#!/bin/sh # Automatically sets up OpenVPN access on Debian Squeeze, with # sending mails over the VPN, gid-based selection of default # route over the VPN (have one firefox for normal browsing, # another for VPN browsing), and NetworkManager integration. echo Packages setup... apt-get install openvpn network-manager-openvpn echo Setting up kamvpn group... echo kamvpn:x:1500:kam >>/etc/group echo Setting up routing table kamvpn... echo -e '64\tkamvpn' >>/etc/iproute2/rt_tables echo Setting up exim4 to send mail over VPN... sed -i -e "s/dc_eximconfig_configtype='local'/dc_eximconfig_configtype='satellite'/; s/$(hostname)$.kam.hide*$*/$(hostname)-vpn.kam.hide/; s/dc_smarthost=.*/dc_smarthost='10.10.8.2'/" /etc/exim4/update-exim4.conf.conf echo kam.mff.cuni.cz >/etc/mailname dpkg-reconfigure -f noninteractive exim4-config echo Setting up iptables configuration... cat >/etc/network/iptables </usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper </dev/null # Nameservers must still go in the ordinary fashion. defgw=\$(ip ro show | grep default | perl -lne '/via (.*?) /; print \$1;') defdev=\$(ip ro show | grep default | perl -lne '/dev (.*?)\$/; print \$1;') grep nameserver /etc/resolv.conf | cut -d ' ' -f 2 | while read ns; do ip route add \$ns via \$defgw dev \$defdev table kamvpn done ip route add default via \$ifconfig_remote src \$ifconfig_local table kamvpn iptables -t nat -A POSTROUTING -o \$dev -j MASQUERADE exec /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper.distrib "\$@" EOT chmod a+x /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper echo Adding README chunk... cat >>/home/kam/Desktop/README </etc/NetworkManager/system-connections/kam <