Differences From
Artifact [8e3b5d4148]:
24 24 # users to be able to change the behavior of vpn with
25 25 # setenv, you must change the param invokation to a simple
26 26 # assignment.
27 27 #
28 28 # note that you may want to add a visudo line allowing
29 29 # %wheel or perhaps even all users to execute openvpn
30 30 # without a password; otherwise, only sudoers will be able
31 -# to use vpn and the root password will be required for
32 -# every state change.
33 -__=$LINENO
31 +# to use vpn and the root password will be required every
32 +# time a user connects. root is not needed to tear down
33 +# connections, as by default the openvpn process is set to
34 +# pivot to the account that invoked the script after it is
35 +# done with tasks that require privileged access.
36 +#
37 +# (it should go without saying, but ensure you understand
38 +# the security implications before editing sudoers on a
39 +# multiuser machine or one that is directly exposed to the
40 +# internet.)
41 +
42 +_text_=$LINENO
34 43
35 44 param(){ eval $1=\${$1:-$2}; }
36 45
37 46 param vpn_basedir ~/opt/vpn
38 47 # the directory in which vpn's logfiles are stored,
39 48 # and possibly the script itself
40 49
................................................................................
46 55 # a configuration file that is applied to all vpns
47 56
48 57 param vpn_srv_keydir /srv/vpn/ca
49 58 # the directory on the server where vpn client keys
50 59 # are stored
51 60
52 61 param vpn_cn $(uname -n)
53 - # the name of the device / user / resource connecting
54 - # `vpn key` will use this value to determine which
55 - # client keys to download. i recommend a one-key-per-
56 - # device setup with the certificate CN used to assign
57 - # a name in the tunnel's DNS server, but one-key-per-
62 + # the name of the device / user / resource connecting.
63 + # `vpn key` will use this value to determine which
64 + # client keys to download. i recommend a one-key-per-
65 + # device setup with the certificate CN used to assign a
66 + # name in the tunnel's DNS server, but one-key-per-
58 67 # user or one-key-period setups are also possible.
59 68
60 69 param TMPDIR /tmp
61 70 # a directory for temporary files, preferably one that
62 71 # does not persist across boots (e.g. a tmpfs)
63 72
64 73 param USER $(whoami)
................................................................................
65 74 # the user who should own all files and processes
66 75 # created and destroyed by vpn
67 76
68 77 param vpn_pidbox $TMPDIR/pid.$USER
69 78 # a directory for storing pids in. this should be chmod
70 79 # 700 and owned by the user invoking vpn, ideally
71 80
81 +param vpn_bin openvpn
82 + # the binary to use. if openvpn is not in your path,
83 + # enter its absolute path here
84 +
72 85 param vpn_script $0
73 86 # a path to the executable
74 87
75 88 param vpn_scrname $(basename $vpn_script)
76 89 # the name of the executable
77 90
78 91 # thus ends the admin-configurable portion of this script.
................................................................................
191 204 echo -e " and openvpn is \e[32mrunning\e[m"
192 205 exit 0
193 206 } || {
194 207 echo -e " but named process is \e[31mnot a vpn instance!\e[m"
195 208 stale; exit 1
196 209 }
197 210 } ;;
198 - ( help ) head -n $(expr $__ - 1) $vpn_script |
199 - tail -n $(expr $__ - 2); exit 255;;
211 + ( help ) head -n $(expr $_text_ - 2) $vpn_script |
212 + tail -n $(expr $_text_ - 2); exit 255;;
200 213
201 214 ( * ) err "action must be one of: join | part | info | clean" ;;
202 215 esac
203 216