Skip to content

Commit 51270aa

Browse files
kylemannakylemanna
authored
Merge pull request #162 from slamont/master
Too many arguments while pushing route
2 parents bdeaff2 + 72a3c8a commit 51270aa

File tree

2 files changed

+111
-29
lines changed

2 files changed

+111
-29
lines changed

bin/ovpn_genconfig

Lines changed: 38 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@
44
# Generate OpenVPN configs
55
#
66

7+
USE_DEFAULT_ROUTE=true
8+
9+
TMP_PUSH_CONFIGFILE=$(mktemp -t vpn_push.XXXXXXX)
10+
TMP_ROUTE_CONFIGFILE=$(mktemp -t vpn_route.XXXXXXX)
711
TMP_EXTRA_CONFIGFILE=$(mktemp -t vpn_extra.XXXXXXX)
812

913
#Traceback on Error and Exit come from https://docwhat.org/tracebacks-in-bash/
@@ -40,6 +44,8 @@ trap on_error ERR
4044

4145
on_exit() {
4246
echo "Cleaning up before Exit ..."
47+
rm -f $TMP_PUSH_CONFIGFILE
48+
rm -f $TMP_ROUTE_CONFIGFILE
4349
rm -f $TMP_EXTRA_CONFIGFILE
4450
local _ec="$?"
4551
if [[ $_ec != 0 && "${_showed_traceback}" != t ]]; then
@@ -99,11 +105,27 @@ usage() {
99105
echo " -z Enable comp-lzo compression."
100106
}
101107

108+
process_route_config() {
109+
local ovpn_route_config=''
110+
ovpn_route_config="$1"
111+
# If user passed "0" skip this, assume no extra routes
112+
[[ "$ovpn_route_config" == "0" ]] && break;
113+
echo "Processing Route Config: '${ovpn_route_config}'"
114+
[[ -n "$ovpn_route_config" ]] && echo "route $(getroute $ovpn_route_config)" >> "$TMP_ROUTE_CONFIGFILE"
115+
}
116+
117+
process_push_config() {
118+
local ovpn_push_config=''
119+
ovpn_push_config="$1"
120+
echo "Processing PUSH Config: '${ovpn_push_config}'"
121+
[[ -n "$ovpn_push_config" ]] && echo "push $ovpn_push_config" >> "$TMP_PUSH_CONFIGFILE"
122+
}
123+
102124
process_extra_config() {
103125
local ovpn_extra_config=''
104126
ovpn_extra_config="$1"
105127
echo "Processing Extra Config: '${ovpn_extra_config}'"
106-
[ -n "$ovpn_extra_config" ] && echo "$ovpn_extra_config" >> "$TMP_EXTRA_CONFIGFILE"
128+
[[ -n "$ovpn_extra_config" ]] && echo "$ovpn_extra_config" >> "$TMP_EXTRA_CONFIGFILE"
107129

108130
}
109131

@@ -127,10 +149,6 @@ OVPN_NAT=0
127149
OVPN_DNS=1
128150
OVPN_DEVICE="tun"
129151
OVPN_DEVICEN=0
130-
OVPN_ROUTES=()
131-
TMP_ROUTES=()
132-
OVPN_PUSH=()
133-
TMP_PUSH=()
134152
OVPN_DNS_SERVERS=("8.8.8.8" "8.8.4.4")
135153
TMP_DNS_SERVERS=()
136154
OVPN_TLS_CIPHER=''
@@ -157,7 +175,8 @@ while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
157175
OVPN_TLS_CIPHER="$OPTARG"
158176
;;
159177
r)
160-
TMP_ROUTES+=("$OPTARG")
178+
USE_DEFAULT_ROUTE=false
179+
process_route_config "$OPTARG"
161180
;;
162181
s)
163182
OVPN_SERVER=$OPTARG
@@ -172,7 +191,7 @@ while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
172191
OVPN_CLIENT_TO_CLIENT=1
173192
;;
174193
p)
175-
TMP_PUSH+=("$OPTARG")
194+
process_push_config "$OPTARG"
176195
;;
177196
n)
178197
TMP_DNS_SERVERS+=("$OPTARG")
@@ -216,12 +235,6 @@ done
216235
# Create ccd directory for static routes
217236
[ ! -d "${OPENVPN:-}/ccd" ] && mkdir -p ${OPENVPN:-}/ccd
218237

219-
# if new routes were not defined with -r, use default
220-
[ ${#TMP_ROUTES[@]} -gt 0 ] && OVPN_ROUTES=("${TMP_ROUTES[@]}")
221-
222-
# if new push directives were not defined with -p, use default
223-
[ ${#TMP_PUSH[@]} -gt 0 ] && OVPN_PUSH=("${TMP_PUSH[@]}")
224-
225238
# if dns servers were not defined with -n, use google nameservers
226239
[ ${#TMP_DNS_SERVERS[@]} -gt 0 ] && OVPN_DNS_SERVERS=("${TMP_DNS_SERVERS[@]}")
227240

@@ -240,7 +253,7 @@ fi
240253
# Apply defaults
241254
[ -z "$OVPN_PROTO" ] && OVPN_PROTO=udp
242255
[ -z "$OVPN_PORT" ] && OVPN_PORT=1194
243-
[ ${#OVPN_ROUTES[@]} -eq 0 ] && OVPN_ROUTES=("192.168.254.0/24")
256+
[ $USE_DEFAULT_ROUTE ] && process_route_config "192.168.254.0/24"
244257

245258
export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE
246259
export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT
@@ -277,7 +290,6 @@ key-direction 0
277290
keepalive 10 60
278291
persist-key
279292
persist-tun
280-
push block-outside-dns
281293
282294
proto $OVPN_PROTO
283295
# Rely on Docker to do port mapping, internally always 1194
@@ -289,6 +301,9 @@ user nobody
289301
group nogroup
290302
EOF
291303

304+
#This was in the heredoc, we use the new function instead
305+
process_push_config "block-outside-dns"
306+
292307
[ -n "$OVPN_TLS_CIPHER" ] && echo "tls-cipher $OVPN_TLS_CIPHER" >> "$conf"
293308
[ -n "$OVPN_CIPHER" ] && echo "cipher $OVPN_CIPHER" >> "$conf"
294309
[ -n "$OVPN_AUTH" ] && echo "auth $OVPN_AUTH" >> "$conf"
@@ -299,22 +314,17 @@ EOF
299314
[ -n "${OVPN_FRAGMENT:-}" ] && echo "fragment $OVPN_FRAGMENT" >> "$conf"
300315

301316
[ "$OVPN_DNS" == "1" ] && for i in "${OVPN_DNS_SERVERS[@]}"; do
302-
echo "push dhcp-option DNS $i" >> "$conf"
303-
done
304-
# Append Routes
305-
for i in "${OVPN_ROUTES[@]}"; do
306-
# If user passed "0" skip this, assume no extra routes
307-
[ "$i" = "0" ] && break;
308-
echo route $(getroute "$i") >> "$conf"
317+
process_push_config "dhcp-option DNS $i"
309318
done
310319

320+
# Append route commands
321+
echo -e "\n### Route Configurations Below" >> "$conf"
322+
cat $TMP_ROUTE_CONFIGFILE >> "$conf"
323+
311324
# Append push commands
312-
if [ ! -z ${OVPN_PUSH[@]:-} ];then
313-
echo "${OVPN_PUSH}"
314-
for i in "${OVPN_PUSH[@]}"; do
315-
echo push \"$i\" >> "$conf"
316-
done
317-
fi
325+
echo -e "\n### Push Configurations Below" >> "$conf"
326+
cat $TMP_PUSH_CONFIGFILE >> "$conf"
327+
318328
# Optional OTP authentication support
319329
if [ -n "${OVPN_OTP_AUTH:-}" ]; then
320330
echo -e "\n\n# Enable OTP+PAM for user authentication" >> "$conf"

test/tests/conf_options/container.sh

Lines changed: 73 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ max-clients 10
1313
EOF
1414

1515
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
16-
ovpn_genconfig -u udp://$SERV_IP -f 1400 -e "$MULTILINE_EXTRA_SERVER_CONF" -e "duplicate-cn" -e "topology subnet"
16+
ovpn_genconfig -u udp://$SERV_IP -f 1400 -e "$MULTILINE_EXTRA_SERVER_CONF" -e 'duplicate-cn' -e 'topology subnet' -p 'route 172.22.22.0 255.255.255.0'
1717

1818
#
1919
# grep for config lines from openvpn.conf
@@ -45,6 +45,27 @@ CONFIG_MATCH_DUPCN=$(busybox grep duplicate-cn /etc/openvpn/openvpn.conf)
4545
CONFIG_REQUIRED_TOPOLOGY="^topology subnet"
4646
CONFIG_MATCH_TOPOLOGY=$(busybox grep 'topology subnet' /etc/openvpn/openvpn.conf)
4747

48+
## Tests for push config
49+
# 7. push route
50+
CONFIG_REQUIRED_PUSH_ROUTE="^push route 172.22.22.0 255.255.255.0"
51+
CONFIG_MATCH_PUSH_ROUTE=$(busybox grep 'push route 172.22.22.0 255.255.255.0' /etc/openvpn/openvpn.conf)
52+
53+
## Test for default
54+
# 8. Should see default route if none provided
55+
CONFIG_REQUIRED_DEFAULT_ROUTE="^route 192.168.254.0 255.255.255.0"
56+
CONFIG_MATCH_DEFAULT_ROUTE=$(busybox grep 'route 192.168.254.0 255.255.255.0' /etc/openvpn/openvpn.conf)
57+
58+
# 9. Should see a push of 'block-outside-dns' by default
59+
CONFIG_REQUIRED_DEFAULT_ROUTE="^push block-outside-dns"
60+
CONFIG_MATCH_DEFAULT_ROUTE=$(busybox grep 'push block-outside-dns' /etc/openvpn/openvpn.conf)
61+
62+
# 10. Should see a push of 'dhcp-option DNS' by default
63+
CONFIG_REQUIRED_DEFAULT_DNS_1="^push dhcp-option DNS 8.8.8.8"
64+
CONFIG_MATCH_DEFAULT_DNS_1=$(busybox grep 'push dhcp-option DNS 8.8.8.8' /etc/openvpn/openvpn.conf)
65+
CONFIG_REQUIRED_DEFAULT_DNS_2="^push dhcp-option DNS 8.8.4.4"
66+
CONFIG_MATCH_DEFAULT_DNS_2=$(busybox grep 'push dhcp-option DNS 8.8.4.4' /etc/openvpn/openvpn.conf)
67+
68+
4869
#
4970
# Tests
5071
#
@@ -91,3 +112,54 @@ then
91112
else
92113
abort "==> Config match not found: $CONFIG_REQUIRED_TOPOLOGY != $CONFIG_MATCH_TOPOLOGY"
93114
fi
115+
116+
if [[ $CONFIG_MATCH_PUSH_ROUTE =~ $CONFIG_REQUIRED_PUSH_ROUTE ]]
117+
then
118+
echo "==> Config match found: $CONFIG_REQUIRED_PUSH_ROUTE == $CONFIG_MATCH_PUSH_ROUTE"
119+
else
120+
abort "==> Config match not found: $CONFIG_REQUIRED_PUSH_ROUTE != $CONFIG_MATCH_PUSH_ROUTE"
121+
fi
122+
123+
if [[ $CONFIG_MATCH_DEFAULT_ROUTE =~ $CONFIG_REQUIRED_DEFAULT_ROUTE ]]
124+
then
125+
echo "==> Config match found: $CONFIG_REQUIRED_DEFAULT_ROUTE == $CONFIG_MATCH_DEFAULT_ROUTE"
126+
else
127+
abort "==> Config match not found: $CONFIG_REQUIRED_DEFAULT_ROUTE != $CONFIG_MATCH_DEFAULT_ROUTE"
128+
fi
129+
130+
if [[ $CONFIG_MATCH_DEFAULT_DNS_1 =~ $CONFIG_REQUIRED_DEFAULT_DNS_1 ]]
131+
then
132+
echo "==> Config match found: $CONFIG_REQUIRED_DEFAULT_DNS_1 == $CONFIG_MATCH_DEFAULT_DNS_1"
133+
else
134+
abort "==> Config match not found: $CONFIG_REQUIRED_DEFAULT_DNS_1 != $CONFIG_MATCH_DEFAULT_DNS_1"
135+
fi
136+
137+
if [[ $CONFIG_MATCH_DEFAULT_DNS_2 =~ $CONFIG_REQUIRED_DEFAULT_DNS_2 ]]
138+
then
139+
echo "==> Config match found: $CONFIG_REQUIRED_DEFAULT_DNS_2 == $CONFIG_MATCH_DEFAULT_DNS_2"
140+
else
141+
abort "==> Config match not found: $CONFIG_REQUIRED_DEFAULT_DNS_2 != $CONFIG_MATCH_DEFAULT_DNS_2"
142+
fi
143+
144+
SERV_IP=$(ip -4 -o addr show scope global | awk '{print $4}' | sed -e 's:/.*::' | head -n1)
145+
ovpn_genconfig -u udp://$SERV_IP -r "172.33.33.0/24" -r "172.34.34.0/24"
146+
147+
CONFIG_REQUIRED_ROUTE_1="^route 172.33.33.0 255.255.255.0"
148+
CONFIG_MATCH_ROUTE_1=$(busybox grep 'route 172.33.33.0 255.255.255.0' /etc/openvpn/openvpn.conf)
149+
150+
CONFIG_REQUIRED_ROUTE_2="^route 172.34.34.0 255.255.255.0"
151+
CONFIG_MATCH_ROUTE_2=$(busybox grep 'route 172.34.34.0 255.255.255.0' /etc/openvpn/openvpn.conf)
152+
153+
if [[ $CONFIG_MATCH_ROUTE_1 =~ $CONFIG_REQUIRED_ROUTE_1 ]]
154+
then
155+
echo "==> Config match found: $CONFIG_REQUIRED_ROUTE_1 == $CONFIG_MATCH_ROUTE_1"
156+
else
157+
abort "==> Config match not found: $CONFIG_REQUIRED_ROUTE_1 != $CONFIG_MATCH_ROUTE_1"
158+
fi
159+
160+
if [[ $CONFIG_MATCH_ROUTE_2 =~ $CONFIG_REQUIRED_ROUTE_2 ]]
161+
then
162+
echo "==> Config match found: $CONFIG_REQUIRED_ROUTE_2 == $CONFIG_MATCH_ROUTE_2"
163+
else
164+
abort "==> Config match not found: $CONFIG_REQUIRED_ROUTE_2 != $CONFIG_MATCH_ROUTE_2"
165+
fi

0 commit comments

Comments
 (0)