Acabei de colocar o script de proxy no lado do servidor (houve basicamente um problema de escape bash) em ~root/.ssh/get_client_ip.bash
(ele fornece o IP para CommonName correspondente de openvpn
client):
#! /usr/bin/env bash
nc $( awk -F ',' '/^'$( sed 's/\./\&/g' <<< "${1:$3}" )',/ { print $2 }' /etc/openvpn/ipp.txt | awk -F '.' -v OFS='.' '{ print $1, $2, $3, ($4 + 2) }' ) $2
Ou com base em status server-status.log
(apenas para clientes realmente conectados):
nc $( awk '/ROUTING TABLE/, /GLOBAL STATS/' /etc/openvpn/server-status.log | head --lines=-1 | tail --lines=+3 | awk -F ',' '/,'$( sed 's/\./\&/g' <<< "${1:$3}" )',/ { print $1 }' ) $2
E um pouco modificado ~user/.ssh/config
na minha máquina local:
Host *
IdentityFile ~/.ssh/id_rsa.user
IdentityFile ~/.ssh/id_rsa.root
ForwardAgent yes
Compression yes
Host server rserver
HostName server
Host rclient* rserver
User root
Host client* server
User user
Host rclient*
ProxyCommand ssh rserver bash ~root/.ssh/get_client_ip.bash %h %p 1
Host client*
ProxyCommand ssh rserver bash ~root/.ssh/get_client_ip.bash %h %p 0
Host 172.16.*
ProxyCommand ssh -T -W %h:%p server
Host 192.168.1.*
Compression no