allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Merge pull request #160 from slamont/master

Browse Source 
Add multiple extra config option
This commit is contained in:
Kyle Manna 2016-09-20 09:36:01 -07:00 committed by GitHub
commit 97f8677a03
2 changed files with 104 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
bin/ovpn_genconfig
View File

@ -4,6 +4,50 @@
# Generate OpenVPN configs # Generate OpenVPN configs
# #
TMP_EXTRA_CONFIGFILE=$(mktemp -t vpn_extra.XXXXXXX)
#Traceback on Error and Exit come from https://docwhat.org/tracebacks-in-bash/
set -eu
_showed_traceback=f
traceback() {
# Hide the traceback() call.
local -i start=$(( ${1:-0} + 1 ))
local -i end=${#BASH_SOURCE[@]}
local -i i=0
local -i j=0
echo "Traceback (last called is first):" 1>&2
for ((i=${start}; i < ${end}; i++)); do
j=$(( $i - 1 ))
local function="${FUNCNAME[$i]}"
local file="${BASH_SOURCE[$i]}"
local line="${BASH_LINENO[$j]}"
echo " ${function}() in ${file}:${line}" 1>&2
done
}
on_error() {
local _ec="$?"
local _cmd="${BASH_COMMAND:-unknown}"
traceback 1
_showed_traceback=t
echo "The command ${_cmd} exited with exit code ${_ec}." 1>&2
}
trap on_error ERR
on_exit() {
echo "Cleaning up before Exit ..."
rm -f $TMP_EXTRA_CONFIGFILE
local _ec="$?"
if [[ $_ec != 0 && "${_showed_traceback}" != t ]]; then
traceback 1
fi
}
trap on_exit EXIT
# Convert 1.2.3.4/24 -> 255.255.255.0 # Convert 1.2.3.4/24 -> 255.255.255.0
cidr2mask() cidr2mask()
{ {
@ -55,13 +99,28 @@ usage() {
echo " -z Enable comp-lzo compression." echo " -z Enable comp-lzo compression."
} }
if [ "$DEBUG" == "1" ]; then process_extra_config() {
local ovpn_extra_config=''
ovpn_extra_config="$1"
echo "Processing Extra Config: '${ovpn_extra_config}'"
[ -n "$ovpn_extra_config" ] && echo "$ovpn_extra_config" >> "$TMP_EXTRA_CONFIGFILE"
}
if [ "${DEBUG:-}" == "1" ]; then
set -x set -x
fi fi
set -e set -e
OVPN_ENV=$OPENVPN/ovpn_env.sh if [ -z "${OPENVPN:-}" ]; then
export OPENVPN="$PWD"
fi
if [ -z "${EASYRSA_PKI:-}" ]; then
export EASYRSA_PKI="$OPENVPN/pki"
fi
OVPN_ENV=${OPENVPN}/ovpn_env.sh
OVPN_SERVER=192.168.255.0/24 OVPN_SERVER=192.168.255.0/24
OVPN_DEFROUTE=1 OVPN_DEFROUTE=1
OVPN_NAT=0 OVPN_NAT=0
@ -89,7 +148,7 @@ while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
OVPN_AUTH="$OPTARG" OVPN_AUTH="$OPTARG"
;; ;;
e) e)
OVPN_EXTRA_CONFIG="$OPTARG" process_extra_config "$OPTARG"
;; ;;
C) C)
OVPN_CIPHER="$OPTARG" OVPN_CIPHER="$OPTARG"
@ -155,7 +214,7 @@ while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
done done
# Create ccd directory for static routes # Create ccd directory for static routes
[ ! -d "$OPENVPN/ccd" ] && mkdir -p $OPENVPN/ccd [ ! -d "${OPENVPN:-}/ccd" ] && mkdir -p ${OPENVPN:-}/ccd
# if new routes were not defined with -r, use default # if new routes were not defined with -r, use default
[ ${#TMP_ROUTES[@]} -gt 0 ] && OVPN_ROUTES=("${TMP_ROUTES[@]}") [ ${#TMP_ROUTES[@]} -gt 0 ] && OVPN_ROUTES=("${TMP_ROUTES[@]}")
