852d404c12
* Instead of storing just a server_url which was necessary to
regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.
NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.
Example recovery for legacy users:
host$ docker run --rm -it kylemanna/openvpn bash -l
container# ovpn_genconfig $(cat /etc/openvpn/server_url)
44 lines
590 B
Bash
Executable File
44 lines
590 B
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# Get an OpenVPN client configuration file
|
|
#
|
|
|
|
set -ex
|
|
|
|
source "$OPENVPN/ovpn_env.sh"
|
|
cn=$1
|
|
|
|
if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
|
|
easyrsa build-server-full $cn nopass
|
|
fi
|
|
|
|
cat <<EOF
|
|
client
|
|
nobind
|
|
dev tun
|
|
redirect-gateway def1
|
|
remote-cert-tls server
|
|
|
|
<key>
|
|
$(cat $EASYRSA_PKI/private/${cn}.key)
|
|
</key>
|
|
<cert>
|
|
$(cat $EASYRSA_PKI/issued/${cn}.crt)
|
|
</cert>
|
|
<ca>
|
|
$(cat $EASYRSA_PKI/ca.crt)
|
|
</ca>
|
|
<dh>
|
|
$(cat $EASYRSA_PKI/dh.pem)
|
|
</dh>
|
|
<tls-auth>
|
|
$(cat $EASYRSA_PKI/ta.key)
|
|
</tls-auth>
|
|
key-direction 1
|
|
|
|
<connection>
|
|
remote $servername $port $proto
|
|
</connection>
|
|
EOF
|