Added outside interface option to wizards

Added option to choose outside interface, so firewall can be configured properly. Solved #2

Author: SloCompTech

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+### 1.0.4 - IPv6 docs, improved wizards
+
+- Added instructions for IPv6 configuration
+- Added outside interface option to setup wizards
 ### 1.0.3 - New examples, fixes, more docs
 
 - Updated instructions

README.md

@@ -60,15 +60,8 @@ services:
       - net.ipv6.conf.all.disable_ipv6=0
       - net.ipv6.conf.default.forwarding=1
       - net.ipv6.conf.all.forwarding=1
-    networks:
-      mynetwork:
-        ipv4_address: 10.0.0.5
-        ipv6_address: 2001:1111::5
-    
-networks:
-  mynetwork:
-    driver: host
-    enable_ipv6: true
+    network_mode: host
+
 ```
 
 ## Parameters
@@ -114,13 +107,15 @@ If you are new to containers please see rather [Detailed first setup guide](docs
 
   ``` bash
   ovpn_enconf basic_nat
+  #Out interface [eth0]: <interface connected to the Internet>
   #Protocol udp, tcp, udp6, tcp6 [udp]:
   #VPN network [10.0.0.0]:
   #Port [1194]:
   #Public IP or domain of server: <YOUR PUBLIC IP>
   #DNS1 [8.8.8.8]:
   #DNS2 [8.8.4.4]:
   ```
+
 4. Enable **port forwarding** on your router so OpenVPN server will be accessible from the internet.
 5. Add clients
 

docs/SetupGuide.md

@@ -95,6 +95,7 @@ This is simple setup guide to help you get started. It uses the simplest configu
 
   ``` bash
   ovpn_enconf basic_nat
+  #Out interface [eth0]: <interface connected to the Internet>
   #Protocol udp, tcp, udp6, tcp6 [udp]:
   #VPN network [10.0.0.0]:
   #Port [1194]:

root/defaults/example/config/basic_nat/hooks/down/10-network.sh

@@ -8,14 +8,14 @@
 ovpn-iptables -D INPUT -p udp -m udp --dport $PORT -j ACCEPT -m comment --comment "Open OpenVPN port"
 
 # Disable LAN protection of VPN
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 10.0.0.0/8 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 192.168.0.0/16 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 172.16.0.0/12 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 10.0.0.0/8 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 192.168.0.0/16 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 172.16.0.0/12 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
 
 # Disable Routing Internet <--> VPN network
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
-ovpn-iptables -D FORWARD -i eth0 -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
+ovpn-iptables -D FORWARD -i $OUT_INT -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
 
 # Disable NAT for VPN traffic
-ovpn-iptables -t nat -D POSTROUTING -s $NETWORK_ADDRESS/24 -o eth0 -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
+ovpn-iptables -t nat -D POSTROUTING -s $NETWORK_ADDRESS/24 -o $OUT_INT -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
 

root/defaults/example/config/basic_nat/hooks/up/10-network.sh

@@ -8,14 +8,14 @@
 ovpn-iptables -A INPUT -p udp -m udp --dport $PORT -j ACCEPT -m comment --comment "Open OpenVPN port"
 
 # Protect LANs after VPN
-ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 10.0.0.0/8 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
-ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 192.168.0.0/16 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
-ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -d 172.16.0.0/12 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 10.0.0.0/8 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 192.168.0.0/16 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
+ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -d 172.16.0.0/12 -j REJECT -m comment --comment "Drop traffic VPN --> LANs"
 
 # Allow Routing Internet <--> VPN network
-ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
-ovpn-iptables -A FORWARD -i eth0 -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
+ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
+ovpn-iptables -A FORWARD -i $OUT_INT -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
 
 # Preform NAT for VPN traffic
-ovpn-iptables -t nat -A POSTROUTING -s $NETWORK_ADDRESS/24 -o eth0 -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
+ovpn-iptables -t nat -A POSTROUTING -s $NETWORK_ADDRESS/24 -o $OUT_INT -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
 

root/defaults/example/config/basic_nat/wizard

@@ -29,6 +29,11 @@ if not os.path.isdir(TEMP_PATH):
     print("Specified directory does not exist")
     sys.exit(2)
 
