VPN client setup

I have a VPN that gives me a static public IPv4 address, and some static public IPv6 addresses. The goal is to put some services on top of that IP address, such as a public DNS(NS) server.

So this setup is very different from the standard use cases where:

• Everything is tunelled trough the vpn
• The vpn is used to access some internal network services

Instead here:

• Nothing is tunelled trough the vpn but the replies to the queries that goes trough the vpn
• The services will listen on the vpn's interface and be able to reply

/etc/openvpn/fdn.conf:

client
dev fdn0
dev-type tun

# tcp and udp available at fdn
proto udp

# Tell the server when we disconnect
explicit-exit-notify

remote vpn.fdn.fr 1194

ca /etc/openvpn/auth/ca.crt
auth-user-pass /etc/openvpn/auth/fdn.conf

# We don't rely on the VPN security anyway
# so we'll bother with ns-cert-type server, and so on later.
# (so at least the password is kept safe)

# Wait a bit before adding the routes
route-delay 2

# Dynamic client port
nobind

# Persistency across restart
persist-key
persist-tun

tun-ipv6
script-security 2
ifconfig-noexec
up "/etc/openvpn/updown/fdn.sh up"
down "/etc/openvpn/updown/fdn.sh down"

verb 3

/etc/openvpn/updown/fdn.sh:

#!/bin/sh
cmd="$1"
fdn0="252"

#TODO:
#ip -6 addr add 2001:910:1314::1/64 dev fdn0

if [ "${cmd}" == "up" ] ; then
  ip link set dev fdn0 up mtu 1500
  ip -4 addr add dev fdn0 80.67.179.20/22 broadcast 80.67.179.255
  ip -4 route add 80.67.169.57/32 via 192.168.1.254
  ip -4 route add table ${fdn0} 0.0.0.0/1 via 80.67.179.1
  ip -4 route add table ${fdn0} 128.0.0.0/1 via 80.67.179.1
  ip rule add from 80.67.179.20 table ${fdn0}
fi

exit 0