157 lines
3.0 KiB
Bash
157 lines
3.0 KiB
Bash
#!/bin/bash
|
|
|
|
# setup openvpn configuration and secrets
|
|
mkdir -p /etc/openvpn
|
|
|
|
cat - <<EOF > /etc/openvpn.conf
|
|
|
|
# client
|
|
{% if exists("/openvpn/mode") %}
|
|
{{ getv("/openvpn/mode") }}
|
|
{% endif %}
|
|
|
|
# dev tun
|
|
{% if exists("/openvpn/dev") %}
|
|
dev {{ getv("/openvpn/dev") }}
|
|
{% endif %}
|
|
|
|
# remote <host>
|
|
{% if exists("/openvpn/remote") %}
|
|
remote {{ getv("/openvpn/remote") }}
|
|
{% endif %}
|
|
|
|
# proto udp
|
|
{% if exists("/openvpn/proto") %}
|
|
proto {{ getv("/openvpn/proto") }}
|
|
{% endif %}
|
|
|
|
# nobind
|
|
{% if exists("/openvpn/nobind") %}
|
|
nobind
|
|
{% endif %}
|
|
|
|
# ns-cert-type server
|
|
{% if exists("/openvpn/ns/cert/type") %}
|
|
ns-cert-type {{ getv("/openvpn/ns/cert/type") }}
|
|
{% endif %}
|
|
|
|
# up /etc/openvpn/update-resolv-conf
|
|
{% if exists("/openvpn/up") %}
|
|
up {{ getv("/openvpn/up") }}
|
|
{% endif %}
|
|
|
|
# down /etc/openvpn/update-resolv-conf
|
|
{% if exists("/openvpn/down") %}
|
|
down {{ getv("/openvpn/down") }}
|
|
{% endif %}
|
|
|
|
# tls-client
|
|
{% if exists("/openvpn/tls/client") %}
|
|
tls-client
|
|
{% endif %}
|
|
|
|
# tls-auth file 1
|
|
{% if exists("/openvpn/ta") %}
|
|
tls-auth /etc/openvpn/ta {{ getv("/openvpn/ta/dir")|default:"1" }}
|
|
{% endif %}
|
|
|
|
# ca <file>
|
|
ca /etc/openvpn/ca
|
|
|
|
# cert <file>
|
|
cert /etc/openvpn/cert
|
|
|
|
# key <file>
|
|
key /etc/openvpn/key
|
|
|
|
# port 1194
|
|
{% if exists("/openvpn/port") %}
|
|
port {{ getv("/openvpn/port") }}
|
|
{% endif %}
|
|
|
|
{% if exists("/openvpn/user") %}
|
|
user {{ getv("/openvpn/user") }}
|
|
{% else %}
|
|
user nobody
|
|
{% endif %}
|
|
|
|
{% if exists("/openvpn/group") %}
|
|
group {{ getv("/openvpn/group") }}
|
|
{% else %}
|
|
group nogroup
|
|
{% endif %}
|
|
|
|
# comp-lzo
|
|
{% if exists("/openvpn/comp/lzo") %}
|
|
comp-lzo
|
|
{% endif %}
|
|
|
|
# ping 15
|
|
{% if exists("/openvpn/ping") %}
|
|
ping {{ getv("/openvpn/ping") }}
|
|
{% endif %}
|
|
|
|
# ping-restart 45
|
|
{% if exists("/openvpn/ping/restart") %}
|
|
ping-restart {{ getv("/openvpn/ping/restart") }}
|
|
{% endif %}
|
|
|
|
# ping-timer-rem
|
|
{% if exists("/openvpn/ping/timer/rem") %}
|
|
ping-timer-rem
|
|
{% endif %}
|
|
|
|
# persist-tun
|
|
{% if exists("/openvpn/persist/tun") %}
|
|
persist-tun
|
|
{% endif %}
|
|
|
|
# persist-remote-ip
|
|
{% if exists("/openvpn/persist/remote/ip") %}
|
|
persist-remote-ip
|
|
{% endif %}
|
|
|
|
# persist-key
|
|
{% if exists("/openvpn/persist/key") %}
|
|
persist-key
|
|
{% endif %}
|
|
|
|
# verb 4
|
|
{% if exists("/openvpn/verb") %}
|
|
verb {{ getv("/openvpn/verb") }}
|
|
{% endif %}
|
|
|
|
# redirect-gateway def1
|
|
{% if exists("/openvpn/redirect/gateway") %}
|
|
redirect-gateway {{ getv("/openvpn/redirect/gateway") }}
|
|
{% endif %}
|
|
EOF
|
|
|
|
{% if exists("/openvpn/ta") %}
|
|
cat - <<EOKEY > /etc/openvpn/ta
|
|
{% for keyline in (replace(getv("/openvpn/ta"),"\\n","!",-1)|split:"!") %}
|
|
{{ keyline }}
|
|
{% endfor %}
|
|
EOKEY
|
|
chmod 600 /etc/openvpn/ta
|
|
{% endif %}
|
|
|
|
cat - <<EOKEY > /etc/openvpn/ca
|
|
{% for keyline in (replace(getv("/openvpn/ca"),"\\n","!",-1)|split:"!") %}
|
|
{{ keyline }}
|
|
{% endfor %}
|
|
EOKEY
|
|
|
|
cat - <<EOKEY > /etc/openvpn/cert
|
|
{% for keyline in (replace(getv("/openvpn/cert"),"\\n","!",-1)|split:"!") %}
|
|
{{ keyline }}
|
|
{% endfor %}
|
|
EOKEY
|
|
|
|
cat - <<EOKEY > /etc/openvpn/key
|
|
{% for keyline in (replace(getv("/openvpn/key"),"\\n","!",-1)|split:"!") %}
|
|
{{ keyline }}
|
|
{% endfor %}
|
|
EOKEY
|
|
chmod 600 /etc/openvpn/key
|