@ -199,7 +258,7 @@ if [ -f "$OVPN_ENV" ]; then
fi fi
export | grep OVPN_ > "$OVPN_ENV" export | grep OVPN_ > "$OVPN_ENV"
conf=$OPENVPN/openvpn.conf conf=${OPENVPN:-}/openvpn.conf
if [ -f "$conf" ]; then if [ -f "$conf" ]; then
bak=$conf.$(date +%s).bak bak=$conf.$(date +%s).bak
echo "Backing up $conf -> $bak" echo "Backing up $conf -> $bak"
@ -234,12 +293,10 @@ EOF
[ -n "$OVPN_CIPHER" ] && echo "cipher $OVPN_CIPHER" >> "$conf" [ -n "$OVPN_CIPHER" ] && echo "cipher $OVPN_CIPHER" >> "$conf"
[ -n "$OVPN_AUTH" ] && echo "auth $OVPN_AUTH" >> "$conf" [ -n "$OVPN_AUTH" ] && echo "auth $OVPN_AUTH" >> "$conf"
[ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf" [ -n "${OVPN_CLIENT_TO_CLIENT:-}" ] && echo "client-to-client" >> "$conf"
[ -n "$OVPN_COMP_LZO" ] && echo "comp-lzo" >> "$conf" [ -n "${OVPN_COMP_LZO:-}" ] && echo "comp-lzo" >> "$conf"
[ -n "$OVPN_FRAGMENT" ] && echo "fragment $OVPN_FRAGMENT" >> "$conf" [ -n "${OVPN_FRAGMENT:-}" ] && echo "fragment $OVPN_FRAGMENT" >> "$conf"
[ -n "$OVPN_EXTRA_CONFIG" ] && echo "$OVPN_EXTRA_CONFIG" >> "$conf"
[ "$OVPN_DNS" == "1" ] && for i in "${OVPN_DNS_SERVERS[@]}"; do [ "$OVPN_DNS" == "1" ] && for i in "${OVPN_DNS_SERVERS[@]}"; do
echo "push dhcp-option DNS $i" >> "$conf" echo "push dhcp-option DNS $i" >> "$conf"
@ -252,24 +309,29 @@ for i in "${OVPN_ROUTES[@]}"; do
done done
# Append push commands # Append push commands
for i in "${OVPN_PUSH[@]}"; do if [ ! -z ${OVPN_PUSH[@]:-} ];then
echo "${OVPN_PUSH}"
for i in "${OVPN_PUSH[@]}"; do
echo push \"$i\" >> "$conf" echo push \"$i\" >> "$conf"
done done
fi
# Optional OTP authentication support # Optional OTP authentication support
if [ -n "$OVPN_OTP_AUTH" ]; then if [ -n "${OVPN_OTP_AUTH:-}" ]; then
echo -e "\n\n# Enable OTP+PAM for user authentication" >> "$conf" echo -e "\n\n# Enable OTP+PAM for user authentication" >> "$conf"
echo "plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn" >> "$conf" echo "plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn" >> "$conf"
fi fi
echo -e "\n### Extra Configurations Below" >> "$conf"
cat $TMP_EXTRA_CONFIGFILE >> "$conf"
set +e set +e
# Clean-up duplicate configs # Clean-up duplicate configs
if diff -q "$bak_env" "$OVPN_ENV" 2>/dev/null; then if diff -q "${bak_env:-}" "$OVPN_ENV" 2>/dev/null; then
echo "Removing duplicate back-up: $bak_env" echo "Removing duplicate back-up: $bak_env"
rm -fv "$bak_env" rm -fv "$bak_env"
fi fi
if diff -q "$bak" "$conf" 2>/dev/null; then if diff -q "${bak:-}" "$conf" 2>/dev/null; then
echo "Removing duplicate back-up: $bak" echo "Removing duplicate back-up: $bak"
rm -fv "$bak" rm -fv "$bak"
fi fi

28
test/tests/conf_options/container.sh
View File

@ -7,13 +7,13 @@ abort() { cat <<< "$@" 1>&2; exit 1; }
# #
# Generate openvpn.config file # Generate openvpn.config file
# #
read -d '' EXTRA_SERVER_CONF << EOF read -d '' MULTILINE_EXTRA_SERVER_CONF << EOF
management localhost 7505 management localhost 7505
