commit bd99be98283684f05340b81dfbf04cb375d14087 parent a1498d72d49d93bd903787caec37617e1bef9d3e Author: sin <sin@2f30.org> Date: Thu, 31 Dec 2015 15:30:04 +0000 Add 2f30 VPN generation script Diffstat:
A | 2f30-vpn | | | 96 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 96 insertions(+), 0 deletions(-)
diff --git a/2f30-vpn b/2f30-vpn @@ -0,0 +1,96 @@ +#!/bin/sh + +basedir=/tmp/tinc/2f30 + +if test -e $basedir; then + echo "$basedir already exists, please remove it" 1>&2 + exit 1 +fi + +echo Welcome to the 2f30 VPN generation script. +echo This script will generate the necessary tinc configuration +echo files for use on an OpenBSD client. +echo + +mkdir -p $basedir/hosts + +echo -n "Machine name (not FQDN): " +read name + +echo -n "Device (tun0 is the default): " +read device +if test -z $device; then + device="tun0" +fi + +echo -n "IP address (ask sin@2f30.org to get one): " +read address + +cat > $basedir/tinc.conf << EOF +Name = $name +AddressFamily = ipv4 +Device = /dev/$device +ConnectTo = hydra +EOF + +cat > $basedir/tinc-up << EOF +ifconfig $device $address netmask 255.255.255.0 +EOF +chmod +x $basedir/tinc-up + +cat > $basedir/tinc-down << EOF +ifconfig $device down +EOF +chmod +x $basedir/tinc-down + +cat > $basedir/hosts/hydra << EOF +Address = 62.210.123.140 +Subnet = 172.17.0.1/32 + +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEAzrogASxp53i717fwzxoCCQQ8aYX0+/G4vqzqDlOfi18QKfjoIhVM +kaf2/vmCZtPeq1K4S/OyBjviqWbZ5KDIcJRpCBhwOvHJSyegGuWR+OKWxiU0wzjA +KvdtDf6KlJeyeeggmQ85hL7LkdLiiJSYQ83nhD+d0+cN7YxIOPQyw448hCUJqKWb ++rMZCqd8x838tXlhnBur3bEUS5z8lRzdsNbd7Hm63hRwN0AKogFaR+n44hHqbirb +ACXTwkYsrEFpr4myDwrmmA6P85yPqyZs6KHW4Pbv9f1afruOtyhPFAZ/Y7xCexXn +37SF42lgtKAFopG+z0BHuZUqSZx5P6wI1EyeaAz3b7SkDo+x1WnEH7nlesB4hUh0 +OuSmXaGxZs81EKLgVpex1JC27SHC8FR3UX5MGuUFhGE9xXnGlEi6h/e6KoBeZ6Fa +6vOxYzMKRkiztUOW+qWvLIE/OoOiwwmSHXwX2TQkILBPAZe5uIGtLSeP9qdUQGDU +8A0DGGGShEaS5vUZV5Y9B0kKv7jlLYC1WXbSySd/iC3MxCHg1tvlaDqzb81GgnGt +d67ELS9a2K9letkOX19A13pZ/QTGiJYSC0UaHIzKXZ5X0yjVfqcY74NDFsdgXGkw +eEsFn5hPzjauXCDmUzvzJ6VqAZXOYeV9rmtlt7ohHI+lOY/UClRh5lcCAwEAAQ== +-----END RSA PUBLIC KEY----- +EOF + +cat > $basedir/hosts/$name << EOF +Subnet = $address/32 +EOF + +tincd -c $basedir -n 2f30 -K 4096 << EOF + + +EOF +echo + +echo "Configuration complete. Move $basedir to /etc/tinc" +echo and adjust permissions and ownership as needed. +echo +echo To automatically start tincd on boot, your /etc/rc.conf.local +echo needs to be adjusted: +echo +cat << EOF +tincd_flags="-U _tinc --chroot -n 2f30" +pkg_scripts="tincd" +EOF +echo +echo Remember to update pf.conf to allow traffic on the tunnel +echo interface as shown below: +echo "pass on $device" +echo + +echo Your hosts public key will be submitted to sprunge.us. Email the URL +echo to sin@2f30.org to enable access for your machine on the server. +echo +curl -F 'sprunge=<-' http://sprunge.us < $basedir/hosts/$name +echo +echo Enjoy!