Created
June 19, 2009 13:23
-
-
Save toto/132609 to your computer and use it in GitHub Desktop.
OpenVPN gets you out of your HTTP-Proxy misery (With some OpenSolaris specific details)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # For OpenSolaris | |
| # The Bridge module from http://www.whiteboard.ne.jp/~admin2/tuntap/ | |
| # brings a brdgadm tool | |
| # Removing | |
| # $1 is the interface which will be brought up | |
| pfexec /usr/local/bin/brdgadm -d $1 | |
| # the Network card name your system uses to connect to your local network | |
| pfexec /usr/local/bin/brdgadm -d rge0 | |
| pfexec /usr/local/bin/brdgadm -a $1 | |
| pfexec /usr/local/bin/brdgadm -a rge0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # your home connection needs some kind of DynDNS | |
| remote your.dyndns.org 443 | |
| # for HTTP-Proxy support we need to use tcp-client mode | |
| proto tcp-client | |
| # Tap is used so we avoid routing configuration | |
| dev tap | |
| client | |
| nobind | |
| persist-key | |
| persist-tun | |
| # use the easy-rsa script to generate those | |
| # details here: http://openvpn.net/index.php/open-source/documentation/howto.html#pki | |
| ca ./ca.crt | |
| cert ./client.crt | |
| key ./client.key | |
| ns-cert-type server | |
| # accept config options from the server | |
| pull | |
| # compress everything. CPU is cheap, bandwidth is not | |
| comp-lzo | |
| # can be turned down if everything is working, produces less output | |
| verb 3 | |
| # mute repeating messages after 20 occurances | |
| mute 20 | |
| # always retry resolving the remote hostname | |
| resolv-retry infinite | |
| # Your http proxy (that needs to support CONNECT-Method, fortunately most do) | |
| http-proxy 23.42.23.42 8080 | |
| # retry on connection failures | |
| http-proxy-retry | |
| # fake Safari, just to be sure | |
| http-proxy-option AGENT "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; de-de) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tap is used so we avoid routing configuration | |
| dev tap | |
| # for HTTP-Proxy support we need to use tcp-server mode | |
| proto tcp-server | |
| # the first IP is the one of the gateway in your home network, the second the subnetmask | |
| # the last two are the range from which OpenVPN hands out IPs, theses should be outside | |
| # of your servers range | |
| server-bridge 192.168.1.1 255.255.255.0 192.168.1.223 192.168.1.233 | |
| # required so we can execute scripts lik e | |
| script-security 3 | |
| # this is dependent on you OS. | |
| # you need to reset the bridge device here | |
| # Linux howto: | |
| # http://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html | |
| # I will include my OpenSolaris version in this Gist | |
| up "./bridge-reset.sh" | |
| # Well, it's supposed to be a server isn't it. | |
| # For debugging comment this out. | |
| daemon | |
| # use the easy-rsa script to generate those | |
| # details here: http://openvpn.net/index.php/open-source/documentation/howto.html#pki | |
| ca/etc/openvpn/keys/ca.crt | |
| cert /etc/openvpn/keys/server.crt | |
| key /etc/openvpn/keys/server.key # This file should be kept secret | |
| dh /etc/openvpn/keys/dh1024.pem | |
| # I would not use keepalive, but if you have a | |
| # time based connection you can hardly avoid it. | |
| #keepalive 10 60 | |
| # change the IPs to the ones of your local router | |
| push "route-gateway 192.168.1.1" | |
| push "dhcp-option DNS 192.168.1.1" | |
| # if set to 5 it loggs every time Tx/Rx a packet, useful to debug | |
| verb 3 | |
| comp-lzo | |
| # Logging and PIDs (note that the log will be overwritten each time. | |
| # log-append will append not overwrite | |
| log /var/log/openvpn.log | |
| writepid /var/run/openvpn.pid | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> | |
| <service_bundle type="manifest" name="openvpn"> | |
| <service name="application/network/openvpn" type="service" version="1"> | |
| <dependency name="network" grouping="require_all" restart_on="none" type="service"> | |
| <service_fmri value="svc:/milestone/network:default"/> | |
| </dependency> | |
| <exec_method type="method" name="start" exec="/lib/svc/method/openvpn %m" timeout_seconds="2"/> | |
| <exec_method type="method" name="stop" exec=":kill" timeout_seconds="2"> | |
| </exec_method> | |
| <instance name="vpn_bridge" enabled="false"> | |
| <method_context> | |
| <method_credential user="root" group="root"/> | |
| </method_context> | |
| <property_group name="openvpn" type="application"> | |
| <propval name="config_file" type="astring" value="/usr/local/etc/openvpn/server.conf" /> | |
| </property_group> | |
| </instance> | |
| <stability value="Evolving"/> | |
| <template> | |
| <common_name> | |
| <loctext xml:lang="C">OpenVPN</loctext> | |
| </common_name> | |
| <documentation> | |
| <manpage title="openvpn" section="1"/> | |
| <doc_link name="openvpn.org" uri="http://openvpn.org"/> | |
| </documentation> | |
| </template> | |
| </service> | |
| </service_bundle> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| . /lib/svc/share/smf_include.sh | |
| getproparg() { | |
| val=`svcprop -p $1 $SMF_FMRI` | |
| [ -n "$val" ] && echo $val | |
| } | |
| if [ -z "$SMF_FMRI" ]; then | |
| echo "SMF framework variables are not initialized." | |
| exit $SMF_EXIT_ERR | |
| fi | |
| OPENVPNBIN='/usr/local/sbin/openvpn' | |
| CONFIG_FILE=`getproparg openvpn/config_file` | |
| if [ -z "$CONFIG_FILE" ]; then | |
| echo "openvpn/config_file property not set" | |
| exit $SMF_EXIT_ERR_CONFIG | |
| fi | |
| case "$1" in | |
| 'start') | |
| # This needs to be done to allow reloading tun and tap drivers | |
| # TODO: Enumerate all tun/tap devices | |
| ifconfig tun0 unplumb 2>/dev/null | |
| ifconfig tap0 unplumb 2>/dev/null | |
| $OPENVPNBIN --config $CONFIG_FILE | |
| ;; | |
| 'stop') | |
| echo "not implemented" | |
| ;; | |
| 'refresh') | |
| echo "not implemented" | |
| ;; | |
| *) | |
| echo $"Usage: $0 {start|refresh}" | |
| exit 1 | |
| ;; | |
| esac | |
| exit $SMF_EXIT_OKt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment