util  Diff

Differences From Artifact [8e3b5d4148]:

To Artifact [0b831e354e]:


    24     24   # users  to be  able  to  change the  behavior  of vpn  with
    25     25   # setenv, you must  change the param invokation  to a simple
    26     26   # assignment.
    27     27   #
    28     28   # note  that you  may want  to  add a  visudo line  allowing
    29     29   # %wheel  or  perhaps  even  all users  to  execute  openvpn
    30     30   # without a  password; otherwise, only sudoers  will be able
    31         -# to  use vpn  and the  root password  will be  required for
    32         -# every state change.
    33         -__=$LINENO
           31  +# to  use vpn  and the root password will be  required every
           32  +# time  a user  connects. root  is not  needed to  tear down
           33  +# connections, as by  default the openvpn process  is set to
           34  +# pivot to the  account that invoked the script  after it is
           35  +# done with tasks that require privileged access.
           36  +#
           37  +# (it should  go without  saying, but ensure  you understand
           38  +# the  security implications  before  editing  sudoers on  a
           39  +# multiuser machine or  one that is directly  exposed to the
           40  +# internet.)
           41  +
           42  +_text_=$LINENO
    34     43   
    35     44   param(){ eval $1=\${$1:-$2}; }
    36     45   
    37     46   param vpn_basedir    ~/opt/vpn
    38     47   	# the directory in which vpn's logfiles are stored, 
    39     48   	# and possibly the script itself
    40     49   
................................................................................
    46     55   	# a configuration file that is applied to all vpns
    47     56   
    48     57   param vpn_srv_keydir /srv/vpn/ca
    49     58   	# the directory on the server where vpn client keys
    50     59   	# are stored
    51     60   
    52     61   param vpn_cn         $(uname -n)
    53         -	# the name of the device / user / resource connecting
    54         -	# `vpn key` will use this value to determine which
    55         -	# client keys to download. i recommend a one-key-per-
    56         -	# device setup with the certificate CN used to assign
    57         -	# a name in the tunnel's DNS server, but one-key-per-
           62  +	# the name of the device  / user / resource connecting.
           63  +	# `vpn  key` will  use  this value  to determine  which
           64  +	# client keys  to download. i recommend  a one-key-per-
           65  +	# device setup with the certificate CN used to assign a
           66  +	# name  in the  tunnel's DNS  server, but  one-key-per-
    58     67   	# user or one-key-period setups are also possible.
    59     68   
    60     69   param TMPDIR		 /tmp
    61     70   	# a directory for temporary files, preferably one that
    62     71   	# does not persist across boots (e.g. a tmpfs)
    63     72   
    64     73   param USER			 $(whoami)
................................................................................
    65     74   	# the user who should own all files and processes
    66     75   	# created and destroyed by vpn
    67     76   
    68     77   param vpn_pidbox     $TMPDIR/pid.$USER
    69     78   	# a directory for storing pids in. this should be chmod
    70     79   	# 700 and owned by the user invoking vpn, ideally
    71     80   
           81  +param vpn_bin        openvpn
           82  +	# the binary to use. if openvpn is not in your path,
           83  +	# enter its absolute path here
           84  +
    72     85   param vpn_script     $0
    73     86   	# a path to the executable
    74     87   
    75     88   param vpn_scrname    $(basename $vpn_script)
    76     89   	# the name of the executable
    77     90   
    78     91   # thus ends the admin-configurable portion of this script.
................................................................................
   191    204   				echo -e " and openvpn is \e[32mrunning\e[m"
   192    205   				exit 0
   193    206   			} || {
   194    207   				echo -e " but named process is \e[31mnot a vpn instance!\e[m"
   195    208   				stale; exit 1
   196    209   			}
   197    210   		} ;;
   198         -	( help ) head -n $(expr $__ - 1) $vpn_script |
   199         -		tail -n $(expr $__ - 2); exit 255;;
          211  +	( help ) head -n $(expr $_text_ - 2) $vpn_script |
          212  +		tail -n $(expr $_text_ - 2); exit 255;;
   200    213   
   201    214   	( * ) err "action must be one of: join | part | info | clean" ;;
   202    215   esac
   203    216