Skip to content

Commit

Permalink
openvpn.sh / README.md fix dperson#283, add option to disable default…
Browse files Browse the repository at this point in the history 
… route
  • Loading branch information
David Personette committed Apr 29, 2020
1 parent 3d1ff90 commit 3c61905
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ the second container (that's what `--net=container:vpn` does).
required arg: '<passwd>'
<passwd> password to access the certificate file
-a '<user;password>' Configure authentication username and password
-D Don't use the connection as the default route
-d Use the VPN provider's DNS resolvers
-f '[port]' Firewall rules so that only the VPN and DNS are allowed to
send internet traffic (IE if VPN is down it's offline)
Expand Down Expand Up @@ -141,6 +142,7 @@ ENVIRONMENT VARIABLES

* `CERT_AUTH` - As above (-c) provide authentication to access certificate
* `DNS` - As above (-d) use the VPN provider's DNS resolvers
* `DEFAULT_GATEWAY` - As above (-D) if set to 'false', don't use default route
* `FIREWALL` - As above (-f) setup firewall to disallow net access w/o the VPN
* `CIPHER` - Set openvpn cipher option when generating conf file with -v
* `AUTH` - Set openvpn auth option when generating conf file with -v
Expand Down
8 changes: 6 additions & 2 deletions openvpn.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,7 @@ Options (fields in '[]' are optional, '<>' are required):
required arg: '<passwd>'
<passwd> password to access the certificate file
-a '<user;password>' Configure authentication username and password
-D Don't use the connection as the default route
-d Use the VPN provider's DNS resolvers
-f '[port]' Firewall rules so that only the VPN and DNS are allowed to
send internet traffic (IE if VPN is down it's offline)
Expand Down Expand Up @@ -266,7 +267,7 @@ conf="$dir/vpn.conf"
cert="$dir/vpn-ca.crt"
route="$dir/.firewall"
route6="$dir/.firewall6"
ext_args="--script-security 2 --redirect-gateway def1"
export ext_args="--script-security 2 --redirect-gateway def1"
[[ -f $conf ]] || { [[ $(ls -d $dir/*|egrep '\.(conf|ovpn)$' 2>&-|wc -w) -eq 1 \
]] && conf="$(ls -d $dir/* | egrep '\.(conf|ovpn)$' 2>&-)"; }
[[ -f $cert ]] || { [[ $(ls -d $dir/* | egrep '\.ce?rt$' 2>&- | wc -w) -eq 1 \
Expand All @@ -293,11 +294,12 @@ while read i; do
eval vpnportforward $(sed 's/^/"/; s/$/"/; s/;/" "/g' <<< $i)
done < <(env | awk '/^VPNPORT[0-9=_]/ {sub (/^[^=]*=/, "", $0); print}')

while getopts ":hc:df:a:m:o:p:R:r:v:" opt; do
while getopts ":hc:Ddf:a:m:o:p:R:r:v:" opt; do
case "$opt" in
h) usage ;;
a) eval vpn_auth $(sed 's/^/"/; s/$/"/; s/;/" "/g' <<< $OPTARG) ;;
c) cert_auth "$OPTARG" ;;
D) DEFAULT_GATEWAY=false ;;
d) dns ;;
f) firewall "$OPTARG"; touch $route $route6 ;;
m) MSS="$OPTARG" ;;
Expand All @@ -312,6 +314,8 @@ while getopts ":hc:df:a:m:o:p:R:r:v:" opt; do
done
shift $(( OPTIND - 1 ))

[[ ${DEFAULT_GATEWAY:-""} == "false" ]] &&
ext_args=$(sed 's/ --redirect-gateway def1//' <<< $ext_args)
[[ -e $auth ]] && ext_args+=" --auth-user-pass $auth"
[[ -e $cert_auth ]] && ext_args+=" --askpass $cert_auth"

Expand Down

0 comments on commit 3c61905

Please sign in to comment.