Initial commit

2014-03-31 23:18:29 +02:00 · 2014-03-31 23:18:29 +02:00 · a363bde348
commit a363bde348
15 changed files with 1189 additions and 0 deletions
--- a/files/etc/iptables/rules.v4
+++ b/files/etc/iptables/rules.v4
@ -0,0 +1,26 @@
+# Generated by iptables-save v1.4.14 on Sun Mar 24 14:14:50 2013
+*filter
+:INPUT ACCEPT [273:40363]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [194:28568]
+COMMIT
+# Completed on Mon Mar 25 19:41:40 2013
+# Generated by iptables-save v1.4.14 on Mon Mar 25 19:41:40 2013
+*mangle
+:PREROUTING ACCEPT [286:41734]
+:INPUT ACCEPT [273:40363]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [194:28568]
+:POSTROUTING ACCEPT [194:28568]
+-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
+COMMIT
+# Completed on Mon Mar 25 19:41:40 2013
+# Generated by iptables-save v1.4.14 on Mon Mar 25 19:41:40 2013
+*nat
+:PREROUTING ACCEPT [15:1459]
+:INPUT ACCEPT [2:88]
+:OUTPUT ACCEPT [1:74]
+:POSTROUTING ACCEPT [1:74]
+-A POSTROUTING -o mullvad -j MASQUERADE
+COMMIT
+# Completed on Mon Mar 25 19:41:40 2013
--- a/files/etc/openvpn/mullvad.conf
+++ b/files/etc/openvpn/mullvad.conf
@ -0,0 +1,45 @@
+client
+
+dev mullvad
+dev-type tun
+
+proto udp
+
+remote nl.mullvad.net # Servers in the Netherlands
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Enable compression on the VPN link.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+remote-cert-tls server
+
+ping-restart 60
+
+# Allow calling of built-in executables and user-defined scripts.
+script-security 2
+
+# Parses DHCP options from openvpn to update resolv.conf
+route-noexec
+up    /etc/openvpn/mullvad/mullvad-up
+
+ping 10
+
+ca /etc/openvpn/mullvad/ca.crt
+cert /etc/openvpn/mullvad/client.crt
+key /etc/openvpn/mullvad/client.key