allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Merge pull request #223 from outstand/extra-client-config

Browse Source 
Add -E flag for adding extra client config
This commit is contained in:
Kyle Manna
2017-02-19 09:34:09 -08:00
committed by GitHub
parent 5236365fe1 fbb97918cf
commit b868fa9093
2 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
bin/ovpn_genconfig
View File

@@ -7,6 +7,7 @@
TMP_PUSH_CONFIGFILE=$(mktemp -t vpn_push.XXXXXXX) TMP_PUSH_CONFIGFILE=$(mktemp -t vpn_push.XXXXXXX)
TMP_ROUTE_CONFIGFILE=$(mktemp -t vpn_route.XXXXXXX) TMP_ROUTE_CONFIGFILE=$(mktemp -t vpn_route.XXXXXXX)
TMP_EXTRA_CONFIGFILE=$(mktemp -t vpn_extra.XXXXXXX) TMP_EXTRA_CONFIGFILE=$(mktemp -t vpn_extra.XXXXXXX)
TMP_EXTRA_CLIENT_CONFIGFILE=$(mktemp -t vpn_extra_client.XXXXXXX)
#Traceback on Error and Exit come from https://docwhat.org/tracebacks-in-bash/ #Traceback on Error and Exit come from https://docwhat.org/tracebacks-in-bash/
set -eu set -eu
@@ -45,6 +46,7 @@ on_exit() {
rm -f $TMP_PUSH_CONFIGFILE rm -f $TMP_PUSH_CONFIGFILE
rm -f $TMP_ROUTE_CONFIGFILE rm -f $TMP_ROUTE_CONFIGFILE
rm -f $TMP_EXTRA_CONFIGFILE rm -f $TMP_EXTRA_CONFIGFILE
rm -f $TMP_EXTRA_CLIENT_CONFIGFILE
local _ec="$?" local _ec="$?"
if [[ $_ec != 0 && "${_showed_traceback}" != t ]]; then if [[ $_ec != 0 && "${_showed_traceback}" != t ]]; then
traceback 1 traceback 1
@@ -83,6 +85,7 @@ usage() {
echo "usage: $0 [-d]" echo "usage: $0 [-d]"
echo " -u SERVER_PUBLIC_URL" echo " -u SERVER_PUBLIC_URL"
echo " [-e EXTRA_SERVER_CONFIG ]" echo " [-e EXTRA_SERVER_CONFIG ]"
echo " [-E EXTRA_CLIENT_CONFIG ]"
echo " [-f FRAGMENT ]" echo " [-f FRAGMENT ]"
echo " [-n DNS_SERVER ...]" echo " [-n DNS_SERVER ...]"
echo " [-p PUSH ...]" echo " [-p PUSH ...]"
@@ -127,6 +130,13 @@ process_extra_config() {
} }
process_extra_client_config() {
local ovpn_extra_config=''
ovpn_extra_config="$1"
echo "Processing Extra Client Config: '${ovpn_extra_config}'"
[[ -n "$ovpn_extra_config" ]] && echo "$ovpn_extra_config" >> "$TMP_EXTRA_CLIENT_CONFIGFILE"
}
if [ "${DEBUG:-}" == "1" ]; then if [ "${DEBUG:-}" == "1" ]; then
set -x set -x
fi fi
@@ -159,7 +169,7 @@ CUSTOM_ROUTE_CONFIG=''
[ -r "$OVPN_ENV" ] && source "$OVPN_ENV" [ -r "$OVPN_ENV" ] && source "$OVPN_ENV"
# Parse arguments # Parse arguments
while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do while getopts ":a:e:E:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
case $opt in case $opt in
a) a)
OVPN_AUTH="$OPTARG" OVPN_AUTH="$OPTARG"
@@ -167,6 +177,9 @@ while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
e) e)
process_extra_config "$OPTARG" process_extra_config "$OPTARG"
;; ;;
E)
process_extra_client_config "$OPTARG"
;;
C) C)
OVPN_CIPHER="$OPTARG" OVPN_CIPHER="$OPTARG"
;; ;;
@@ -254,6 +267,11 @@ fi
[ -z "$OVPN_PORT" ] && OVPN_PORT=1194 [ -z "$OVPN_PORT" ] && OVPN_PORT=1194
[ -z "$CUSTOM_ROUTE_CONFIG" ] && process_route_config "192.168.254.0/24" [ -z "$CUSTOM_ROUTE_CONFIG" ] && process_route_config "192.168.254.0/24"
# Save extra client config from temp file only if temp file is not empty
if [ -s "$TMP_EXTRA_CLIENT_CONFIGFILE" ]; then
OVPN_ADDITIONAL_CLIENT_CONFIG=$(cat $TMP_EXTRA_CLIENT_CONFIGFILE)
fi
export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE
export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT
export OVPN_CLIENT_TO_CLIENT OVPN_PUSH OVPN_NAT OVPN_DNS OVPN_MTU OVPN_DEVICE export OVPN_CLIENT_TO_CLIENT OVPN_PUSH OVPN_NAT OVPN_DNS OVPN_MTU OVPN_DEVICE
@@ -261,6 +279,7 @@ export OVPN_TLS_CIPHER OVPN_CIPHER OVPN_AUTH
export OVPN_COMP_LZO export OVPN_COMP_LZO
export OVPN_OTP_AUTH export OVPN_OTP_AUTH
export OVPN_FRAGMENT export OVPN_FRAGMENT
export OVPN_ADDITIONAL_CLIENT_CONFIG
# Preserve config # Preserve config
if [ -f "$OVPN_ENV" ]; then if [ -f "$OVPN_ENV" ]; then
@@ -268,7 +287,18 @@ if [ -f "$OVPN_ENV" ]; then
echo "Backing up $OVPN_ENV -> $bak_env" echo "Backing up $OVPN_ENV -> $bak_env"
mv "$OVPN_ENV" "$bak_env" mv "$OVPN_ENV" "$bak_env"
fi fi
export | grep OVPN_ > "$OVPN_ENV"
# Like `export | grep OVPN_ > "$OVPN_ENV"` but handles multiline variables
set +u
while read var ; do
eval value=\$$var
if [ -n "$value" ]; then
echo "declare -x $var=\"$value\"" >> "$OVPN_ENV"
else
echo "declare -x $var" >> "$OVPN_ENV"
fi
done < <(export | egrep -o '(OVPN_[^=]+)')
set -u
conf=${OPENVPN:-}/openvpn.conf conf=${OPENVPN:-}/openvpn.conf
if [ -f "$conf" ]; then if [ -f "$conf" ]; then

