OpenVPN

From Smop.co.uk

Jump to: navigation, search

Hopefully this will save someone else a little time. I setup OpenVPN to get access to a remote site (really nice bit of software BTW). However there aren't any simple scripts on how to setup a Linux client to accept pushed DNS and DHCP options. The only one I found was in Python, which I'd rather avoid.

On the server side you need something like: 

push "dhcp-option DNS 192.168.1.1"
push "dhcp-option DOMAIN example.com"

On the client side you need these lines (in addition to the usual options): 

up /etc/openvpn/domain.up
plugin /usr/lib/openvpn/openvpn-down-root.so /etc/openvpn/domain.down

I'll explain the reason for the plugin near the end of this article. These scripts will be called with environment variables like: 

foreign_option_1='dhcp-option DNS 192.168.1.1'

We use Thomas Hood's nice resolvconf package (for Debian) to do the grunt work, we just ask it to add details for the device in question (tun0 for me) and then to regenerate the /etc/resolv.conf file. So domain.up is: 

#!/bin/sh

# really naff script to add nameserver entry on up

DEV=$1
set | sed -n "
  s/^foreign_option_.* DNS \\(.*\\)'/nameserver \\1/; T next; p;
  :next; s/^foreign_option_.* DOMAIN \\(.*\\)'/domain \\1/; T; p;
  " | resolvconf -a $DEV
resolvconf -u

When the link drops we call domain.down to remove details of the device and then update /etc/resolv.conf. 

#!/bin/sh

# really naff script to delete nameserver entry on down
DEV=$1
resolvconf -d $DEV
resolvconf -u

Normally openvpn drops root priviledges early on, which would stop this from working, so we have to use that openvpn-drop-root.so plugin in order to run this as root.

That's it!

Retrieved from "http://www.smop.co.uk/mediawiki/index.php/OpenVPN"
Personal tools