Skip to content

Commit b868fa9

Browse files
kylemannakylemanna
authored
Merge pull request #223 from outstand/extra-client-config
Add -E flag for adding extra client config
2 parents 5236365 + fbb9791 commit b868fa9

File tree

2 files changed

+61
-2
lines changed

2 files changed

+61
-2
lines changed

bin/ovpn_genconfig

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
TMP_PUSH_CONFIGFILE=$(mktemp -t vpn_push.XXXXXXX)
88
TMP_ROUTE_CONFIGFILE=$(mktemp -t vpn_route.XXXXXXX)
99
TMP_EXTRA_CONFIGFILE=$(mktemp -t vpn_extra.XXXXXXX)
10+
TMP_EXTRA_CLIENT_CONFIGFILE=$(mktemp -t vpn_extra_client.XXXXXXX)
1011

1112
#Traceback on Error and Exit come from https://docwhat.org/tracebacks-in-bash/
1213
set -eu
@@ -45,6 +46,7 @@ on_exit() {
4546
rm -f $TMP_PUSH_CONFIGFILE
4647
rm -f $TMP_ROUTE_CONFIGFILE
4748
rm -f $TMP_EXTRA_CONFIGFILE
49+
rm -f $TMP_EXTRA_CLIENT_CONFIGFILE
4850
local _ec="$?"
4951
if [[ $_ec != 0 && "${_showed_traceback}" != t ]]; then
5052
traceback 1
@@ -83,6 +85,7 @@ usage() {
8385
echo "usage: $0 [-d]"
8486
echo " -u SERVER_PUBLIC_URL"
8587
echo " [-e EXTRA_SERVER_CONFIG ]"
88+
echo " [-E EXTRA_CLIENT_CONFIG ]"
8689
echo " [-f FRAGMENT ]"
8790
echo " [-n DNS_SERVER ...]"
8891
echo " [-p PUSH ...]"
@@ -127,6 +130,13 @@ process_extra_config() {
127130

128131
}
129132

133+
process_extra_client_config() {
134+
local ovpn_extra_config=''
135+
ovpn_extra_config="$1"
136+
echo "Processing Extra Client Config: '${ovpn_extra_config}'"
137+
[[ -n "$ovpn_extra_config" ]] && echo "$ovpn_extra_config" >> "$TMP_EXTRA_CLIENT_CONFIGFILE"
138+
}
139+
130140
if [ "${DEBUG:-}" == "1" ]; then
131141
set -x
132142
fi
@@ -159,14 +169,17 @@ CUSTOM_ROUTE_CONFIG=''
159169
[ -r "$OVPN_ENV" ] && source "$OVPN_ENV"
160170

161171
# Parse arguments
162-
while getopts ":a:e:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
172+
while getopts ":a:e:E:C:T:r:s:du:cp:n:DNmf:tz2" opt; do
163173
case $opt in
164174
a)
165175
OVPN_AUTH="$OPTARG"
166176
;;
167177
e)
168178
process_extra_config "$OPTARG"
169179
;;
180+
E)
181+
process_extra_client_config "$OPTARG"
182+
;;
170183
C)
171184
OVPN_CIPHER="$OPTARG"
172185
;;
@@ -254,21 +267,38 @@ fi
254267
[ -z "$OVPN_PORT" ] && OVPN_PORT=1194
255268
[ -z "$CUSTOM_ROUTE_CONFIG" ] && process_route_config "192.168.254.0/24"
256269

270+
# Save extra client config from temp file only if temp file is not empty
271+
if [ -s "$TMP_EXTRA_CLIENT_CONFIGFILE" ]; then
272+
OVPN_ADDITIONAL_CLIENT_CONFIG=$(cat $TMP_EXTRA_CLIENT_CONFIGFILE)
273+
fi
274+
257275
export OVPN_SERVER OVPN_ROUTES OVPN_DEFROUTE
258276
export OVPN_SERVER_URL OVPN_ENV OVPN_PROTO OVPN_CN OVPN_PORT
259277
export OVPN_CLIENT_TO_CLIENT OVPN_PUSH OVPN_NAT OVPN_DNS OVPN_MTU OVPN_DEVICE
260278
export OVPN_TLS_CIPHER OVPN_CIPHER OVPN_AUTH
261279
export OVPN_COMP_LZO
262280
export OVPN_OTP_AUTH
263281
export OVPN_FRAGMENT
282+
export OVPN_ADDITIONAL_CLIENT_CONFIG
264283

265284
# Preserve config
266285
if [ -f "$OVPN_ENV" ]; then
267286
bak_env=$OVPN_ENV.$(date +%s).bak
268287
echo "Backing up $OVPN_ENV -> $bak_env"
269288
mv "$OVPN_ENV" "$bak_env"
270289
fi
271-
export | grep OVPN_ > "$OVPN_ENV"
290+
291+
# Like `export | grep OVPN_ > "$OVPN_ENV"` but handles multiline variables
292+
set +u
293+
while read var ; do
294+
eval value=\$$var
295+
if [ -n "$value" ]; then
296+
echo "declare -x $var=\"$value\"" >> "$OVPN_ENV"
297+
else
298+
echo "declare -x $var" >> "$OVPN_ENV"
299+
fi
300+
done < <(export | egrep -o '(OVPN_[^=]+)')
301+
set -u
272302

273303
conf=${OPENVPN:-}/openvpn.conf
274304
if [ -f "$conf" ]; then

test/tests/conf_options/container.sh

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,3 +163,32 @@ then
163163
else
164164
abort "==> Config match not found: $CONFIG_REQUIRED_ROUTE_2 != $CONFIG_MATCH_ROUTE_2"
165165
fi
166+
167+
# Test generated client config
168+
169+
# gen udp client with tcp fallback
170+
ovpn_genconfig -u udp://$SERV_IP -E "remote $SERV_IP 443 tcp" -E "remote vpn.example.com 443 tcp"
171+
# nopass is insecure
172+
EASYRSA_BATCH=1 EASYRSA_REQ_CN="Travis-CI Test CA" ovpn_initpki nopass
173+
easyrsa build-client-full client-fallback nopass
174+
ovpn_getclient client-fallback | tee /etc/openvpn/config-fallback.ovpn
175+
176+
CONFIG_REQUIRED_TCP_REMOTE="^remote $SERV_IP 443 tcp"
177+
CONFIG_MATCH_TCP_REMOTE=$(busybox grep "remote $SERV_IP 443 tcp" /etc/openvpn/config-fallback.ovpn)
178+
179+
CONFIG_REQUIRED_TCP_REMOTE_2="^remote vpn.example.com 443 tcp"
180+
CONFIG_MATCH_TCP_REMOTE_2=$(busybox grep "remote vpn.example.com 443 tcp" /etc/openvpn/config-fallback.ovpn)
181+
182+
if [[ $CONFIG_MATCH_TCP_REMOTE =~ $CONFIG_REQUIRED_TCP_REMOTE ]]
183+
then
184+
echo "==> Config match found: $CONFIG_REQUIRED_TCP_REMOTE == $CONFIG_MATCH_TCP_REMOTE"
185+
else
186+
abort "==> Config match not found: $CONFIG_REQUIRED_TCP_REMOTE != $CONFIG_MATCH_TCP_REMOTE"
187+
fi
188+
189+
if [[ $CONFIG_MATCH_TCP_REMOTE_2 =~ $CONFIG_REQUIRED_TCP_REMOTE_2 ]]
190+
then
191+
echo "==> Config match found: $CONFIG_REQUIRED_TCP_REMOTE_2 == $CONFIG_MATCH_TCP_REMOTE_2"
192+
else
193+
abort "==> Config match not found: $CONFIG_REQUIRED_TCP_REMOTE_2 != $CONFIG_MATCH_TCP_REMOTE_2"
194+
fi

0 commit comments

Comments
 (0)