container-openvpn/bin/ovpn_getclient
Kyle Manna 34eca5b96f ovpn: Convert from servername -> server_url
* Previously the server name cached the common name generated during
  init and assumed always 1194/udp.
* The new configuration allows for users to pass in a url in a new form
  that allows the protocol to be specified as well as the port.
* Example: udp://vpn.example.com:1194
* Try to be backwards compatible.
2014-06-30 23:27:00 -07:00

61 lines
1.0 KiB
Bash
Executable File

#!/bin/bash
#
# Get an OpenVPN client configuration file
#
set -ex
if [ -s "$OPENVPN/server_url" ]; then
server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
else
# TODO Backwards compatible, need to throw away eventually
server_url=$(cat "$OPENVPN/servername" 2> /dev/null)
fi
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
proto=${BASH_REMATCH[2]};
servername=${BASH_REMATCH[3]};
port=${BASH_REMATCH[5]};
else
echo "Common name not specified"
exit 1
fi
# Apply defaults
[ -z "$proto" ] && proto=1194
[ -z "$port" ] && port=udp
if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
easyrsa build-server-full $cn nopass
fi
cat <<EOF
client
nobind
dev tun
redirect-gateway def1
remote-cert-tls server
<key>
$(cat $EASYRSA_PKI/private/$cn.key)
</key>
<cert>
$(cat $EASYRSA_PKI/issued/$cn.crt)
</cert>
<ca>
$(cat $EASYRSA_PKI/ca.crt)
</ca>
<dh>
$(cat $EASYRSA_PKI/dh.pem)
</dh>
<tls-auth>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
key-direction 1
<connection>
remote $servername $port $proto
</connection>
EOF