scripts

misc scripts and tools
git clone git://git.2f30.org/scripts
Log | Files | Refs

2f30-vpn (3750B)

      1 #!/bin/sh -e
      2 
      3 basedir=/tmp/tinc/2f30
      4 os=$(uname)
      5 command -v tincd >/dev/null || {
      6 	echo tincd is not installed 1>&2
      7 	exit 1
      8 }
      9 command -v curl >/dev/null || {
     10 	echo curl is not installed 1>&2
     11 	exit 1
     12 }
     13 
     14 if test -e $basedir; then
     15 	echo $basedir already exists, please remove it 1>&2
     16 	exit 1
     17 fi
     18 
     19 cat << EOF
     20 Welcome to the 2f30 VPN generation script.
     21 This script will generate the necessary tinc configuration
     22 files for use on an OpenBSD/Linux client.
     23 
     24 EOF
     25 
     26 mkdir -p $basedir
     27 chmod 750 $basedir
     28 
     29 mkdir -p $basedir/hosts
     30 chmod 750 $basedir/hosts
     31 
     32 echo -n "Machine name (not FQDN): "
     33 read name
     34 
     35 echo -n "IP address (ask sin@2f30.org to get one): "
     36 read address
     37 
     38 echo -n "Device (tun is the default): "
     39 read device
     40 
     41 if test -z $device; then
     42 	device="tun0"
     43 fi
     44 
     45 if test $os = Linux; then
     46 command -v ip >/dev/null || {
     47 	echo ip is not installed 1>&2
     48 	exit 1
     49 }
     50 
     51 cat > $basedir/tinc.conf << EOF
     52 Name = $name
     53 AddressFamily = ipv4
     54 Interface = $device
     55 ConnectTo = hydra
     56 EOF
     57 chmod 640 $basedir/tinc.conf
     58 
     59 cat > $basedir/tinc-up << EOF
     60 ip link set \$INTERFACE up
     61 ip addr add $address/24 dev \$INTERFACE
     62 EOF
     63 chmod 750 $basedir/tinc-up
     64 
     65 cat > $basedir/tinc-down << EOF
     66 ip addr del $address/24 dev \$INTERFACE
     67 ip link set \$INTERFACE down
     68 EOF
     69 chmod 750 $basedir/tinc-down
     70 
     71 elif test $os = OpenBSD; then
     72 cat > $basedir/tinc.conf << EOF
     73 Name = $name
     74 AddressFamily = ipv4
     75 Device = /dev/$device
     76 ConnectTo = hydra
     77 EOF
     78 chmod 640 $basedir/tinc.conf
     79 
     80 cat > $basedir/tinc-up << EOF
     81 ifconfig $device $address netmask 255.255.255.0
     82 EOF
     83 chmod 750 $basedir/tinc-up
     84 
     85 cat > $basedir/tinc-down << EOF
     86 ifconfig $device down
     87 EOF
     88 chmod 750 $basedir/tinc-down
     89 else
     90 echo os not supported 1>&2
     91 fi
     92 
     93 cat > $basedir/hosts/hydra << EOF
     94 Address = vpn.2f30.org
     95 Subnet = 172.17.0.1/32
     96 
     97 -----BEGIN RSA PUBLIC KEY-----
     98 MIICCgKCAgEAzrogASxp53i717fwzxoCCQQ8aYX0+/G4vqzqDlOfi18QKfjoIhVM
     99 kaf2/vmCZtPeq1K4S/OyBjviqWbZ5KDIcJRpCBhwOvHJSyegGuWR+OKWxiU0wzjA
    100 KvdtDf6KlJeyeeggmQ85hL7LkdLiiJSYQ83nhD+d0+cN7YxIOPQyw448hCUJqKWb
    101 +rMZCqd8x838tXlhnBur3bEUS5z8lRzdsNbd7Hm63hRwN0AKogFaR+n44hHqbirb
    102 ACXTwkYsrEFpr4myDwrmmA6P85yPqyZs6KHW4Pbv9f1afruOtyhPFAZ/Y7xCexXn
    103 37SF42lgtKAFopG+z0BHuZUqSZx5P6wI1EyeaAz3b7SkDo+x1WnEH7nlesB4hUh0
    104 OuSmXaGxZs81EKLgVpex1JC27SHC8FR3UX5MGuUFhGE9xXnGlEi6h/e6KoBeZ6Fa
    105 6vOxYzMKRkiztUOW+qWvLIE/OoOiwwmSHXwX2TQkILBPAZe5uIGtLSeP9qdUQGDU
    106 8A0DGGGShEaS5vUZV5Y9B0kKv7jlLYC1WXbSySd/iC3MxCHg1tvlaDqzb81GgnGt
    107 d67ELS9a2K9letkOX19A13pZ/QTGiJYSC0UaHIzKXZ5X0yjVfqcY74NDFsdgXGkw
    108 eEsFn5hPzjauXCDmUzvzJ6VqAZXOYeV9rmtlt7ohHI+lOY/UClRh5lcCAwEAAQ==
    109 -----END RSA PUBLIC KEY-----
    110 EOF
    111 chmod 640 $basedir/hosts/hydra
    112 
    113 cat > $basedir/hosts/$name << EOF
    114 Subnet = $address/32
    115 EOF
    116 
    117 tincd -c $basedir -K 4096 << EOF
    118 
    119 
    120 EOF
    121 chmod 640 $basedir/hosts/$name
    122 echo
    123 
    124 cat << EOF
    125 Configuration complete.  Move $basedir to /etc/tinc.
    126 
    127 EOF
    128 
    129 if test $os = OpenBSD; then
    130 cat << EOF
    131 Adjust ownership:
    132 
    133 	chown -R root:_tinc /etc/tinc/2f30
    134 
    135 EOF
    136 
    137 cat << EOF
    138 To automatically start tincd on boot, your /etc/rc.conf.local
    139 needs to be adjusted:
    140 
    141 	tincd_flags="-U _tinc --chroot -n 2f30"
    142 	pkg_scripts="tincd"
    143 
    144 EOF
    145 
    146 cat << EOF
    147 Remember to update pf.conf to allow traffic on the tunnel
    148 interface as shown below:
    149 
    150 	pass on $device
    151 
    152 EOF
    153 fi
    154 
    155 cat << EOF
    156 There is a recursive DNS resolver on the VPN.  It also acts
    157 as an authoritative DNS server for the 2f30 TLD.  If you are using
    158 unbound, the following should be added to the configuration:
    159 
    160 	local-zone: "0.17.172.in-addr.arpa." transparent
    161 
    162 	forward-zone:
    163 	        name: "2f30."
    164 	        forward-addr: 172.17.0.1
    165 
    166 	forward-zone:
    167 	        name: "0.17.172.in-addr.arpa."
    168 	        forward-addr: 172.17.0.1
    169 
    170 EOF
    171 
    172 cat << EOF
    173 Your host's public key will be submitted to ix.io.  Email the URL
    174 to sin@2f30.org to have this host activated.
    175 
    176 EOF
    177 
    178 curl -F 'f:1=<-' ix.io < $basedir/hosts/$name
    179 echo
    180 echo Enjoy!