diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index f8b261e..1e1dbd8 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -6,20 +6,37 @@ set -ex -server_url=$1 -[ -z "$server_url" ] && server_url=$(cat "$OPENVPN/server_url" 2> /dev/null) +OVPN_ENV=$OPENVPN/ovpn_env.sh -if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then - proto=${BASH_REMATCH[2]}; - port=${BASH_REMATCH[5]}; +# Import defaults if present +[ -r "$OVPN_ENV" ] && source "$OVPN_ENV" + +# Override config if set +[ -n "$1" ] && OVPN_SERVER_URL="$1" + +# Server name is in the form "udp://vpn.example.com:1194" +if [[ "$OVPN_SERVER_URL" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then + OVPN_PROTO=${BASH_REMATCH[2]}; + OVPN_CN=${BASH_REMATCH[3]}; + OVPN_PORT=${BASH_REMATCH[5]}; else echo "Common name not specified" exit 1 fi # Apply defaults -[ -z "$proto" ] && proto=1194 -[ -z "$port" ] && port=udp +[ -z "$OVPN_PROTO" ] && OVPN_PROTO=udp +[ -z "$OVPN_PORT" ] && OVPN_PORT=1194 + + +# Preserve config +if [ -f "$OVPN_ENV" ]; then + bak_env=$OVPN_ENV.$(date +%s).bak + echo "Backing up $OVPN_ENV -> $bak_env" + mv "$OVPN_ENV" "$bak_env" +fi +export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT +env | grep ^OVPN_ > "$OVPN_ENV" conf=$OPENVPN/openvpn.conf if [ -f "$conf" ]; then @@ -32,9 +49,9 @@ cat > "$conf" < /dev/null && rm "$bak_env" || true +diff -q "$bak" "$conf" 2> /dev/null && rm "$bak" || true diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient index 4def85b..14de814 100755 --- a/bin/ovpn_getclient +++ b/bin/ovpn_getclient @@ -6,27 +6,10 @@ set -ex -if [ -s "$OPENVPN/server_url" ]; then - server_url=$(cat "$OPENVPN/server_url" 2> /dev/null) -else - # TODO Backwards compatible, need to throw away eventually - server_url=$(cat "$OPENVPN/servername" 2> /dev/null) -fi +source "$OPENVPN/ovpn_env.sh" +cn=$1 -if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then - proto=${BASH_REMATCH[2]}; - servername=${BASH_REMATCH[3]}; - port=${BASH_REMATCH[5]}; -else - echo "Common name not specified" - exit 1 -fi - -# Apply defaults -[ -z "$proto" ] && proto=1194 -[ -z "$port" ] && port=udp - -if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then +if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then easyrsa build-server-full $cn nopass fi @@ -38,10 +21,10 @@ redirect-gateway def1 remote-cert-tls server -$(cat $EASYRSA_PKI/private/$cn.key) +$(cat $EASYRSA_PKI/private/${cn}.key) -$(cat $EASYRSA_PKI/issued/$cn.crt) +$(cat $EASYRSA_PKI/issued/${cn}.crt) $(cat $EASYRSA_PKI/ca.crt) diff --git a/bin/ovpn_init b/bin/ovpn_init index 21a9fe2..65130ff 100755 --- a/bin/ovpn_init +++ b/bin/ovpn_init @@ -6,21 +6,10 @@ set -ex -server_url=$1 +# Generate the ovpn env file +ovpn_genconfig "$1" -# Server name is in the form "udp://vpn.example.com:1194" -if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then - proto=${BASH_REMATCH[2]}; - cn=${BASH_REMATCH[3]}; - port=${BASH_REMATCH[5]}; -else - echo "Common name not specified" - exit 1 -fi - -# Apply defaults -[ -z "$proto" ] && proto=1194 -[ -z "$port" ] && port=udp +source "$OPENVPN/ovpn_env.sh" # Specify "nopass" as arg[2] to make the CA insecure nopass=$2 @@ -46,9 +35,5 @@ openvpn --genkey --secret $OPENVPN/pki/ta.key # [ -n "$ptr" ] && cn=$ptr || cn=$ip4 #fi -echo "$server_url" > $OPENVPN/server_url - # For a server key with a password, manually init; this is autopilot -easyrsa build-server-full $cn nopass - -ovpn_genconfig "$cn" +easyrsa build-server-full "$OVPN_CN" nopass