This script shall enable you to connect to all your VPN server IP using only a single config randomly.
What do you need?
1. A VPN server assuming you already know how to set it up.
2. Multiple IPs means 2 or more.
3. linux coding skills and basic iptables knowledge.
4. Little hardwork
5. This setup is made in CentOS but you can also make this on Ubuntu as long as you have a working openvpn server.
a. Assuming you have already setup your Openvpn server with a single config and you have more than one(1) IP address on that server. Lets say you have 4 IP's and dont want to setup a config for each one. We shall assume that:
111.111.111.111 is your Main IP (the IP you will give to clients)
222.222.222.222 is second IP
333.333.333.333 is third IP
444.444.444.444 is fourth IP
b. You will need to change your server config to below (but not literally like that. It all depends on what you want) but the most important thing to include is script-security 2, client-connect and client-disconnect. The plugin line depends on your authentication mechanism. I am using radius system.
Code: Select all
local 111.111.111.111 #- change it with your server ip address
port 1194 #- change the port you want
proto udp #- protocol can be tcp or udp
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /etc/openvpn/rad/radiusplugin.so
script-security 2
client-connect /etc/openvpn/clientconnect.sh
client-disconnect /etc/openvpn/clientdisconnect.sh
client-cert-not-required
username-as-common-name
server 10.9.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
verb 3
Code: Select all
nano /etc/openvpn/clientconnect.sh
Code: Select all
#!/bin/bash
IPTABLES='/sbin/iptables'
NUMBER=$(($RANDOM%4+1))
array=(0 111.111.111.111 222.222.222.222 333.333.333.333 444.444.444)
len=${#array[*]} #Num elements in array
i=1
while [ $i -lt $len ]; do
if [ "$NUMBER" -eq "$i" ]; then
$IPTABLES -t nat -A POSTROUTING -s $ifconfig_pool_remote_ip -o eth0 -j SNAT --to-source ${array[$i]}
fi
let i++
done
Code: Select all
nano /etc/openvpn/clientdisconnect.sh
Code: Select all
#!/bin/bash
IPTABLES='/sbin/iptables'
array=(0 111.111.111.111 222.222.222.222 333.333.333.333 444.444.444.444)
len=${#array[*]} #Num elements in array
i=1
while [ $i -lt $len ]; do
$IPTABLES -t nat -D POSTROUTING -s $ifconfig_pool_remote_ip -o eth0 -j SNAT --to-source ${array[$i]}
let i++
done
d. Finally, make the scripts executable and restart your openvpn server.
Code: Select all
chmod +x /etc/openvpn/clientconnect.sh
chmod +x /etc/openvpn/clientdisconnect.sh