HOW TO: RANDOM IP CONNECT TO YOUR MULTI-IP OPENVPN SERVER

[xauen]

What is it all about?
This script shall enable you to connect to all your VPN server IP using only a single config randomly.

What do you need?
1. A VPN server assuming you already know how to set it up.
2. Multiple IPs means 2 or more.
3. linux coding skills and basic iptables knowledge.
4. Little hardwork
5. This setup is made in CentOS but you can also make this on Ubuntu as long as you have a working openvpn server.


a. Assuming you have already setup your Openvpn server with a single config and you have more than one(1) IP address on that server. Lets say you have 4 IP's and dont want to setup a config for each one. We shall assume that:

111.111.111.111 is your Main IP (the IP you will give to clients)
222.222.222.222 is second IP
333.333.333.333 is third IP
444.444.444.444 is fourth IP

b. You will need to change your server config to below (but not literally like that. It all depends on what you want) but the most important thing to include is script-security 2, client-connect and client-disconnect. The plugin line depends on your authentication mechanism. I am using radius system.

Code: Select all

local 111.111.111.111 #- change it with your server ip address
port 1194 #- change the port you want
proto udp #- protocol can be tcp or udp
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /etc/openvpn/rad/radiusplugin.so 
script-security 2
client-connect /etc/openvpn/clientconnect.sh
client-disconnect /etc/openvpn/clientdisconnect.sh
client-cert-not-required
username-as-common-name
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
verb 3

c. You will need to make a clientconnect.sh and clientdisconnect.sh (can be different name but for easier understanding i will use this name) and save it.

Code: Select all

nano /etc/openvpn/clientconnect.sh

Put inside:

Code: Select all

#!/bin/bash

IPTABLES='/sbin/iptables'

NUMBER=$(($RANDOM%4+1))
array=(0 111.111.111.111 222.222.222.222 333.333.333.333 444.444.444)
len=${#array[*]} #Num elements in array
i=1

while [ $i -lt $len ]; do
if [ "$NUMBER" -eq "$i" ]; then
$IPTABLES -t nat -A POSTROUTING -s $ifconfig_pool_remote_ip -o eth0 -j SNAT --to-source ${array[$i]}
fi
let i++
done

Code: Select all

nano /etc/openvpn/clientdisconnect.sh

Put inside

Code: Select all

#!/bin/bash

IPTABLES='/sbin/iptables'


array=(0 111.111.111.111 222.222.222.222 333.333.333.333 444.444.444.444)
len=${#array[*]} #Num elements in array
i=1

while [ $i -lt $len ]; do
$IPTABLES -t nat -D POSTROUTING -s $ifconfig_pool_remote_ip -o eth0 -j SNAT --to-source ${array[$i]}
let i++
done

d. Finally, make the scripts executable and restart your openvpn server.

Code: Select all

chmod +x /etc/openvpn/clientconnect.sh
chmod +x /etc/openvpn/clientdisconnect.sh

[mercadeoshop]

Hi, i follow all the steps but still every time i connect get the same ip, here is my server.conf

Code: Select all

port 443 #- change the port you want
proto tcp #- protocol can be tcp or udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
script-security 2
client-connect "/etc/openvpn/clientconnect.sh"
client-disconnect "/etc/openvpn/clientdisconnect.sh"
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
verb 3
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
reneg-sec 0
duplicate-cn