29
test/tests/conf_options/container.sh
View File

@@ -163,3 +163,32 @@ then
else else
abort "==> Config match not found: $CONFIG_REQUIRED_ROUTE_2 != $CONFIG_MATCH_ROUTE_2" abort "==> Config match not found: $CONFIG_REQUIRED_ROUTE_2 != $CONFIG_MATCH_ROUTE_2"
fi fi
# Test generated client config
# gen udp client with tcp fallback
ovpn_genconfig -u udp://$SERV_IP -E "remote $SERV_IP 443 tcp" -E "remote vpn.example.com 443 tcp"
# nopass is insecure
EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass
easyrsa build-client-full client-fallback nopass
ovpn_getclient client-fallback | tee /etc/openvpn/config-fallback.ovpn
CONFIG_REQUIRED_TCP_REMOTE="^remote $SERV_IP 443 tcp"
CONFIG_MATCH_TCP_REMOTE=$(busybox grep "remote $SERV_IP 443 tcp" /etc/openvpn/config-fallback.ovpn)
CONFIG_REQUIRED_TCP_REMOTE_2="^remote vpn.example.com 443 tcp"
CONFIG_MATCH_TCP_REMOTE_2=$(busybox grep "remote vpn.example.com 443 tcp" /etc/openvpn/config-fallback.ovpn)
if [[ $CONFIG_MATCH_TCP_REMOTE =~ $CONFIG_REQUIRED_TCP_REMOTE ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_TCP_REMOTE == $CONFIG_MATCH_TCP_REMOTE"
else
abort "==> Config match not found: $CONFIG_REQUIRED_TCP_REMOTE != $CONFIG_MATCH_TCP_REMOTE"
fi
if [[ $CONFIG_MATCH_TCP_REMOTE_2 =~ $CONFIG_REQUIRED_TCP_REMOTE_2 ]]
then
echo "==> Config match found: $CONFIG_REQUIRED_TCP_REMOTE_2 == $CONFIG_MATCH_TCP_REMOTE_2"
else
abort "==> Config match not found: $CONFIG_REQUIRED_TCP_REMOTE_2 != $CONFIG_MATCH_TCP_REMOTE_2"
fi