Automatically put on alliases on tun interface

[Xenon_Sk]

Hello, i have one problem
I have a lot of linux/bsd clients on my vpn servers and each client beside the ip i push in ccd using ifconfig-push can have several iroutes, which i use to route different ip`s and subnets.
Now when i add an iroute to ccd i need to edit the up script on the client side where i ad "ip rule" rules and aliases configuration like "ifconfig tun0:0" .
I want to make that automatically.
I thought i can use the "route_{parm}_{n}" enviromental variables to grep the ips and netmask which i have "irouted" using iroute in ccd and put them using ifconfig on the client in a while cycle.
I have created ccd with one ifconfig-push and one iroute directives and in up script on client side i have printed route_network_1 and route_network_2 to the file.
First parameter was equal to the ip address of the openvpn server gateway ip and the second one was empty. Probably i misunderstand the meaning of that parameter, so i should solve the problem using another way.
Please help me,
Really tired off editing up scripts on client servers each time i add/remove IPs from their ccd`s

[gladiatr72]

Hello,

I'm not getting a clear picture of what you're trying to accomplish.

When responding, please describe in detail what your end-goal is and perhaps we can work backwards from there.

All I've gotten so far is:
. multiple openvpn servers
. various clients have varying number of networks behind them
. not only assigning an IP to the client but also want to assign additional IPs to sub-interfaces you're creating on the client side
. you want the server to be aware of the IP addresses assigned to the various sub-interfaces on the client systems and route packets accordingly

Regards,
Stephen

[Xenon_Sk]

I have a linux vpn server. It also used as a BGP router, so it routes many subnets.
I use ccd to give to each of my clients special ips or networks they buy.
So now if clilent buys three IPs a put in his ccd:
ifconfig-push IP1 vpn_gate_ip
iroute IP2 255.255.255.255
iroute IP3 255.255.255.255

And then to make them work on the client besides the up script i have:

Code: Select all

/sbin/ip rule add from $4 table vpn
/sbin/ip ro ad default via $5 table vpn

... which forces the packet with src ip equals to vpn ip to go throught the vpn tunnel,

i have to add to the up script additional the policy routing rules and ifconfig directives:

Code: Select all

/sbin/ip rule add from IP2 table vpn
/sbin/ip rule add from IP3 table vpn

/sbin/ifconfig tun0:0 IP2
/sbin/ifconfig tun0:1 IP3

And every time i change these IPs in ccd i have to go to the client, correct the up script by removing old ips, adding new ones.
Also if the entire network is iroute`d to the client i do not have to call ifconfig commands because client will do it hisself. I need only to execute "ip rule"
So somehow on the client i need to get all iroute directives which has been added to his ccd file and then according to the netmask perform needed actions.

[Xenon_Sk]

Is it really impossible to get the list of ips which have been routed with "iroute" to the certain client on the client machin?

[Xenon_Sk]

Wrote a script myself.
We have ccd file:

Code: Select all

ifconfig-push 10.108.0.7 10.108.0.1
iroute 10.108.0.10 255.255.255.255
iroute 10.108.0.11 255.255.255.255
iroute 10.108.0.12 255.255.255.255

When we start VPN process on the client the tun0 brings up with the ip 10.108.0.7
So to be able to use other IPs we need to do

ifcofing tun0:0 10.108.0.10
ifconfig tun0:1 10.108.0.11
ifconfig tun0:2 10.108.0.12

And also (plus to "ip rule" on the 10.108.0.7 IP) execute some ip rules commands

Code: Select all

/sbin/ip rule add from 10.108.0.10 table vpn
/sbin/ip rule add from 10.108.0.11 table vpn
/sbin/ip rule add from 10.108.0.12 table vpn

I wanted just to automate the process of this. So could change the ccd on the server and do not care about the scripts and configs the client has - i just need to force a connection restart and then the client would automatically get new ips working. So i came up with a little UP script.

Code: Select all

#!/bin/bash
#Policy routing for "ifconfig-push" IP
/sbin/ip rule add from $5 table $1
/sbin/ip ro ad default via $6 table $1

#Policy routing and ifconfig execs for each "iroute" IP 
i=0
buf="OPENVPN_alias$i"
while [ -n "${!buf}" ]; do
        ifconfig $2:$i ${!buf}
        /sbin/ip rule add from ${!buf} table $1
        ((i++))
        buf="OPENVPN_alias$i"

done

In order to make that work i need to modify ccd so:

Code: Select all

ifconfig-push 10.108.0.7 10.108.0.1
iroute 10.108.0.10 255.255.255.255
iroute 10.108.0.11 255.255.255.255
iroute 10.108.0.12 255.255.255.255
push "setenv-safe alias0 10.108.0.10"
push "setenv-safe alias1 10.108.0.11"
push "setenv-safe alias2 10.108.0.12"

I could not find any other way to grab those alias IPs from the VPN server.
So now if i want to add one more IP to the client i just add "iroute" and "setenv-safe" directives and trigger reconnect action vie openvpn managment interface. After the clirent reconnects all aliases are put automatically including the new IP.