Compare commits
8 Commits
Author | SHA1 | Date | |
---|---|---|---|
b662d82ae3 | |||
bad40c1d1a | |||
bd099af12f | |||
c794049d19 | |||
061225e9e3 | |||
8cfb7784fb | |||
9ef9efb1a6 | |||
49a12e960c |
@ -68,9 +68,8 @@ jobs:
|
||||
- name: Generate Release Notes
|
||||
run: |
|
||||
touch release-notes.md
|
||||
echo "< CHANGELOG >" >> release-notes.md
|
||||
echo >> release-notes.md
|
||||
echo "< SETUP INSTRUCTIONS >" >> release-notes.md
|
||||
echo "### Changelog" >> release-notes.md
|
||||
echo "<!-- CHANGELOG -->" >> release-notes.md
|
||||
|
||||
- uses: ncipollo/release-action@v1
|
||||
with:
|
||||
|
@ -25,7 +25,8 @@ services:
|
||||
$ docker compose up -d
|
||||
```
|
||||
|
||||
> ▶️ For both variants, persistent config and key files will be stored in the `./data` directory. Feel free to change this to your needs.
|
||||
> [!TIP]
|
||||
> For both variants, persistent config and key files will be stored in the `./data` directory. Feel free to change this to your needs.
|
||||
|
||||
## Client Management
|
||||
Generate new client keys and output its config:
|
||||
@ -43,4 +44,5 @@ Revoke a client's keys:
|
||||
$ docker compose exec main clientmgmt revoke
|
||||
```
|
||||
|
||||
> ▶️ If you are using docker run, replace `docker compose exec main` with `docker exec -it openvpn`.
|
||||
> [!NOTE]
|
||||
> If you are using docker run, replace `docker compose exec main` with `docker exec -it openvpn`.
|
||||
|
19
clientmgmt
19
clientmgmt
@ -96,14 +96,14 @@ clientmgmt_add(){
|
||||
# ask whether auto-detection should be used
|
||||
local answer="x"
|
||||
local first=0
|
||||
until [[ -z "$answer" || "$answer" =~ ^Y|y|N|n$ ]]; do
|
||||
until [[ -z "$answer" || "$answer" =~ ^(Y|y|N|n)$ ]]; do
|
||||
[[ "$first" -le 0 ]] && first=1 || echo "Invalid answer '$answer'"
|
||||
read -ep "Auto-detect public IP-Address using icanhazip.com? [Y/n]: " answer
|
||||
done
|
||||
|
||||
# maybe do auto-detection
|
||||
local public_ip=""
|
||||
if [[ ! "$answer" =~ ^N|n$ ]]; then
|
||||
if [[ ! "$answer" =~ ^(N|n)$ ]]; then
|
||||
local exit=0
|
||||
local icanhazip
|
||||
icanhazip=$(wget -O - -q icanhazip.com) || exit=$?
|
||||
@ -307,7 +307,7 @@ clientmgmt_askname(){
|
||||
|
||||
## VALIDATE ##
|
||||
# check for reserved names
|
||||
if [[ "$answer" =~ ^ca|server$ ]]; then
|
||||
if [[ "$answer" =~ ^(ca|server)$ ]]; then
|
||||
log_error "Name is reserved for internal use: '$answer'"
|
||||
fi
|
||||
|
||||
@ -363,19 +363,32 @@ clientmgmt_clientlist(){
|
||||
|
||||
|
||||
|
||||
#
|
||||
# HELPER: Make sure config and key files have been fully initialized.
|
||||
#
|
||||
clientmgmt_check_init_done(){
|
||||
[[ -f "${DATA_SERVER_DIR}/server.conf" ]] && return 0
|
||||
log_error "Server is still initializing config and key files; try again in a few seconds"
|
||||
}
|
||||
|
||||
|
||||
|
||||
## MAIN ##
|
||||
case ${1:-""} in
|
||||
add)
|
||||
clientmgmt_check_init_done
|
||||
clientmgmt_add
|
||||
exit 0
|
||||
;;
|
||||
|
||||
list)
|
||||
clientmgmt_check_init_done
|
||||
clientmgmt_list
|
||||
exit 0
|
||||
;;
|
||||
|
||||
revoke)
|
||||
clientmgmt_check_init_done
|
||||
clientmgmt_revoke
|
||||
exit 0
|
||||
;;
|
||||
|
@ -19,7 +19,7 @@ trap_exit(){
|
||||
q=$(( q + 1 ))
|
||||
snore 1
|
||||
if [[ "$q" -ge 15 ]]; then
|
||||
log_warn "Sending kill to OpenVPN"
|
||||
echo "Sending kill to OpenVPN" 1>&2
|
||||
kill -s KILL -- $openvpn_pid 2> /dev/null || true
|
||||
break
|
||||
fi
|
||||
@ -53,7 +53,8 @@ proc_running(){
|
||||
# try reading state
|
||||
local state_path="/proc/$1/stat"
|
||||
[[ ! -f "$state_path" ]] && return 1
|
||||
local state=$(cat "$state_path" | cut -d ' ' -f3)
|
||||
local state
|
||||
state=$(cat "$state_path" 2> /dev/null | cut -d ' ' -f3) || return 1
|
||||
|
||||
# parse state
|
||||
case "$state" in
|
||||
@ -103,6 +104,7 @@ easyrsa_server_keys_create(){
|
||||
|
||||
# new pki
|
||||
/usr/bin/easyrsa --batch init-pki
|
||||
chmod 755 pki
|
||||
|
||||
# create ca
|
||||
/usr/bin/easyrsa --batch --days=7300 build-ca nopass
|
||||
@ -122,8 +124,15 @@ easyrsa_server_keys_create(){
|
||||
|
||||
|
||||
## OTHER KEYS ##
|
||||
# dh parameters
|
||||
openssl dhparam -out "${DATA_SERVER_DIR}/dh2048.pem" 2048
|
||||
# dh parameters from `IETF RFC 7919`
|
||||
echo "-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
|
||||
-----END DH PARAMETERS-----" > "${DATA_SERVER_DIR}/dh2048.pem"
|
||||
|
||||
# tls-crypt key
|
||||
openvpn --genkey secret "${DATA_SERVER_DIR}/tls-crypt.key"
|
||||
|
Loading…
Reference in New Issue
Block a user