Commit 97cb9c04 authored by Girish Ramakrishnan's avatar Girish Ramakrishnan

Allow the network to be changed and persisted

Fixes #20
parent 9eee404c
### Cloudron OpenVPN configuration
### Only specific options can be changed. Be sure to read the docs on what options
### are supported before editing this file - https://cloudron.io/documentation/apps/openvpn/
# Server TCP # Server TCP
mode server mode server
tls-server tls-server
...@@ -17,6 +21,8 @@ cipher AES-256-CBC ...@@ -17,6 +21,8 @@ cipher AES-256-CBC
auth SHA256 auth SHA256
# Network # Network
# The OpenVPN app is only tested against the /24 subnet mask.
# Be sure to fixup the DNS server address if you change the network
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp" push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1" push "dhcp-option DNS 10.8.0.1"
...@@ -41,3 +47,5 @@ client-connect /app/code/hooks/openvpn-on-client-connect.sh ...@@ -41,3 +47,5 @@ client-connect /app/code/hooks/openvpn-on-client-connect.sh
client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh client-disconnect /app/code/hooks/openvpn-on-client-disconnect.sh
learn-address /app/code/hooks/openvpn-on-learn-address.sh learn-address /app/code/hooks/openvpn-on-learn-address.sh
# Custom options go here
...@@ -46,7 +46,9 @@ sed -e "s/^port .*/port ${VPN_TCP_PORT:-}/" \ ...@@ -46,7 +46,9 @@ sed -e "s/^port .*/port ${VPN_TCP_PORT:-}/" \
-i /app/data/openvpn.conf -i /app/data/openvpn.conf
# Add iptables rules for NATing VPN traffic # Add iptables rules for NATing VPN traffic
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE network=$(cat /app/data/openvpn.conf | sed -ne 's/^server \(.*\) .*$/\1/p')
echo "==> Configuring nat rules for ${network}"
iptables -t nat -A POSTROUTING -s $network/24 -o eth0 -j MASQUERADE
# Clear all hosts on startup # Clear all hosts on startup
mkdir -p /run/dnsmasq/hosts mkdir -p /run/dnsmasq/hosts
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment