allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

env: Re-work environment code

Browse Source 
* Instead of storing just a server_url which was necessary to
  regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
  from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.

NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.

Example recovery for legacy users:

    host$ docker run --rm -it kylemanna/openvpn bash -l
    container# ovpn_genconfig $(cat /etc/openvpn/server_url)
This commit is contained in:
Kyle Manna 2014-07-05 18:51:58 -07:00
parent 60671e6819
commit 852d404c12
3 changed files with 40 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
bin/ovpn_genconfig
View File

@ -6,20 +6,37 @@
set -ex set -ex
server_url=$1 OVPN_ENV=$OPENVPN/ovpn_env.sh
[ -z "$server_url" ] && server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then # Import defaults if present
proto=${BASH_REMATCH[2]}; [ -r "$OVPN_ENV" ] && source "$OVPN_ENV"
port=${BASH_REMATCH[5]};
# Override config if set
[ -n "$1" ] && OVPN_SERVER_URL="$1"
# Server name is in the form "udp://vpn.example.com:1194"
if [[ "$OVPN_SERVER_URL" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
OVPN_PROTO=${BASH_REMATCH[2]};
OVPN_CN=${BASH_REMATCH[3]};
OVPN_PORT=${BASH_REMATCH[5]};
else else
echo "Common name not specified" echo "Common name not specified"
exit 1 exit 1
fi fi
# Apply defaults # Apply defaults
[ -z "$proto" ] && proto=1194 [ -z "$OVPN_PROTO" ] && OVPN_PROTO=udp
[ -z "$port" ] && port=udp [ -z "$OVPN_PORT" ] && OVPN_PORT=1194
# Preserve config
if [ -f "$OVPN_ENV" ]; then
bak_env=$OVPN_ENV.$(date +%s).bak
echo "Backing up $OVPN_ENV -> $bak_env"
mv "$OVPN_ENV" "$bak_env"
fi
export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT
env | grep ^OVPN_ > "$OVPN_ENV"
conf=$OPENVPN/openvpn.conf conf=$OPENVPN/openvpn.conf
if [ -f "$conf" ]; then if [ -f "$conf" ]; then
@ -32,9 +49,9 @@ cat > "$conf" <<EOF
server 192.168.255.0 255.255.255.0 server 192.168.255.0 255.255.255.0
verb 3 verb 3
#duplicate-cn #duplicate-cn
key $EASYRSA_PKI/private/$cn.key key $EASYRSA_PKI/private/$OVPN_CN.key
ca $EASYRSA_PKI/ca.crt ca $EASYRSA_PKI/ca.crt
cert $EASYRSA_PKI/issued/$cn.crt cert $EASYRSA_PKI/issued/$OVPN_CN.crt
dh $EASYRSA_PKI/dh.pem dh $EASYRSA_PKI/dh.pem
tls-auth $EASYRSA_PKI/ta.key tls-auth $EASYRSA_PKI/ta.key
key-direction 0 key-direction 0
@ -47,11 +64,12 @@ push "dhcp-option DNS 8.8.8.8"
client-config-dir $OPENVPN/ccd client-config-dir $OPENVPN/ccd
route 192.168.254.0 255.255.255.0 route 192.168.254.0 255.255.255.0
proto $proto proto $OVPN_PROTO
port $port port $OVPN_PORT
dev tun0 dev tun0
status /tmp/openvpn-status.log status /tmp/openvpn-status.log
EOF EOF
# Clean-up duplicate configs # Clean-up duplicate configs (always return success)
diff -q "$bak" "$conf" && rm "$bak" diff -q "$bak_env" "$OVPN_ENV" 2> /dev/null && rm "$bak_env" || true
diff -q "$bak" "$conf" 2> /dev/null && rm "$bak" || true

27
bin/ovpn_getclient
View File

@ -6,27 +6,10 @@
set -ex set -ex
if [ -s "$OPENVPN/server_url" ]; then source "$OPENVPN/ovpn_env.sh"
server_url=$(cat "$OPENVPN/server_url" 2> /dev/null) cn=$1
else
# TODO Backwards compatible, need to throw away eventually
server_url=$(cat "$OPENVPN/servername" 2> /dev/null)
fi
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
proto=${BASH_REMATCH[2]};
servername=${BASH_REMATCH[3]};
port=${BASH_REMATCH[5]};
else
echo "Common name not specified"
exit 1
fi
# Apply defaults
[ -z "$proto" ] && proto=1194
[ -z "$port" ] && port=udp
if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
easyrsa build-server-full $cn nopass easyrsa build-server-full $cn nopass
fi fi
@ -38,10 +21,10 @@ redirect-gateway def1
remote-cert-tls server remote-cert-tls server
<key> <key>
$(cat $EASYRSA_PKI/private/$cn.key) $(cat $EASYRSA_PKI/private/${cn}.key)
</key> </key>
<cert> <cert>
$(cat $EASYRSA_PKI/issued/$cn.crt) $(cat $EASYRSA_PKI/issued/${cn}.crt)
</cert> </cert>
<ca> <ca>
$(cat $EASYRSA_PKI/ca.crt) $(cat $EASYRSA_PKI/ca.crt)

23
bin/ovpn_init
View File

@ -6,21 +6,10 @@
set -ex set -ex
server_url=$1 # Generate the ovpn env file
ovpn_genconfig "$1"
# Server name is in the form "udp://vpn.example.com:1194" source "$OPENVPN/ovpn_env.sh"
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
proto=${BASH_REMATCH[2]};
cn=${BASH_REMATCH[3]};
port=${BASH_REMATCH[5]};
else
echo "Common name not specified"
exit 1
fi
# Apply defaults
[ -z "$proto" ] && proto=1194
[ -z "$port" ] && port=udp
# Specify "nopass" as arg[2] to make the CA insecure # Specify "nopass" as arg[2] to make the CA insecure
nopass=$2 nopass=$2
@ -46,9 +35,5 @@ openvpn --genkey --secret $OPENVPN/pki/ta.key
# [ -n "$ptr" ] && cn=$ptr || cn=$ip4 # [ -n "$ptr" ] && cn=$ptr || cn=$ip4
#fi #fi
echo "$server_url" > $OPENVPN/server_url
# For a server key with a password, manually init; this is autopilot # For a server key with a password, manually init; this is autopilot
easyrsa build-server-full $cn nopass easyrsa build-server-full "$OVPN_CN" nopass
ovpn_genconfig "$cn"