max-clients 10 max-clients 10
EOF EOF
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1) SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
ovpn_genconfig -u udp://$SERV_IP -f 1400 -e "$EXTRA_SERVER_CONF" ovpn_genconfig -u udp://$SERV_IP -f 1400 -e "$MULTILINE_EXTRA_SERVER_CONF" -e "duplicate-cn" -e "topology subnet"
# #
# grep for config lines from openvpn.conf # grep for config lines from openvpn.conf
@ -28,6 +28,7 @@ CONFIG_MATCH_VERB=$(busybox grep verb /etc/openvpn/openvpn.conf)
CONFIG_REQUIRED_FRAGMENT="fragment 1400" CONFIG_REQUIRED_FRAGMENT="fragment 1400"
CONFIG_MATCH_FRAGMENT=$(busybox grep fragment /etc/openvpn/openvpn.conf) CONFIG_MATCH_FRAGMENT=$(busybox grep fragment /etc/openvpn/openvpn.conf)
## Tests for extra configs
# 3. management config # 3. management config
CONFIG_REQUIRED_MANAGEMENT="^management localhost 7505" CONFIG_REQUIRED_MANAGEMENT="^management localhost 7505"
CONFIG_MATCH_MANAGEMENT=$(busybox grep management /etc/openvpn/openvpn.conf) CONFIG_MATCH_MANAGEMENT=$(busybox grep management /etc/openvpn/openvpn.conf)
@ -36,6 +37,14 @@ CONFIG_MATCH_MANAGEMENT=$(busybox grep management /etc/openvpn/openvpn.conf)
CONFIG_REQUIRED_MAX_CLIENTS="^max-clients 10" CONFIG_REQUIRED_MAX_CLIENTS="^max-clients 10"
CONFIG_MATCH_MAX_CLIENTS=$(busybox grep max-clients /etc/openvpn/openvpn.conf) CONFIG_MATCH_MAX_CLIENTS=$(busybox grep max-clients /etc/openvpn/openvpn.conf)
# 5. duplicate-cn config
CONFIG_REQUIRED_DUPCN="^duplicate-cn"
CONFIG_MATCH_DUPCN=$(busybox grep duplicate-cn /etc/openvpn/openvpn.conf)
# 6. topology config
CONFIG_REQUIRED_TOPOLOGY="^topology subnet"
CONFIG_MATCH_TOPOLOGY=$(busybox grep 'topology subnet' /etc/openvpn/openvpn.conf)
# #
# Tests # Tests
# #
@ -61,9 +70,24 @@ else
abort "==> Config match not found: $CONFIG_REQUIRED_MANAGEMENT != $CONFIG_MATCH_MANAGEMENT" abort "==> Config match not found: $CONFIG_REQUIRED_MANAGEMENT != $CONFIG_MATCH_MANAGEMENT"
fi fi
if [[ $CONFIG_MATCH_MAX_CLIENTS =~ $CONFIG_REQUIRED_MAX_CLIENTS ]] if [[ $CONFIG_MATCH_MAX_CLIENTS =~ $CONFIG_REQUIRED_MAX_CLIENTS ]]
then then
echo "==> Config match found: $CONFIG_REQUIRED_MAX_CLIENTS == $CONFIG_MATCH_MAX_CLIENTS" echo "==> Config match found: $CONFIG_REQUIRED_MAX_CLIENTS == $CONFIG_MATCH_MAX_CLIENTS"
else else
abort "==> Config match not found: $CONFIG_REQUIRED_MAX_CLIENTS != $CONFIG_MATCH_MAX_CLIENTS" abort "==> Config match not found: $CONFIG_REQUIRED_MAX_CLIENTS != $CONFIG_MATCH_MAX_CLIENTS"
fi fi
if [[ $CONFIG_MATCH_DUPCN =~ $CONFIG_REQUIRED_DUPCN ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_DUPCN == $CONFIG_MATCH_DUPCN"
else
abort "==> Config match not found: $CONFIG_REQUIRED_DUPCN != $CONFIG_MATCH_DUPCN"
fi
if [[ $CONFIG_MATCH_TOPOLOGY =~ $CONFIG_REQUIRED_TOPOLOGY ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_TOPOLOGY == $CONFIG_MATCH_TOPOLOGY"
else
abort "==> Config match not found: $CONFIG_REQUIRED_TOPOLOGY != $CONFIG_MATCH_TOPOLOGY"
fi