From f263eb9a6118902a01c768a70c90635da04e18c5 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 08:17:19 -0700 Subject: [PATCH 1/4] genconfig: Add client-to-client support --- bin/ovpn_genconfig | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index dfaf090..9ff04cc 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -39,6 +39,7 @@ usage() { echo echo "optional arguments:" echo " -d Disable NAT routing and default route" + echo " -c Enable client-to-client option" } set -ex @@ -54,7 +55,7 @@ ORIG_OVPN_ROUTES=$OVPN_ROUTES OVPN_ROUTES="" # Parse arguments -while getopts ":r:s:du:" opt; do +while getopts ":r:s:du:c" opt; do case $opt in r) if [ -n "$OVPN_ROUTES" ]; then @@ -72,6 +73,9 @@ while getopts ":r:s:du:" opt; do u) OVPN_SERVER_URL=$OPTARG ;; + c) + OVPN_CLIENT_TO_CLIENT=1 + ;; \?) set +x echo "Invalid option: -$OPTARG" >&2 @@ -114,6 +118,7 @@ fi export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT +export OVPN_CLIENT_TO_CLIENT # Preserve config if [ -f "$OVPN_ENV" ]; then @@ -155,6 +160,8 @@ status /tmp/openvpn-status.log client-config-dir $OPENVPN/ccd EOF +[ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf" + # Append Routes for i in ${OVPN_ROUTES[@]}; do # If user passed "0" skip this, assume no extra routes From 0c873ab4cf39f23555cd11795581df4c5df012ea Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 08:17:47 -0700 Subject: [PATCH 2/4] genconfig: Print success * Print success message to console. Provides positive feedback. --- bin/ovpn_genconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index 9ff04cc..bfa5755 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -172,3 +172,5 @@ done # Clean-up duplicate configs (always return success) diff -q "$bak_env" "$OVPN_ENV" 2> /dev/null && rm "$bak_env" || true diff -q "$bak" "$conf" 2> /dev/null && rm "$bak" || true + +echo "Successfully generated config" From 20be0f90a544cf01fe83a3e3be803ab184780d40 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 10:28:54 -0700 Subject: [PATCH 3/4] genconfig: Add push support * Add ability to specify push commands with `-p` argument. --- bin/ovpn_genconfig | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index bfa5755..e525d5f 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -36,6 +36,7 @@ usage() { echo " -u SERVER_PUBLIC_URL" echo " [-s SERVER_SUBNET]" echo " [-r ROUTE ...]" + echo " [-p PUSH ...]" echo echo "optional arguments:" echo " -d Disable NAT routing and default route" @@ -47,6 +48,7 @@ set -ex OVPN_ENV=$OPENVPN/ovpn_env.sh OVPN_SERVER=192.168.255.0/24 OVPN_DEFROUTE=1 +OVPN_PUSH=() # Import defaults if present [ -r "$OVPN_ENV" ] && source "$OVPN_ENV" @@ -55,7 +57,7 @@ ORIG_OVPN_ROUTES=$OVPN_ROUTES OVPN_ROUTES="" # Parse arguments -while getopts ":r:s:du:c" opt; do +while getopts ":r:s:du:cp:" opt; do case $opt in r) if [ -n "$OVPN_ROUTES" ]; then @@ -76,6 +78,9 @@ while getopts ":r:s:du:c" opt; do c) OVPN_CLIENT_TO_CLIENT=1 ;; + p) + OVPN_PUSH+=("$OPTARG") + ;; \?) set +x echo "Invalid option: -$OPTARG" >&2 @@ -118,7 +123,7 @@ fi export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT -export OVPN_CLIENT_TO_CLIENT +export OVPN_CLIENT_TO_CLIENT OVPN_PUSH # Preserve config if [ -f "$OVPN_ENV" ]; then @@ -169,6 +174,11 @@ for i in ${OVPN_ROUTES[@]}; do echo route $(getroute $i) >> "$conf" done +# Append push commands +for i in "${OVPN_PUSH[@]}"; do + echo push \"$i\" >> "$conf" +done + # Clean-up duplicate configs (always return success) diff -q "$bak_env" "$OVPN_ENV" 2> /dev/null && rm "$bak_env" || true diff -q "$bak" "$conf" 2> /dev/null && rm "$bak" || true From b9cc5b347a1dcd49da00ca6ef1323b71306d8d95 Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Wed, 9 Jul 2014 10:34:39 -0700 Subject: [PATCH 4/4] genconfig: Convert OVPN_ROUTES to array * Convert to an array to simplify the code. * This breaks running `ovpn_genconfig` multiple times with the same route argument as the array will just grow. This needs to be fixed in the future. * Recommended way to work around this is to remove ovpn_env.sh. --- bin/ovpn_genconfig | 23 +++++------------------ bin/ovpn_run | 4 ++-- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig index e525d5f..059e9d0 100755 --- a/bin/ovpn_genconfig +++ b/bin/ovpn_genconfig @@ -48,23 +48,17 @@ set -ex OVPN_ENV=$OPENVPN/ovpn_env.sh OVPN_SERVER=192.168.255.0/24 OVPN_DEFROUTE=1 +OVPN_ROUTES=() OVPN_PUSH=() # Import defaults if present [ -r "$OVPN_ENV" ] && source "$OVPN_ENV" -ORIG_OVPN_ROUTES=$OVPN_ROUTES -OVPN_ROUTES="" - # Parse arguments while getopts ":r:s:du:cp:" opt; do case $opt in r) - if [ -n "$OVPN_ROUTES" ]; then - OVPN_ROUTES+=" $OPTARG" - else - OVPN_ROUTES+="$OPTARG" - fi + OVPN_ROUTES+=("$OPTARG") ;; s) OVPN_SERVER=$OPTARG @@ -112,14 +106,7 @@ fi # Apply defaults [ -z "$OVPN_PROTO" ] && OVPN_PROTO=udp [ -z "$OVPN_PORT" ] && OVPN_PORT=1194 - -if [ -z "$OVPN_ROUTES" ]; then - if [ -n "$ORIG_OVPN_ROUTES" ]; then - OVPN_ROUTES=$ORIG_OVPN_ROUTES - else - OVPN_ROUTES=192.168.254.0/24 - fi -fi +[ ${#OVPN_ROUTES[@]} -eq 0 ] && OVPN_ROUTES=("192.168.254.0/24") export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT @@ -168,10 +155,10 @@ EOF [ -n "$OVPN_CLIENT_TO_CLIENT" ] && echo "client-to-client" >> "$conf" # Append Routes -for i in ${OVPN_ROUTES[@]}; do +for i in "${OVPN_ROUTES[@]}"; do # If user passed "0" skip this, assume no extra routes [ "$i" = "0" ] && break; - echo route $(getroute $i) >> "$conf" + echo route $(getroute "$i") >> "$conf" done # Append push commands diff --git a/bin/ovpn_run b/bin/ovpn_run index 6c92c40..eb97d90 100755 --- a/bin/ovpn_run +++ b/bin/ovpn_run @@ -21,8 +21,8 @@ fi if [ "$OVPN_DEFROUTE" != "0" ];then iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o eth0 -j MASQUERADE - for i in ${OVPN_ROUTES[@]}; do - iptables -t nat -A POSTROUTING -s $i -o eth0 -j MASQUERADE + for i in "${OVPN_ROUTES[@]}"; do + iptables -t nat -A POSTROUTING -s "$i" -o eth0 -j MASQUERADE done fi