container-openvpn/bin/ovpn_getclient

#!/bin/bash

#
# Get an OpenVPN client configuration file
#

if [ "$DEBUG" == "1" ]; then
  set -x
fi

set -e

source "$OPENVPN/ovpn_env.sh"
cn=$1

if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
    echo "Unable to find ${cn}, please try again or generate the key first"
    exit 1
fi

cat <<EOF
client
nobind
dev tun
remote-cert-tls server

<key>
$(cat $EASYRSA_PKI/private/${cn}.key)
</key>
<cert>
$(cat $EASYRSA_PKI/issued/${cn}.crt)
</cert>
<ca>
$(cat $EASYRSA_PKI/ca.crt)
</ca>
<dh>
$(cat $EASYRSA_PKI/dh.pem)
</dh>
<tls-auth>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
key-direction 1

remote $OVPN_CN $OVPN_PORT $OVPN_PROTO
EOF

if [ "$OVPN_DEFROUTE" != "0" ];then
    echo "redirect-gateway def1"
fi

if [ -n "$OVPN_MTU" ]; then
    echo "tun-mtu $OVPN_MTU"
fi
ovpn: Convert from servername -> server_url * Previously the server name cached the common name generated during init and assumed always 1194/udp. * The new configuration allows for users to pass in a url in a new form that allows the protocol to be specified as well as the port. * Example: udp://vpn.example.com:1194 * Try to be backwards compatible. 2014-07-01 05:43:00 +00:00			`#!/bin/bash`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00
			`#`
			`# Get an OpenVPN client configuration file`
			`#`

Disable bash debug (xtrace) by default, re-enable with -e DEBUG=1 2015-02-28 10:45:31 +00:00			`if [ "$DEBUG" == "1" ]; then`
			`set -x`
			`fi`

			`set -e`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00
env: Re-work environment code * Instead of storing just a server_url which was necessary to regenerate the OpenVPN configs, instead store an env file. * Move all the env parsing to `ovpn_genconfig` so that it can be re-run from genconfig instead of from `ovpn_init`. * Remove all the parsing and env defaults except for genconfig. NOTE: This breaks the older config method, uesrs will need to re-run genconfig with an arg[1] as the previous server_url, this will create the necessary env file the rest of the tools expect. Example recovery for legacy users: host$ docker run --rm -it kylemanna/openvpn bash -l container# ovpn_genconfig $(cat /etc/openvpn/server_url) 2014-07-06 01:51:58 +00:00			`source "$OPENVPN/ovpn_env.sh"`
			`cn=$1`
ovpn: Convert from servername -> server_url * Previously the server name cached the common name generated during init and assumed always 1194/udp. * The new configuration allows for users to pass in a url in a new form that allows the protocol to be specified as well as the port. * Example: udp://vpn.example.com:1194 * Try to be backwards compatible. 2014-07-01 05:43:00 +00:00
env: Re-work environment code * Instead of storing just a server_url which was necessary to regenerate the OpenVPN configs, instead store an env file. * Move all the env parsing to `ovpn_genconfig` so that it can be re-run from genconfig instead of from `ovpn_init`. * Remove all the parsing and env defaults except for genconfig. NOTE: This breaks the older config method, uesrs will need to re-run genconfig with an arg[1] as the previous server_url, this will create the necessary env file the rest of the tools expect. Example recovery for legacy users: host$ docker run --rm -it kylemanna/openvpn bash -l container# ovpn_genconfig $(cat /etc/openvpn/server_url) 2014-07-06 01:51:58 +00:00			`if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then`
getclient: Do not autogenerate key * Do not autogenerate a key if it does not exist. Instead fail. * Requires users to explicitly generate keys and prevents generating erroneous keys in the event of a typo. 2014-07-10 16:53:24 +00:00			`echo "Unable to find ${cn}, please try again or generate the key first"`
			`exit 1`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00			`fi`

			`cat <<EOF`
			`client`
			`nobind`
			`dev tun`
ovpn_getclient: Verify server certificate * Verify the server's certificate to avoid MITM attacks 2014-06-04 22:38:49 +00:00			`remote-cert-tls server`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00
			`<key>`
env: Re-work environment code * Instead of storing just a server_url which was necessary to regenerate the OpenVPN configs, instead store an env file. * Move all the env parsing to `ovpn_genconfig` so that it can be re-run from genconfig instead of from `ovpn_init`. * Remove all the parsing and env defaults except for genconfig. NOTE: This breaks the older config method, uesrs will need to re-run genconfig with an arg[1] as the previous server_url, this will create the necessary env file the rest of the tools expect. Example recovery for legacy users: host$ docker run --rm -it kylemanna/openvpn bash -l container# ovpn_genconfig $(cat /etc/openvpn/server_url) 2014-07-06 01:51:58 +00:00			`$(cat $EASYRSA_PKI/private/${cn}.key)`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00			`</key>`
			`<cert>`
env: Re-work environment code * Instead of storing just a server_url which was necessary to regenerate the OpenVPN configs, instead store an env file. * Move all the env parsing to `ovpn_genconfig` so that it can be re-run from genconfig instead of from `ovpn_init`. * Remove all the parsing and env defaults except for genconfig. NOTE: This breaks the older config method, uesrs will need to re-run genconfig with an arg[1] as the previous server_url, this will create the necessary env file the rest of the tools expect. Example recovery for legacy users: host$ docker run --rm -it kylemanna/openvpn bash -l container# ovpn_genconfig $(cat /etc/openvpn/server_url) 2014-07-06 01:51:58 +00:00			`$(cat $EASYRSA_PKI/issued/${cn}.crt)`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00			`</cert>`
			`<ca>`
			`$(cat $EASYRSA_PKI/ca.crt)`
			`</ca>`
			`<dh>`
			`$(cat $EASYRSA_PKI/dh.pem)`
			`</dh>`
tls-auth: Enable tls-auth for security * Enabling tls-auth improves security and helps protect against DDoS. 2014-06-04 22:34:42 +00:00			`<tls-auth>`
			`$(cat $EASYRSA_PKI/ta.key)`
			`</tls-auth>`
			`key-direction 1`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00
getclient: Fix sourced env variables * Update to use the sourced environemental variables. * Add switch for not using default gateway. 2014-07-06 07:25:14 +00:00			`remote $OVPN_CN $OVPN_PORT $OVPN_PROTO`
openvpn.sh: Split in to smaller scripts * Split soon to be massive wrapper into smaller managable scripts. * Re-organized Dockerfile to exploit cache when rebuilding 2014-06-04 18:13:59 +00:00			`EOF`
getclient: Fix sourced env variables * Update to use the sourced environemental variables. * Add switch for not using default gateway. 2014-07-06 07:25:14 +00:00
			`if [ "$OVPN_DEFROUTE" != "0" ];then`
			`echo "redirect-gateway def1"`
			`fi`
Support client mtu push 2015-01-17 09:07:52 +00:00
Return correct exit status 2015-02-20 19:46:50 +00:00			`if [ -n "$OVPN_MTU" ]; then`
			`echo "tun-mtu $OVPN_MTU"`
			`fi`