make-static-ip 3.07 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/bash 
#
#
# fixing script up to be called as an option from all the build-ovs scripts
# script to add static ip for client and setup shorewall params


#setting the COMMONNAME to $1
COMMONNAME=$1

. /etc/openvpn-server/config.sh

CCDDIR=/etc/openvpn/ccd/
Matthew Smith's avatar
Matthew Smith committed
14
SHOREWALLVARS=/etc/shorewall/openvpn.vars
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
IPPREFIX=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf |grep 'server '|cut -f2 -d' '|cut -f1,2,3 -d.`.

IP=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f2 -d' '`
SUBNET=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f3 -d' '`

#initialise in case this is the first time

case $FIREWALLED in
        yes)
        ;;
        *)
        mkdir -p $CCDDIR > /dev/null
sed -ibackup -e "/openvpn\.vars/d" /etc/shorewall/params
sed -ibackup -e "/#LAST/i\
\.\ $SHOREWALLVARS" /etc/shorewall/params
sed -ibackup -e "/FIREWALLED/d" /etc/openvpn-server/config.sh
echo FIREWALLED=yes >> /etc/openvpn-server/config.sh
        ;;
esac

function prompt_restart_shorewall () {
	read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
    if [ "$SHOREWALLYN" = "y" ] ; then
        echo "OK proceeding"
		shorewall restart
    else
        exit
    fi
}

function get_new_ip() {
Matthew Smith's avatar
Matthew Smith committed
46
	local newip=""
47
48
49
	local s_ip=$1
	local s_subnet=$2
	for i in `/usr/share/openvpn-server/calc-ip-range.sh -i $s_ip -s $s_subnet | sed -n "6~4p"` ; do
Matthew Smith's avatar
Matthew Smith committed
50
51
52
53
54
        if [ `grep "ifconfig-push" $CCDDIR* | grep "$i" | wc -l` -eq 0 ] ; then
            local newip="$i";
            break;
        fi

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

	done

	echo "$newip"
}


#Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints.
#They must be taken from successive /30 subnets in order to be compatible with Windows clients
#and the TAP-Win32 driver.
#Specifically, the last octet in the IP address of each endpoint pair must be taken from this set:
#
#    [  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18]
#    [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38]
#    [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58]
#    [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78]
#    [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98]
#    [101,102] [105,106] [109,110] [113,114] [117,118]
#    [121,122] [125,126] [129,130] [133,134] [137,138]
#    [141,142] [145,146] [149,150] [153,154] [157,158]
#    [161,162] [165,166] [169,170] [173,174] [177,178]
#    [181,182] [185,186] [189,190] [193,194] [197,198]
#    [201,202] [205,206] [209,210] [213,214] [217,218]
#    [221,222] [225,226] [229,230] [233,234] [237,238]
#    [241,242] [245,246] [249,250] [253,254]
#

Matthew Smith's avatar
Matthew Smith committed
82
ip=$(get_new_ip $IP $SUBNET);
83

Matthew Smith's avatar
Matthew Smith committed
84
if [ -x $ip ] ; then
85
86
87
	echo "we appear to have run out of ip's, fix it"
	echo "then run \$ $0 $COMMONNAME"
else
Matthew Smith's avatar
Matthew Smith committed
88
    IFS='.' read -ra ipnums <<< $ip
89
90
	(( ipnums[3]++ ))
	newgw=$(echo ${ipnums[*]} | sed "s/ /\./g")
Matthew Smith's avatar
Matthew Smith committed
91
    echo "your new ip will be $ip"
92
93
	echo "your new gateway will be $newgw"
	echo "writing new ccd for you"
Matthew Smith's avatar
Matthew Smith committed
94
    echo ifconfig-push $ip $newgw > $CCDDIR$COMMONNAME
95

Matthew Smith's avatar
Matthew Smith committed
96
97
98
    echo "writing new shorewall vars"
    grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
    prompt_restart_shorewall
99
100
101
102
103

fi


exit 0