+# Select output interface
+out_int = input("Out interface [eth0]:")
+if len(out_int) == 0:
+    out_int = "eth0"
+
 # Select protocol
 protocol = input("Protocol udp, tcp, udp6, tcp6 [udp]:")
 AVAILABLE_PROTOCOLS = ["udp", "tcp", "udp6", "tcp6"]
@@ -65,6 +70,7 @@ if len(dns2) == 0:
 
 # Write to server config
 vars = [
+    ("$OUT_INT", out_int),
     ("$PROTO", protocol),
     ("$PORT", port),
     ("$NETWORK_ADDRESS", network),

root/defaults/example/config/basic_nat_wlp/hooks/down/10-network.sh

@@ -8,9 +8,9 @@
 ovpn-iptables -D INPUT -p udp -m udp --dport $PORT -j ACCEPT -m comment --comment "Open OpenVPN port"
 
 # Disable Routing Internet <--> VPN network
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
-ovpn-iptables -D FORWARD -i eth0 -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
+ovpn-iptables -D FORWARD -i $OUT_INT -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
 
 # Disable NAT for VPN traffic
-ovpn-iptables -t nat -D POSTROUTING -s $NETWORK_ADDRESS/24 -o eth0 -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
+ovpn-iptables -t nat -D POSTROUTING -s $NETWORK_ADDRESS/24 -o $OUT_INT -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
 

root/defaults/example/config/basic_nat_wlp/hooks/up/10-network.sh

@@ -8,9 +8,9 @@
 ovpn-iptables -A INPUT -p udp -m udp --dport $PORT -j ACCEPT -m comment --comment "Open OpenVPN port"
 
 # Allow Routing Internet <--> VPN network
-ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
-ovpn-iptables -A FORWARD -i eth0 -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
+ovpn-iptables -A FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
+ovpn-iptables -A FORWARD -i $OUT_INT -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
 
 # Preform NAT for VPN traffic
-ovpn-iptables -t nat -A POSTROUTING -s $NETWORK_ADDRESS/24 -o eth0 -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
+ovpn-iptables -t nat -A POSTROUTING -s $NETWORK_ADDRESS/24 -o $OUT_INT -j MASQUERADE -m comment --comment "NAT traffic VPN --> Internet"
 

root/defaults/example/config/basic_nat_wlp/wizard

@@ -29,6 +29,11 @@ if not os.path.isdir(TEMP_PATH):
     print("Specified directory does not exist")
     sys.exit(2)
 
+# Select output interface
+out_int = input("Out interface [eth0]:")
+if len(out_int) == 0:
+    out_int = "eth0"
+
 # Select protocol
 protocol = input("Protocol udp, tcp, udp6, tcp6 [udp]:")
 AVAILABLE_PROTOCOLS = ["udp", "tcp", "udp6", "tcp6"]
@@ -65,6 +70,7 @@ if len(dns2) == 0:
 
 # Write to server config
 vars = [
+    ("$OUT_INT", out_int),
     ("$PROTO", protocol),
     ("$PORT", port),
     ("$NETWORK_ADDRESS", network),

root/defaults/example/config/basic_routed/hooks/down/10-network.sh

@@ -8,6 +8,6 @@
 ovpn-iptables -D INPUT -p udp -m udp --dport $PORT -j ACCEPT -m comment --comment "Open OpenVPN port"
 
 # Disable Routing Internet <--> VPN network
-ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o eth0 -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
-ovpn-iptables -D FORWARD -i eth0 -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"
+ovpn-iptables -D FORWARD -i tun0 -s $NETWORK_ADDRESS/24 -o $OUT_INT -j ACCEPT -m comment --comment "Allow traffic VPN --> Internet"
+ovpn-iptables -D FORWARD -i $OUT_INT -d $NETWORK_ADDRESS/24 -o tun0 -j ACCEPT -m comment --comment "Allow traffic Internet --> VPN"