So now we have our daemons with multiple tunnels so how do we keep them uptodate. Below is the script i use to update the config. it preforms some simple error checking to avoid restarting the tunnels unnecessarily so you could possibly run it from cron
#!/bin/bash UK_URL="http://vpn.hidemyass.com/vpnconfig/client_config.php?win=1&loc=UK,+London+(LOC1+S1)" US_URL="http://vpn.hidemyass.com/vpnconfig/client_config.php?win=1&loc=USA,+New+York+(DC2+S1)" UK_DOMAINS="www.bbc.co.uk www.itv.co.uk mercury.itv.com www.channel4.com ais.channel4.com ll.securestream.channel4.com" US_DOMAINS="www.hulu.com www.vevo.com www.crackle.com" declare -A DOMAINS=(["uk"]=${UK_DOMAINS} ["us"]=${US_DOMAINS}) declare -A URL=(["uk"]=${UK_URL} ["us"]=${US_URL}) for COUNTRY in us uk do TMPFILE=`mktemp` || exit 1 wget "${URL[${COUNTRY}]}" -O ${TMPFILE} || exit 1 sed -i -e 's/\.\/keys\//\/etc\/openvpn\/keys\//g' -e 's/^auth-user-pass/auth-user-pass \/etc\/openvpn\/up/' ${TMPFILE} echo "route-nopull" >> ${TMPFILE} echo "max-routes 10240" >> ${TMPFILE} for DOMAIN in ${DOMAINS[${COUNTRY}]} do echo origin $(dig +short ${DOMAIN} | tail -1) | \ nc asn.shadowserver.org 43 | awk '{print "prefix",$1}' | \ nc asn.shadowserver.org 43 | \ while read line do echo -en "route " ipcalc --nocolor --nobinary ${line} | awk '/(Address|Netmask)/ {printf "%s ", $2}' echo done done | sort | uniq >> ${TMPFILE} O_HASH=$(md5sum /etc/openvpn/openvpn-${COUNTRY}.cfg | awk '{print $1}') N_HASH=$(md5sum ${TMPFILE} | awk '{print $1}') if [ "${O_HASH}" != "${N_HASH}" ] then echo "${O_HASH}" echo "${N_HASH}" echo "/etc/openvpn/openvpn-${COUNTRY}.cfg has changed" mv ${TMPFILE} /etc/openvpn/openvpn-${COUNTRY}.cfg svc -d /service/openvpn-${COUNTRY} svc -u /service/openvpn-${COUNTRY} else rm ${TMPFILE} fi done