Add openvpn.conf gerneration -f fragment directive option

This commit is contained in:
Rudi Starcevic 2016-04-06 15:06:02 +08:00
parent ed51116fb6
commit 74bfad0aac
2 changed files with 64 additions and 1 deletions

View File

@ -51,6 +51,7 @@ usage() {
echo " -a Authenticate packets with HMAC using the given message digest algorithm (auth)." echo " -a Authenticate packets with HMAC using the given message digest algorithm (auth)."
echo " -z Enable comp-lzo compression." echo " -z Enable comp-lzo compression."
echo " -2 Enable two factor authentication using Google Authenticator." echo " -2 Enable two factor authentication using Google Authenticator."
echo " -f Set the fragment directive."
} }
if [ "$DEBUG" == "1" ]; then if [ "$DEBUG" == "1" ]; then
@ -80,7 +81,7 @@ OVPN_AUTH=''
[ -r "$OVPN_ENV" ] && source "$OVPN_ENV" [ -r "$OVPN_ENV" ] && source "$OVPN_ENV"
# Parse arguments # Parse arguments
while getopts ":a:C:T:r:s:du:cp:n:DNm:tz2" opt; do while getopts ":a:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
case $opt in case $opt in
a) a)
OVPN_AUTH="$OPTARG" OVPN_AUTH="$OPTARG"
@ -130,6 +131,9 @@ while getopts ":a:C:T:r:s:du:cp:n:DNm:tz2" opt; do
2) 2)
OVPN_OTP_AUTH=1 OVPN_OTP_AUTH=1
;; ;;
f)
OVPN_FRAGMENT=$OPTARG
;;
\?) \?)
set +x set +x
echo "Invalid option: -$OPTARG" >&2 echo "Invalid option: -$OPTARG" >&2
@ -177,6 +181,7 @@ export OVPN_CLIENT_TO_CLIENT OVPN_PUSH OVPN_NAT OVPN_DNS OVPN_MTU OVPN_DEVICE
export OVPN_TLS_CIPHER OVPN_CIPHER OVPN_AUTH export OVPN_TLS_CIPHER OVPN_CIPHER OVPN_AUTH
export OVPN_COMP_LZO export OVPN_COMP_LZO
export OVPN_OTP_AUTH export OVPN_OTP_AUTH
export OVPN_FRAGMENT
# Preserve config # Preserve config
if [ -f "$OVPN_ENV" ]; then if [ -f "$OVPN_ENV" ]; then
@ -223,6 +228,8 @@ EOF
[ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf" [ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf"
[ -n "$OVPN_COMP_LZO" ] && echo "comp-lzo" >> "$conf" [ -n "$OVPN_COMP_LZO" ] && echo "comp-lzo" >> "$conf"
[ -n "$OVPN_FRAGMENT" ] && echo "fragment $OVPN_FRAGMENT" >> "$conf"
[ "$OVPN_DNS" == "1" ] && for i in "${OVPN_DNS_SERVERS[@]}"; do [ "$OVPN_DNS" == "1" ] && for i in "${OVPN_DNS_SERVERS[@]}"; do
echo "push dhcp-option DNS $i" >> "$conf" echo "push dhcp-option DNS $i" >> "$conf"
done done

View File

@ -0,0 +1,56 @@
#!/bin/bash
OVPN_DATA=opvn-data
IMG=kylemanna/openvpn
IMG=rudijs/docker-openvpne:1.0.0
# Function to fail
abort() { cat <<< "$@" 1>&2; exit 1; }
#
# Create a docker container with the config data
#
sudo docker run --name $OVPN_DATA -v /etc/openvpn busybox
#
# Generate openvpn.config file
#
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
sudo docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_genconfig -u udp://$SERV_IP -f 1400
#
# grep for config lines from openvpn.conf
# add more tests for more configs as required
#
# 1. verb config
CONFIG_REQUIRED_VERB="verb 3"
CONFIG_MATCH_VERB=$(sudo docker run --rm -it --volumes-from $OVPN_DATA busybox grep verb /etc/openvpn/openvpn.conf)
# 2. fragment config
CONFIG_REQUIRED_FRAGMENT="fragment 1400"
CONFIG_MATCH_FRAGMENT=$(sudo docker run --rm -it --volumes-from $OVPN_DATA busybox grep fragment /etc/openvpn/openvpn.conf)
#
# Clean up
#
# sudo docker rm -f $OVPN_DATA
#
# Tests
#
if [[ $CONFIG_MATCH_VERB =~ $CONFIG_REQUIRED_VERB ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_VERB == $CONFIG_MATCH_VERB"
else
abort "==> Config match not found: $CONFIG_REQUIRED_VERB != $CONFIG_MATCH_VERB"
fi
if [[ $CONFIG_MATCH_FRAGMENT =~ $CONFIG_REQUIRED_FRAGMENT ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_FRAGMENT == $CONFIG_MATCH_FRAGMENT"
else
abort "==> Config match not found: $CONFIG_REQUIRED_FRAGMENT != $CONFIG_MATCH_FRAGMENT"
fi