mauro/docker-image-openvpn
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
docker-image-openvpn/openvpn_setup.tmpl
Mauro Torrez e7e0531b41
All checks were successful
continuous-integration/drone/push Build is passing
Details
add redirect-gateway option support
2020-06-09 08:33:48 -03:00

157 lines
3.0 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# setup openvpn configuration and secrets
mkdir -p /etc/openvpn
cat - <<EOF > /etc/openvpn.conf
# client
{% if exists("/openvpn/mode") %}
{{ getv("/openvpn/mode") }}
{% endif %}
# dev tun
{% if exists("/openvpn/dev") %}
dev {{ getv("/openvpn/dev") }}
{% endif %}
# remote <host>
{% if exists("/openvpn/remote") %}
remote {{ getv("/openvpn/remote") }}
{% endif %}
# proto udp
{% if exists("/openvpn/proto") %}
proto {{ getv("/openvpn/proto") }}
{% endif %}
# nobind
{% if exists("/openvpn/nobind") %}
nobind
{% endif %}
# ns-cert-type server
{% if exists("/openvpn/ns/cert/type") %}
ns-cert-type {{ getv("/openvpn/ns/cert/type") }}
{% endif %}
# up /etc/openvpn/update-resolv-conf
{% if exists("/openvpn/up") %}
up {{ getv("/openvpn/up") }}
{% endif %}
# down /etc/openvpn/update-resolv-conf
{% if exists("/openvpn/down") %}
down {{ getv("/openvpn/down") }}
{% endif %}
# tls-client
{% if exists("/openvpn/tls/client") %}
tls-client
{% endif %}
# tls-auth file 1
{% if exists("/openvpn/ta") %}
tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default:"1" }}
{% endif %}
# ca <file>
ca /etc/openvpn/ca
# cert <file>
cert /etc/openvpn/cert
# key <file>
key /etc/openvpn/key
# port 1194
{% if exists("/openvpn/port") %}
port {{ getv("/openvpn/port") }}
{% endif %}
{% if exists("/openvpn/user") %}
user {{ getv("/openvpn/user") }}
{% else %}
user nobody
{% endif %}
{% if exists("/openvpn/group") %}
group {{ getv("/openvpn/group") }}
{% else %}
group nogroup
{% endif %}
# comp-lzo
{% if exists("/openvpn/comp/lzo") %}
comp-lzo
{% endif %}
# ping 15
{% if exists("/openvpn/ping") %}
ping {{ getv("/openvpn/ping") }}
{% endif %}
# ping-restart 45
{% if exists("/openvpn/ping/restart") %}
ping-restart {{ getv("/openvpn/ping/restart") }}
{% endif %}
# ping-timer-rem
{% if exists("/openvpn/ping/timer/rem") %}
ping-timer-rem
{% endif %}
# persist-tun
{% if exists("/openvpn/persist/tun") %}
persist-tun
{% endif %}
# persist-remote-ip
{% if exists("/openvpn/persist/remote/ip") %}
persist-remote-ip
{% endif %}
# persist-key
{% if exists("/openvpn/persist/key") %}
persist-key
{% endif %}
# verb 4
{% if exists("/openvpn/verb") %}
verb {{ getv("/openvpn/verb") }}
{% endif %}
# redirect-gateway def1
{% if exists("/openvpn/redirect/gateway") %}
redirect-gateway {{ getv("/openvpn/redirect/gateway") }}
{% endif %}
EOF
{% if exists("/openvpn/ta") %}
cat - <<EOKEY > /etc/openvpn/ta
{% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
chmod 600 /etc/openvpn/ta
{% endif %}
cat - <<EOKEY > /etc/openvpn/ca
{% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
cat - <<EOKEY > /etc/openvpn/cert
{% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
cat - <<EOKEY > /etc/openvpn/key
{% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %}
{{ keyline }}
{% endfor %}
EOKEY
chmod 600 /etc/openvpn/key
Reference in New Issue View Git Blame Copy Permalink