This repository has been archived by the owner on Oct 11, 2024. It is now read-only.
forked from dperson/openvpn-client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openvpn.sh
executable file
·125 lines (112 loc) · 3.52 KB
/
openvpn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/env bash
#===============================================================================
# FILE: openvpn.sh
#
# USAGE: ./openvpn.sh
#
# DESCRIPTION: Entrypoint for openvpn docker container
#
# OPTIONS: ---
# REQUIREMENTS: ---
# BUGS: ---
# NOTES: ---
# AUTHOR: David Personette ([email protected]),
# ORGANIZATION:
# CREATED: 09/28/2014 12:11
# REVISION: 1.0
#===============================================================================
set -o nounset # Treat unset variables as an error
### timezone: Set the timezone for the container
# Arguments:
# timezone) for example EST5EDT
# Return: the correct zoneinfo file will be symlinked into place
timezone() { local timezone="${1:-EST5EDT}"
[[ -e /usr/share/zoneinfo/$timezone ]] || {
echo "ERROR: invalid timezone specified" >&2
return
}
ln -sf /usr/share/zoneinfo/$timezone /etc/localtime
}
### vpn: setup openvpn client
# Arguments:
# server) VPN GW server
# user) user name on VPN
# pass) password on VPN
# Return: configured .ovpn file
vpn() { local server="$1" user="$2" pass="$3" \
conf="/vpn/vpn.conf" auth="/vpn/vpn.auth"
cat > $conf << EOF
client
dev tun
proto udp
remote $server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /vpn/vpn-ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
redirect-gateway def1
auth-user-pass $auth
EOF
echo "$user" > $auth
echo "$pass" >> $auth
chmod 0600 $auth
}
### usage: Help
# Arguments:
# none)
# Return: Help text
usage() { local RC=${1:-0}
echo "Usage: ${0##*/} [-opt] [command]
Options (fields in '[]' are optional, '<>' are required):
-h This help
-t \"\" Configure timezone
possible arg: \"[timezone]\" - zoneinfo timezone for container
-v \"<server;user;password>\" Configure OpenVPN
required arg: \"<server>;<user>;<password>\"
<server> to connect to
<user> to authenticate as
<password> to authenticate with
The 'command' (if provided and valid) will be run instead of openvpn
" >&2
exit $RC
}
cd /tmp
while getopts ":ht:v:" opt; do
case "$opt" in
h) usage ;;
t) timezone "$OPTARG" ;;
v) eval vpn $(sed 's/^\|$/"/g; s/;/" "/g' <<< $OPTARG) ;;
"?") echo "Unknown option: -$OPTARG"; usage 1 ;;
":") echo "No argument value for option: -$OPTARG"; usage 2 ;;
esac
done
shift $(( OPTIND - 1 ))
[[ "${TIMEZONE:-""}" ]] && timezone "$TIMEZONE"
[[ "${VPN:-""}" ]] && eval vpn $(sed 's/^\|$/"/g; s/;/" "/g' <<< $VPN)
if [[ $# -ge 1 && -x $(which $1 2>&-) ]]; then
exec "$@"
elif [[ $# -ge 1 ]]; then
echo "ERROR: command not found: $1"
exit 13
elif ps -ef | egrep -v 'grep|openvpn.sh' | grep -q openvpn; then
echo "Service already running, please restart container to apply changes"
else
[[ -e /vpn/vpn.conf ]] || { echo "ERROR: VPN not configured!"; sleep 120; }
[[ -e /vpn/vpn-ca.crt ]] || { echo "ERROR: VPN cert missing!"; sleep 120; }
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o tap0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -j DROP
exec openvpn --config /vpn/vpn.conf
fi