Generate config depending on IP range

dappnode · Dec 29, 2023 · ff32436 · ff32436
1 parent 6991032
commit ff32436
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 30 deletions.
diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig
@@ -272,20 +272,6 @@ while getopts ":a:e:E:C:T:r:s:du:bcp:n:k:DNm:f:tz2" opt; do
   esac
 done
 
-# HARDCODED CONFIG AFTER IP RANGE MIGRATION
-
-echo "Applying config after IP range migration to private IP block..."
-
-# Set DNS servers to Bind
-OVPN_DNS_SERVERS=("10.20.0.2")
-
-# Set server subnet
-OVPN_SERVER="10.20.0.240/28"
-
-# Push route to server subnet
-#OVPN_PUSH=("route 10.20.0.0 255.255.255.0")
-OVPN_PUSH=("route")
-
 # Create ccd directory for static routes
 [ ! -d "${OPENVPN:-}/ccd" ] && mkdir -p ${OPENVPN:-}/ccd
 

diff --git a/src/package.json b/src/package.json
@@ -41,7 +41,7 @@
     "@types/ip": "^1.1.0",
     "@types/lodash": "^4.14.157",
     "@types/mocha": "^7.0.2",
-    "@types/node": "^14.0.14",
+    "@types/node": "^14.0.27",
     "@types/prettyjson": "^0.0.29",
     "@types/proxyquire": "^1.3.28",
     "@types/sinon": "^9.0.4",

diff --git a/src/src/openvpn/openvpnConfig.ts b/src/src/openvpn/openvpnConfig.ts
@@ -3,6 +3,17 @@ import { shell, shellArgs } from "../utils/shell";
 import { directoryIsEmptyOrEnoent } from "../utils/fs";
 import { PKI_PATH, PROXY_ARP_PATH } from "../params";
 import { logs } from "../logs";
+import { getDockerContainerIP } from "../utils/getDockerContainerIp";
+
+type OvpnGenConfigFlags = {
+  c: string; // Enable traffic among the clients connected to the VPN (Boolean, no value)
+  d: string; // Disable default route (disables NAT without '-N'). Only specific traffic will go through the VPN (Boolean, no value)
+  u: string; // Hostname the clients will use to connect to the VPN
+  s: string; // Subnet the server will use to assign IPs to the clients
+  p: string; // Route to push to the client
+  n: string; // DNS server (BIND)
+  // There are more flags available, but we don't need them here
+};
 
 /**
  * Initializes the OpenVPN configuration
@@ -14,26 +25,42 @@ export async function initalizeOpenVpnConfig(hostname: string): Promise<void> {
     OVPN_CN: hostname,
     EASYRSA_REQ_CN: hostname
   };
+  let genConfigFlags: OvpnGenConfigFlags;
 
   logs.info("Initializing OpenVPN configuration");
 
-  // Initialize config and PKI
-  // -c: Enable traffic among the clients connected to the VPN
-  // -d: Disable default route (disables NAT without '-N'). Only specific traffic will go through the VPN
-  // -u "udp://<hostname>": Hostname the clients will use to connect to the VPN
-  // -s Subnet the server will use to assign IPs to the clients
-  // -p "route 10.20.0.0 255.255.255.0": Route to push to the client
-  // -n "10.20.0.2": DNS server (BIND)
-  const output = await shellArgs(
-    "ovpn_genconfig",
-    {
-      c: true,
-      d: true,
+  // Check current IP range
+  const containerIp = getDockerContainerIP();
+
+  // If container IP is inside 172.33.0.0/16 --> generate credentials A
+  if (containerIp && containerIp.startsWith("172.33.")) {
+    logs.info("Generating credentials for IP range 172.33.0.0/16");
+    genConfigFlags = {
+      c: "",
+      d: "",
+      u: `udp://"${hostname}"`,
+      s: "172.33.8.0/22",
+      p: `"route 172.33.0.0 255.255.0.0"`,
+      n: `"172.33.1.2"`
+    };
+
+    // Else (default, but it should be 10.20.0.0/24) --> generate credentials B
+  } else {
+    logs.info("Generating credentials for IP range 10.20.0.0/24");
+    genConfigFlags = {
+      c: "",
+      d: "",
       u: `udp://"${hostname}"`,
       s: "10.20.0.240/28",
       p: `"route 10.20.0.0 255.255.255.0"`,
-      n: `"10.20.0.2, 172.33.1.2"`
-    },
+      n: `"10.20.0.2"`
+    };
+  }
+
+  // Initialize config and PKI
+  const output = await shellArgs(
+    "ovpn_genconfig",
+    genConfigFlags,
     { env: { ...process.env, ...openVpnEnv } }
   );
 

diff --git a/src/src/utils/getDockerContainerIp.ts b/src/src/utils/getDockerContainerIp.ts
@@ -0,0 +1,24 @@
+import os from 'os';
+import { logs } from '../logs';
+
+export function getDockerContainerIP(): string | null {
+    const networkInterfaces = os.networkInterfaces();
+
+    // Docker typically uses eth0 as the first network interface for bridge networks
+    const eth0 = networkInterfaces['eth0'];
+
+    if (!eth0) {
+        logs.error('Network interface eth0 not found.');
+        return null;
+    }
+
+    // Filter for IPv4 address
+    const ipv4 = eth0.find(info => info.family === 'IPv4');
+
+    if (!ipv4) {
+        console.error('IPv4 address for eth0 not found.');
+        return null;
+    }
+
+    return ipv4.address;
+}
diff --git a/src/yarn.lock b/src/yarn.lock
@@ -239,11 +239,16 @@
   resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-7.0.2.tgz#b17f16cf933597e10d6d78eae3251e692ce8b0ce"
   integrity sha512-ZvO2tAcjmMi8V/5Z3JsyofMe3hasRcaw88cto5etSVMwVQfeivGAlEYmaQgceUSVYFofVjT+ioHsATjdWcFt1w==
 
-"@types/node@*", "@types/node@^14.0.14":
+"@types/node@*":
   version "14.0.27"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-14.0.27.tgz#a151873af5a5e851b51b3b065c9e63390a9e0eb1"
   integrity sha512-kVrqXhbclHNHGu9ztnAwSncIgJv/FaxmzXJvGXNdcCpV1b8u1/Mi6z6m0vwy0LzKeXFTPLH0NzwmoJ3fNCIq0g==
 
+"@types/node@^14.0.27":
+  version "14.18.63"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-14.18.63.tgz#1788fa8da838dbb5f9ea994b834278205db6ca2b"
+  integrity sha512-fAtCfv4jJg+ExtXhvCkCqUKZ+4ok/JQk01qDKhL5BDDoS3AxKXhV5/MAVUZyQnSEd2GT92fkgZl0pz0Q0AzcIQ==
+
 "@types/prettyjson@^0.0.29":
   version "0.0.29"
   resolved "https://registry.yarnpkg.com/@types/prettyjson/-/prettyjson-0.0.29.tgz#3d9176d583e1839aa5c83b088487003652ce38ff"