Hardcode config for new IP range

dappnode · Dec 27, 2023 · 65eefa0 · 65eefa0
1 parent 0dc5fde
commit 65eefa0
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 10 deletions.
diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig
@@ -272,6 +272,19 @@ while getopts ":a:e:E:C:T:r:s:du:bcp:n:k:DNm:f:tz2" opt; do
   esac
 done
 
+# HARDCODED CONFIG AFTER IP RANGE MIGRATION
+
+echo "Applying config after IP range migration to private IP block..."
+
+# Set DNS servers to Bind
+OVPN_DNS_SERVERS=("10.20.0.2")
+
+# Set server subnet
+OVPN_SERVER="10.20.0.240/28"
+
+# Push route to server subnet
+OVPN_PUSH=("route 10.20.0.0 255.255.255.0")
+
 # Create ccd directory for static routes
 [ ! -d "${OPENVPN:-}/ccd" ] && mkdir -p ${OPENVPN:-}/ccd
 
@@ -307,10 +320,10 @@ set -u
 
 # Clean file to not concatenate config
 # Syntax `true > $PATH` deletes the contents of $PATH without deleting the file
-true > $OVPN_ENV
+true >$OVPN_ENV
 
 (set | grep '^OVPN_') | while read -r var; do
-  echo "declare -x $var" >> "$OVPN_ENV"
+  echo "declare -x $var" >>"$OVPN_ENV"
 done
 
 conf=${OPENVPN:-}/openvpn.conf

diff --git a/src/src/openvpn/openvpnConfig.ts b/src/src/openvpn/openvpnConfig.ts
@@ -2,6 +2,7 @@ import fs from "fs";
 import { shell, shellArgs } from "../utils/shell";
 import { directoryIsEmptyOrEnoent } from "../utils/fs";
 import { PKI_PATH, PROXY_ARP_PATH } from "../params";
+import { logs } from "../logs";
 
 /**
  * Initializes the OpenVPN configuration
@@ -14,24 +15,30 @@ export async function initalizeOpenVpnConfig(hostname: string): Promise<void> {
     EASYRSA_REQ_CN: hostname
   };
 
+  logs.info("Initializing OpenVPN configuration");
+
   // Initialize config and PKI
-  // -c: Client to Client
-  // -d: disable default route (disables NAT without '-N')
-  // -p "route 172.33.0.0 255.255.0.0": Route to push to the client
-  // -n "172.33.1.2": DNS server (BIND)
-  await shellArgs(
+  // -c: Enable traffic among the clients connected to the VPN
+  // -d: Disable default route (disables NAT without '-N'). Only specific traffic will go through the VPN
+  // -u "udp://<hostname>": Hostname the clients will use to connect to the VPN
+  // -s Subnet the server will use to assign IPs to the clients
+  // -p "route 10.20.0.0 255.255.255.0": Route to push to the client
+  // -n "10.20.0.2": DNS server (BIND)
+  const output = await shellArgs(
     "ovpn_genconfig",
     {
       c: true,
       d: true,
       u: `udp://"${hostname}"`,
-      s: "172.33.8.0/22",
-      p: `"route 172.33.0.0 255.255.0.0"`,
-      n: `"172.33.1.2"`
+      s: "10.20.0.240/28",
+      p: `"route 10.20.0.0 255.255.255.0"`,
+      n: `"10.20.0.2, 172.33.1.2"`
     },
     { env: { ...process.env, ...openVpnEnv } }
   );
 
+  logs.info(`OpenVPN configuration output:\n\n${output}\n\n`);
+
   // Check if PKI is initalized already, if not use hostname as CN
   if (directoryIsEmptyOrEnoent(PKI_PATH))
     await shell("ovpn_initpki nopass", {