From a1c174f6f545488a6dcc17519decf0b860dc7de1 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 4 Jun 2014 01:39:38 -0700 Subject: [PATCH] openvpn.sh: Implement init step and cert gen * Initialize and configure the OpenVPN server * Generate PKI keys, CA, and certs when needed --- Dockerfile | 2 +- bin/openvpn.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 50 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2e863b..efe5f08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:14.04 MAINTAINER Kyle Manna -RUN apt-get install -y openvpn iptables curl git-core +RUN apt-get install -y openvpn iptables git-core dnsutils # Update checkout to use tags when v3.0 is finally released RUN git clone https://github.com/OpenVPN/easy-rsa.git /usr/local/share/easy-rsa diff --git a/bin/openvpn.sh b/bin/openvpn.sh index cd3c6e3..979e629 100755 --- a/bin/openvpn.sh +++ b/bin/openvpn.sh @@ -22,14 +22,58 @@ if [ $# -lt 1 ]; then fi do_openvpn() { - if [ ! -d /dev/net ]; then - mkdir -p /dev/net - fi + mkdir -p /dev/net if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200 fi - cd /etc/easyrsa + iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE + + openvpn --config "$OPENVPN/udp1194.conf" +} + +do_init() { + cn=$1 + + # Provides a sufficient warning before erasing pre-existing files + easyrsa init-pki + + # For a CA key with a password, manually init; this is autopilot + easyrsa build-ca nopass + + easyrsa gen-dh + openvpn --genkey --secret $OPENVPN/pki/ta.key + + if [ -z "$cn"]; then + #TODO: Handle IPv6 (when I get a VPS with IPv6)... + ip4=$(dig +short myip.opendns.com @resolver1.opendns.com) + ptr=$(dig +short -x $ip4 | sed -e 's:\.$::') + + [ -n "$ptr" ] && cn=$ptr || cn=$ip4 + fi + + easyrsa build-server-full $cn nopass + + [ -f "$OPENVPN/udp1194.conf" ] || cat > "$OPENVPN/udp1194.conf" <