User:GNUtoo/E350M1/vpn client server only
From ParabolaWiki
< User:GNUtoo | E350M1
VPN client setup
I have a VPN that gives me a static public IPv4 address, and some static public IPv6 addresses. The goal is to put some services on top of that IP address, such as a public DNS(NS) server.
So this setup is very different from the standard use cases where:
- Everything is tunelled trough the vpn
- The vpn is used to access some internal network services
Instead here:
- Nothing is tunelled trough the vpn but the replies to the queries that goes trough the vpn
- The services will listen on the vpn's interface and be able to reply
/etc/openvpn/fdn.conf:
client dev fdn0 dev-type tun # tcp and udp available at fdn proto udp # Tell the server when we disconnect explicit-exit-notify remote vpn.fdn.fr 1194 ca /etc/openvpn/auth/ca.crt auth-user-pass /etc/openvpn/auth/fdn.conf # We don't rely on the VPN security anyway # so we'll bother with ns-cert-type server, and so on later. # (so at least the password is kept safe) # Wait a bit before adding the routes route-delay 2 # Dynamic client port nobind # Persistency across restart persist-key persist-tun tun-ipv6 script-security 2 ifconfig-noexec up "/etc/openvpn/updown/fdn.sh up" down "/etc/openvpn/updown/fdn.sh down" verb 3
/etc/openvpn/updown/fdn.sh:
#!/bin/sh cmd="$1" fdn0="252" #TODO: #ip -6 addr add 2001:910:1314::1/64 dev fdn0 if [ "${cmd}" == "up" ] ; then ip link set dev fdn0 up mtu 1500 ip -4 addr add dev fdn0 80.67.179.20/22 broadcast 80.67.179.255 ip -4 route add 80.67.169.57/32 via 192.168.1.254 ip -4 route add table ${fdn0} 0.0.0.0/1 via 80.67.179.1 ip -4 route add table ${fdn0} 128.0.0.0/1 via 80.67.179.1 ip rule add from 80.67.179.20 table ${fdn0} fi exit 0