container-openvpn/bin/ovpn_init
Kyle Manna 34eca5b96f ovpn: Convert from servername -> server_url
* Previously the server name cached the common name generated during
  init and assumed always 1194/udp.
* The new configuration allows for users to pass in a url in a new form
  that allows the protocol to be specified as well as the port.
* Example: udp://vpn.example.com:1194
* Try to be backwards compatible.
2014-06-30 23:27:00 -07:00

55 lines
1.4 KiB
Bash
Executable File

#!/bin/bash
#
# Initialize the PKI and OpenVPN configs
#
set -ex
server_url=$1
# Server name is in the form "udp://vpn.example.com:1194"
if [[ "$server_url" =~ ^((udp|tcp)://)?([0-9a-zA-Z\.]+)(:([0-9]+))?$ ]]; then
proto=${BASH_REMATCH[2]};
cn=${BASH_REMATCH[3]};
port=${BASH_REMATCH[5]};
else
echo "Common name not specified"
exit 1
fi
# Apply defaults
[ -z "$proto" ] && proto=1194
[ -z "$port" ] && port=udp
# Specify "nopass" as arg[2] to make the CA insecure
nopass=$2
# Provides a sufficient warning before erasing pre-existing files
easyrsa init-pki
# CA always has a password for protection in event server is compromised. The
# password is only needed to sign client/server certificates. No password is
# needed for normal OpenVPN operation.
easyrsa build-ca $nopass
easyrsa gen-dh
openvpn --genkey --secret $OPENVPN/pki/ta.key
# Was nice to autoset, but probably a bad idea in practice, users should
# have to explicitly specify the common name of their server
#if [ -z "$cn"]; then
# #TODO: Handle IPv6 (when I get a VPS with IPv6)...
# ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
# ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
#
# [ -n "$ptr" ] && cn=$ptr || cn=$ip4
#fi
echo "$server_url" > $OPENVPN/server_url
# For a server key with a password, manually init; this is autopilot
easyrsa build-server-full $cn nopass
ovpn_genconfig "$cn"