Scripting and IPv6

Now that IPv6 addresses are more common, it is instructive to show how IPv6 addresses are passed from the server to client-side scripts. Basically, all environment variables that existed for IPv4 addresses also exist for IPv6, simply by appending or inserting _ipv6 to the environment variable. In this recipe, we will show you how to process these environment variables.

Getting ready

Install OpenVPN 2.3 or higher on two computers. Make sure that the computers are connected over a network. Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.10., and the client was running Fedora 22 and OpenVPN 2.3.10. For the server, keep the server configuration file, basic-udp-server.conf, from the Server-side routing recipe, from Chapter 2Client-server IP-only Networks.

How to do it...

  1. Append two lines to the server configuration file, basic-udp-server.conf:
            push "route-ipv6 2001:610:120::111:0:1/96" 
            push "route-ipv6 2001:610:120::222:0:1/96" 
    
  2. Save it as example5-8-server.conf.
  3. Start the server:
    [root@server]# openvpn --config example5-8-server.conf
    
  4. Next, create the client configuration file:
            client 
            proto udp 
            remote openvpnserver.example.com 
            port 1194 
     
            dev tun 
            nobind 
     
            ca       /etc/openvpn/cookbook/ca.crt 
            cert     /etc/openvpn/cookbook/client1.crt 
            key      /etc/openvpn/cookbook/client1.key 
            tls-auth /etc/openvpn/cookbook/ta.key 1 
     
            remote-cert-tls server 
            script-security 2 
            up "/etc/openvpn/cookbook/example5-8.sh" 
     
            route-up "/etc/openvpn/cookbook/example5-8.sh" 
     
    
  5. Save it as example5-8-client.conf.
  6. Create the following script:
            #!/bin/bash 
     
            exec >> /tmp/example5-10.log 2>&1 
            date +"%H:%M:%S: START $script_type script ===" 
            export | grep ipv6 
            date +"%H:%M:%S: END $script_type script ==="  
    
  7. Save it as example5-8-script.sh.
  8. Make sure that the example5-8.sh script is executable, and then start the client:
    [root@client]# chmod 755 example5-8.sh
    [root@client]# openvpn --config example5-8-client.conf
    
  9. After the client has is connected, check the client-side log file, /tmp/example5-8.log:
            16:19:58: START up script === 
     
            declare -x ifconfig_ipv6_local="2001:610:120::200:0:1001" 
            declare -x ifconfig_ipv6_netbits="112" 
            declare -x ifconfig_ipv6_remote="2001:610:120::200:0:2" 
            declare -x route_ipv6_gateway_1="2001:610:120::200:0:2" 
            declare -x route_ipv6_gateway_2="2001:610:120::200:0:2" 
            declare -x route_ipv6_network_1="2001:610:120::111:0:1/96" 
            declare -x route_ipv6_network_2="2001:610:120::222:0:1/96"
            16:19:58: END up script === 
            16:19:58: START route-up script === 
            declare -x ifconfig_ipv6_local="2001:610:120::200:0:1001" 
            declare -x ifconfig_ipv6_netbits="112" 
            declare -x ifconfig_ipv6_remote="2001:610:120::200:0:2" 
            declare -x route_ipv6_gateway_1="2001:610:120::200:0:2" 
            declare -x route_ipv6_gateway_2="2001:610:120::200:0:2" 
            declare -x route_ipv6_network_1="2001:610:120::111:0:1/96" 
            declare -x route_ipv6_network_2="2001:610:120::222:0:1/96" 
            16:19:58: END route-up script === 
    

How it works...

The OpenVPN server assigns an IPv6 address to the client and also pushes out two IPv6 routes to the client using the push "route-ipv6 ..." directive. The client picks up these directives and passes them on to the up and route-up scripts. These scripts only show the environment variables that have ipv6 in them, which gives a good overview of the IPv6 settings that are available to scripts and plugins.

There's more...

Be careful when passing IPv6 routes to clients that contain the IPv6 address of the server itself—these routes can take precedence over an existing route to the server, causing the VPN connection to stall.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.40.212