#!/bin/bash # setup openvpn configuration and secrets mkdir -p /etc/openvpn cat - < /etc/openvpn.conf # client {% if exists("/openvpn/mode") %} {{ getv("/openvpn/mode") }} {% endif %} # dev tun {% if exists("/openvpn/dev") %} dev {{ getv("/openvpn/dev") }} {% endif %} # remote {% if exists("/openvpn/remote") %} remote {{ getv("/openvpn/remote") }} {% endif %} # proto udp {% if exists("/openvpn/proto") %} proto {{ getv("/openvpn/proto") }} {% endif %} # nobind {% if exists("/openvpn/nobind") %} nobind {% endif %} # ns-cert-type server {% if exists("/openvpn/ns/cert/type") %} ns-cert-type {{ getv("/openvpn/ns/cert/type") }} {% endif %} # up /etc/openvpn/update-resolv-conf {% if exists("/openvpn/up") %} up {{ getv("/openvpn/up") }} {% endif %} # down /etc/openvpn/update-resolv-conf {% if exists("/openvpn/down") %} down {{ getv("/openvpn/down") }} {% endif %} # tls-client {% if exists("/openvpn/tls/client") %} tls-client {% endif %} # tls-auth file 1 {% if exists("/openvpn/ta") %} tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default:"1" }} {% endif %} # ca ca /etc/openvpn/ca # cert cert /etc/openvpn/cert # key key /etc/openvpn/key # port 1194 {% if exists("/openvpn/port") %} port {{ getv("/openvpn/port") }} {% endif %} {% if exists("/openvpn/user") %} user {{ getv("/openvpn/user") }} {% else %} user nobody {% endif %} {% if exists("/openvpn/group") %} group {{ getv("/openvpn/group") }} {% else %} group nogroup {% endif %} # comp-lzo {% if exists("/openvpn/comp/lzo") %} comp-lzo {% endif %} # ping 15 {% if exists("/openvpn/ping") %} ping {{ getv("/openvpn/ping") }} {% endif %} # ping-restart 45 {% if exists("/openvpn/ping/restart") %} ping-restart {{ getv("/openvpn/ping/restart") }} {% endif %} # ping-timer-rem {% if exists("/openvpn/ping/timer/rem") %} ping-timer-rem {% endif %} # persist-tun {% if exists("/openvpn/persist/tun") %} persist-tun {% endif %} # persist-remote-ip {% if exists("/openvpn/persist/remote/ip") %} persist-remote-ip {% endif %} # persist-key {% if exists("/openvpn/persist/key") %} persist-key {% endif %} # verb 4 {% if exists("/openvpn/verb") %} verb {{ getv("/openvpn/verb") }} {% endif %} # redirect-gateway def1 {% if exists("/openvpn/redirect/gateway") %} redirect-gateway {{ getv("/openvpn/redirect/gateway") }} {% endif %} EOF {% if exists("/openvpn/ta") %} cat - < /etc/openvpn/ta {% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %} {{ keyline }} {% endfor %} EOKEY chmod 600 /etc/openvpn/ta {% endif %} cat - < /etc/openvpn/ca {% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %} {{ keyline }} {% endfor %} EOKEY cat - < /etc/openvpn/cert {% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %} {{ keyline }} {% endfor %} EOKEY cat - < /etc/openvpn/key {% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %} {{ keyline }} {% endfor %} EOKEY chmod 600 /etc/openvpn/key