mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-27 23:46:07 +03:00
Avoid some duplication by using more variables
This commit is contained in:
parent
96108e6b2e
commit
610c56b826
@ -19,6 +19,9 @@ if [[ ! -e /dev/net/tun ]]; then
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
INTERNALSUBNET=10.8.0.0
|
||||||
|
INTERNALNETMASKSLASH=24
|
||||||
|
INTERNALNETMASK=255.255.255.0
|
||||||
|
|
||||||
if grep -qs "CentOS release 5" "/etc/redhat-release"; then
|
if grep -qs "CentOS release 5" "/etc/redhat-release"; then
|
||||||
echo "CentOS 5 is too old and not supported"
|
echo "CentOS 5 is too old and not supported"
|
||||||
@ -136,16 +139,16 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
if pgrep firewalld; then
|
if pgrep firewalld; then
|
||||||
# Using both permanent and not permanent rules to avoid a firewalld reload.
|
# Using both permanent and not permanent rules to avoid a firewalld reload.
|
||||||
firewall-cmd --zone=public --remove-port=$PORT/udp
|
firewall-cmd --zone=public --remove-port=$PORT/udp
|
||||||
firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
|
firewall-cmd --zone=trusted --remove-source=$INTERNALSUBNET/$INTERNALNETMASKSLASH
|
||||||
firewall-cmd --permanent --zone=public --remove-port=$PORT/udp
|
firewall-cmd --permanent --zone=public --remove-port=$PORT/udp
|
||||||
firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
|
firewall-cmd --permanent --zone=trusted --remove-source=$INTERNALSUBNET/$INTERNALNETMASKSLASH
|
||||||
fi
|
fi
|
||||||
if iptables -L | grep -qE 'REJECT|DROP'; then
|
if iptables -L | grep -qE 'REJECT|DROP'; then
|
||||||
sed -i "/iptables -I INPUT -p udp --dport $PORT -j ACCEPT/d" $RCLOCAL
|
sed -i "/iptables -I INPUT -p udp --dport $PORT -j ACCEPT/d" $RCLOCAL
|
||||||
sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" $RCLOCAL
|
sed -i "/iptables -I FORWARD -s $INTERNALSUBNET\/$INTERNALNETMASKSLASH -j ACCEPT/d" $RCLOCAL
|
||||||
sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL
|
sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL
|
||||||
fi
|
fi
|
||||||
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
|
sed -i '/iptables -t nat -A POSTROUTING -s $INTERNALSUBNET\/$INTERNALNETMASKSLASH -j SNAT --to /d' $RCLOCAL
|
||||||
if which sestatus; then
|
if which sestatus; then
|
||||||
if sestatus | grep "Current mode" | grep -qs "enforcing"; then
|
if sestatus | grep "Current mode" | grep -qs "enforcing"; then
|
||||||
if [[ "$PORT" != '1194' ]]; then
|
if [[ "$PORT" != '1194' ]]; then
|
||||||
@ -240,7 +243,7 @@ cert server.crt
|
|||||||
key server.key
|
key server.key
|
||||||
dh dh.pem
|
dh dh.pem
|
||||||
topology subnet
|
topology subnet
|
||||||
server 10.8.0.0 255.255.255.0
|
server $INTERNALSUBNET $INTERNALNETMASK
|
||||||
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
|
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
|
||||||
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
||||||
# DNS
|
# DNS
|
||||||
|
Loading…
Reference in New Issue
Block a user