
#
|
||||||
# Configuration lorsque la connexion avec ovh est perdue
|
# Configuration lorsque la connexion avec ovh est perdue
|
||||||
|
|
||||||
iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
|
echo "ovh disconnected"
|
||||||
|
|
||||||
|
iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
|
||||||
ovh_ip=10.231.136.8
|
ovh_ip=10.231.136.8
|
||||||
|
|
||||||
ip neigh del proxy $ovh_ip dev $iface
|
ip neigh del proxy $ovh_ip dev $iface
|
||||||
ip link set down dev $iface
|
ip link set down dev tun-ovh
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
# -*- coding: utf-8; mode: python -*-
|
# -*- coding: utf-8; mode: python -*-
|
||||||
|
|
||||||
remote="komaz"
|
remote="komaz"
|
||||||
|
remote_vpn="komaz"
|
||||||
dump("template/openvpn")
|
dump("template/openvpn")
|
||||||
|
|
|
||||||
|
|
@ -1,34 +1,35 @@
|
||||||
# -*- coding: utf-8; mode: python -*-
|
# -*- coding: utf-8; mode: python -*-
|
||||||
|
|
||||||
header("Configuration du tunnel entre %s et %s" %s (hostname, remote))
|
include("ip")
|
||||||
|
|
||||||
|
header("Configuration du tunnel entre %s et %s" % (hostname, remote))
|
||||||
|
|
||||||
print """
|
print """
|
||||||
daemon tun-main
|
daemon tun-%(remote_name)s
|
||||||
dev tun-main
|
dev tun-%(remote_name)s
|
||||||
|
|
||||||
tls-server
|
tls-client
|
||||||
ca /etc/ssl/certs/root.pem
|
ca /etc/ssl/certs/root.pem
|
||||||
cert /etc/ssl/certs/vpn.pem
|
cert /etc/ssl/certs/vpn.pem
|
||||||
tls-verify "/usr/share/openvpn/verify-cn komaz.vpn.crans.org"
|
tls-verify "/usr/share/openvpn/verify-cn komaz.vpn.crans.org"
|
||||||
key /etc/ssl/private/vpn.pem
|
key /etc/ssl/private/vpn.pem
|
||||||
|
|
||||||
log-append /var/log/openvpn/%s.log
|
log-append /var/log/openvpn/%(remote_name)s.log
|
||||||
|
|
||||||
port 1194
|
port 1194
|
||||||
|
|
||||||
ifconfig %(local)s %(remote_vpn)s
|
ifconfig %(local_vpn_ip)s %(remote_vpn_ip)s
|
||||||
route 10.231.136.0 255.255.255.0 vpn_gateway
|
route 10.231.136.0 255.255.255.0 vpn_gateway
|
||||||
|
|
||||||
ping-timer-rem
|
ping 15
|
||||||
keepalive 10 60
|
ping-exit 45
|
||||||
persist-tun
|
|
||||||
|
|
||||||
verb 3
|
verb 3
|
||||||
|
|
||||||
dh /etc/openvpn/dh1024.pem
|
dh /etc/openvpn/dh1024.pem
|
||||||
|
|
||||||
remote %s
|
remote %(remote_pub_ip)s
|
||||||
""" % (remote,
|
""" % { "remote_name": remote,
|
||||||
admipof("ovh"),
|
"local_vpn_ip": admipof("ovh"),
|
||||||
admipof(remote_vpn or remote),
|
"remote_vpn_ip": admipof(remote_vpn),
|
||||||
pubipof(remote))
|
"remote_pub_ip": pubipof(remote) }
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue