Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force generateClientConfig keep parameters #218

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Force generateClientConfig keep parameters #218

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
bbc9824
Make generateClientConfig keep parameters
gonzalo Sep 25, 2023
733284e
Add new command to generate named profiles
Sep 25, 2023
1de81fa
Add new command to protect named profiles with password
Sep 26, 2023
24e1346
Upgrade base image to alpine:3.14.10
Sep 27, 2023
05e54c5
Fix ./functions.sh: line 14: [: : integer expression expected
Sep 27, 2023
e878968
Force pki dh creation on first run
Sep 27, 2023
03463de
Remove profile creation during first initialization
Sep 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.14.1
FROM alpine:3.18.3

LABEL maintainer="Alexander Litvinenko <array.shift@yahoo.com>"

Expand All @@ -19,7 +19,7 @@ COPY scripts .
COPY config ./config
COPY VERSION ./config

RUN apk add --no-cache openvpn easy-rsa bash netcat-openbsd zip curl dumb-init && \
RUN apk add --no-cache openvpn iptables easy-rsa bash netcat-openbsd zip curl dumb-init && \
ln -s /usr/share/easy-rsa/easyrsa /usr/bin/easyrsa && \
mkdir -p ${APP_PERSIST_DIR} && \
cd ${APP_PERSIST_DIR} && \
Expand Down
10 changes: 5 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,11 +113,11 @@ docker run -it --rm --cap-add=NET_ADMIN \

After container was run using `docker run` command, it's possible to execute additional commands using `docker exec` command. For example, `docker exec <container id> ./version.sh`. See table below to get the full list of supported commands.

| Command | Description | Parameters | Example |
| :------: | :---------: | :--------: | :-----: |
| `./version.sh` | Outputs full container version, i.e `Dockovpn v1.2.0` | | `docker exec dockovpn ./version.sh` |
| `./genclient.sh` | Generates new client configuration | `z` — Optional. Puts newly generated client.ovpn file into client.zip archive.<br><br>`zp paswd` — Optional. Puts newly generated client.ovpn file into client.zip archive with password `pswd` <br><br>`o` — Optional. Prints cert to the output. <br><br>`oz` — Optional. Prints zipped cert to the output. Use with output redirection. <br><br>`ozp paswd` — Optional. Prints encrypted zipped cert to the output. Use with output redirection. | `docker exec dockovpn ./genclient.sh`<br><br>`docker exec dockovpn ./genclient.sh z`<br><br>`docker exec dockovpn ./genclient.sh zp 123` <br><br>`docker exec dockovpn ./genclient.sh o > client.ovpn`<br><br>`docker exec dockovpn ./genclient.sh oz > client.zip` <br><br>`docker exec dockovpn ./genclient.sh ozp paswd > client.zip`|
| `./rmclient.sh` | Revokes client certificate thus making him/her anable to connect to given Dockovpn server. | Client Id, i.e `vFOoQ3Hngz4H790IpRo6JgKR6cMR3YAp`. | `docker exec dockovpn ./rmclient.sh vFOoQ3Hngz4H790IpRo6JgKR6cMR3YAp` |
| Command | Description | Parameters | Example |
| :------: | :---------: |:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
| `./version.sh` | Outputs full container version, i.e `Dockovpn v1.2.0` | | `docker exec dockovpn ./version.sh` |
| `./genclient.sh` | Generates new client configuration | `z` — Optional. Puts newly generated client.ovpn file into client.zip archive.<br><br>`zp paswd` — Optional. Puts newly generated client.ovpn file into client.zip archive with password `pswd` <br><br>`o` — Optional. Prints cert to the output. <br><br>`oz` — Optional. Prints zipped cert to the output. Use with output redirection. <br><br>`ozp paswd` — Optional. Prints encrypted zipped cert to the output. Use with output redirection. <br><br>`n profile_name` — Optional. Use specified profile_name parameter instead of random id. Prints client.ovpn to the output<br><br>`np profile_name` — Optional. Use specified profile_name parameter instead of random id and protects by password asked by stdin. Password refers to the connection and it will be asked during connection stage. Prints client.ovpn to the output | `docker exec dockovpn ./genclient.sh`<br><br>`docker exec dockovpn ./genclient.sh z`<br><br>`docker exec dockovpn ./genclient.sh zp 123` <br><br>`docker exec dockovpn ./genclient.sh o > client.ovpn`<br><br>`docker exec dockovpn ./genclient.sh oz > client.zip` <br><br>`docker exec dockovpn ./genclient.sh ozp paswd > client.zip`<br><br>`docker exec dockovpn ./genclient.sh n profile_name`<br><br>`docker exec -ti dockovpn ./genclient.sh np profile_name` |
| `./rmclient.sh` | Revokes client certificate thus making him/her anable to connect to given Dockovpn server. | Client Id, i.e `vFOoQ3Hngz4H790IpRo6JgKR6cMR3YAp`. | `docker exec dockovpn ./rmclient.sh vFOoQ3Hngz4H790IpRo6JgKR6cMR3YAp` |

## 📺 Video Guide

Expand Down
33 changes: 28 additions & 5 deletions scripts/functions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,15 @@ function datef() {

function createConfig() {
cd "$APP_PERSIST_DIR"
CLIENT_ID="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
CLIENT_PATH="$APP_PERSIST_DIR/clients/$CLIENT_ID"

# Redirect stderr to the black hole
easyrsa build-client-full "$CLIENT_ID" nopass &> /dev/null

if [ $PASSWORD_PROTECTED -eq 1 ]; then
easyrsa build-client-full "$CLIENT_ID"
else
easyrsa build-client-full "$CLIENT_ID" nopass &> /dev/null
fi

# Writing new private key to '/usr/share/easy-rsa/pki/private/client.key
# Client sertificate /usr/share/easy-rsa/pki/issued/client.crt
# CA is by the path /usr/share/easy-rsa/pki/ca.crt
Expand Down Expand Up @@ -94,7 +98,26 @@ function getVersionFull() {
}

function generateClientConfig() {
CLIENT_PATH="$(createConfig)"
#case
#first argument = n use second argument as CLIENT_ID
#first argument = np use second argument as CLIENT_ID and set PASSWORD_PROTECTED as 1
#default generate random CLIENT_ID
FLAGS=$1
case $FLAGS in
n)
CLIENT_ID="$2"
;;
np)
CLIENT_ID="$2"
PASSWORD_PROTECTED=1
;;
*)
CLIENT_ID="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
;;
esac

CLIENT_PATH="$APP_PERSIST_DIR/clients/$CLIENT_ID"
createConfig
CONTENT_TYPE=application/text
FILE_NAME=client.ovpn
FILE_PATH="$CLIENT_PATH/$FILE_NAME"
Expand Down Expand Up @@ -129,7 +152,7 @@ function generateClientConfig() {
FILE_PATH="$CLIENT_PATH/$FILE_NAME"
fi
;;
o)
o|n|np)
cat "$FILE_PATH"
exit 0
;;
Expand Down
2 changes: 1 addition & 1 deletion scripts/genclient.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@

source ./functions.sh

generateClientConfig
generateClientConfig "$@"
19 changes: 5 additions & 14 deletions scripts/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,13 +69,11 @@ LOCKFILE=.gen
if [ ! -f $LOCKFILE ]; then
IS_INITIAL="1"

if [[ -n $REGENERATE ]]; then
easyrsa --batch init-pki
easyrsa --batch gen-dh
# DH parameters of size 2048 created at /usr/share/easy-rsa/pki/dh.pem
# Copy DH file
cp pki/dh.pem /etc/openvpn
fi
easyrsa --batch init-pki
easyrsa --batch gen-dh
# DH parameters of size 2048 created at /usr/share/easy-rsa/pki/dh.pem
# Copy DH file
cp pki/dh.pem /etc/openvpn

easyrsa build-ca nopass << EOF

Expand Down Expand Up @@ -117,13 +115,6 @@ if ! [[ -n $NOOP ]]; then
# Need to feed key password
openvpn --config /etc/openvpn/server.conf &

if [[ -n $IS_INITIAL ]]; then
# By some strange reason we need to do echo command to get to the next command
echo " "

# Generate client config
generateClientConfig $@
fi
fi

if ! [[ -n $QUIT ]]; then
Expand Down