forked from angristan/openvpn-install
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfigure-split-tunnel.sh
More file actions
82 lines (70 loc) · 2.59 KB
/
configure-split-tunnel.sh
File metadata and controls
82 lines (70 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
# Configure split tunnel on existing OpenVPN server
# Run this script on the VPN server (49.13.166.174)
set -e
# Default networks to route through VPN
SPLIT_NETWORKS="${SPLIT_NETWORKS:-10.10.10.0/24}"
# Check if running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Check if OpenVPN is installed
if [ ! -f /etc/openvpn/server.conf ]; then
echo "OpenVPN server.conf not found!"
exit 1
fi
echo "Configuring split tunnel for OpenVPN..."
echo "Networks to route through VPN: $SPLIT_NETWORKS"
# Backup current config
cp /etc/openvpn/server.conf /etc/openvpn/server.conf.backup.$(date +%Y%m%d_%H%M%S)
echo "Backup created."
# Remove existing redirect-gateway directive
sed -i '/push "redirect-gateway/d' /etc/openvpn/server.conf
# Remove existing route pushes (we'll add new ones)
sed -i '/push "route /d' /etc/openvpn/server.conf
# Add new route pushes for split tunnel
IFS=',' read -ra NETWORKS <<< "$SPLIT_NETWORKS"
for network in "${NETWORKS[@]}"; do
network=$(echo "$network" | xargs) # trim whitespace
if [[ $network =~ ^([0-9.]+)/([0-9]+)$ ]]; then
NET_ADDR="${BASH_REMATCH[1]}"
CIDR="${BASH_REMATCH[2]}"
# Convert CIDR to netmask
case $CIDR in
8) NETMASK="255.0.0.0" ;;
16) NETMASK="255.255.0.0" ;;
24) NETMASK="255.255.255.0" ;;
32) NETMASK="255.255.255.255" ;;
*) NETMASK="255.255.255.0" ;; # default to /24
esac
echo "push \"route $NET_ADDR $NETMASK\"" >> /etc/openvpn/server.conf
echo "Added route: $NET_ADDR $NETMASK"
fi
done
# Update client template if exists
if [ -f /etc/openvpn/client-template.txt ]; then
# Remove block-outside-dns from template
sed -i '/block-outside-dns/d' /etc/openvpn/client-template.txt
echo "Client template updated (removed block-outside-dns)"
fi
# Restart OpenVPN
echo "Restarting OpenVPN..."
if systemctl is-active --quiet openvpn@server; then
systemctl restart openvpn@server
elif systemctl is-active --quiet openvpn-server@server; then
systemctl restart openvpn-server@server
else
systemctl restart openvpn
fi
echo ""
echo "Split tunnel configured successfully!"
echo ""
echo "IMPORTANT: Existing clients need to reconnect for changes to take effect."
echo "If clients still route all traffic through VPN, they may need new .ovpn files."
echo ""
echo "To generate new client config, run:"
echo " ./openvpn-install.sh"
echo ""
echo "Current server.conf routing configuration:"
grep -E "push.*route|redirect-gateway" /etc/openvpn/server.conf || echo " (no route/redirect-gateway lines found)"