34eca5b96f
* Previously the server name cached the common name generated during init and assumed always 1194/udp. * The new configuration allows for users to pass in a url in a new form that allows the protocol to be specified as well as the port. * Example: udp://vpn.example.com:1194 * Try to be backwards compatible.
61 lines
1.0 KiB
Bash
Executable File
61 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# Get an OpenVPN client configuration file
|
|
#
|
|
|
|
set -ex
|
|
|
|
if [ -s "$OPENVPN/server_url" ]; then
|
|
server_url=$(cat "$OPENVPN/server_url" 2> /dev/null)
|
|
else
|
|
# TODO Backwards compatible, need to throw away eventually
|
|
server_url=$(cat "$OPENVPN/servername" 2> /dev/null)
|
|
fi
|
|
|
|
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
|
|
proto=${BASH_REMATCH[2]};
|
|
servername=${BASH_REMATCH[3]};
|
|
port=${BASH_REMATCH[5]};
|
|
else
|
|
echo "Common name not specified"
|
|
exit 1
|
|
fi
|
|
|
|
# Apply defaults
|
|
[ -z "$proto" ] && proto=1194
|
|
[ -z "$port" ] && port=udp
|
|
|
|
if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
|
|
easyrsa build-server-full $cn nopass
|
|
fi
|
|
|
|
cat <<EOF
|
|
client
|
|
nobind
|
|
dev tun
|
|
redirect-gateway def1
|
|
remote-cert-tls server
|
|
|
|
<key>
|
|
$(cat $EASYRSA_PKI/private/$cn.key)
|
|
</key>
|
|
<cert>
|
|
$(cat $EASYRSA_PKI/issued/$cn.crt)
|
|
</cert>
|
|
<ca>
|
|
$(cat $EASYRSA_PKI/ca.crt)
|
|
</ca>
|
|
<dh>
|
|
$(cat $EASYRSA_PKI/dh.pem)
|
|
</dh>
|
|
<tls-auth>
|
|
$(cat $EASYRSA_PKI/ta.key)
|
|
</tls-auth>
|
|
key-direction 1
|
|
|
|
<connection>
|
|
remote $servername $port $proto
|
|
</connection>
|
|
EOF
|