util  Check-in [05feae3cd3]

Overview
Comment:updates
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 05feae3cd3cd96baa64df628096c28e4fb0a7f9e65369fe7c46bddb8f5438bef
User & Date: lexi on 2019-05-04 02:38:28
Other Links: manifest | tags
Context
2019-05-04
03:20
more updats check-in: 514964602b user: lexi tags: trunk
02:38
updates check-in: 05feae3cd3 user: lexi tags: trunk
2019-05-03
15:21
add vpn tool check-in: 75223838e1 user: lexi tags: trunk
Changes

Modified vpn/vpn from [8e3b5d4148] to [0b831e354e].

24
25
26
27
28
29
30
31
32









33
34
35
36
37
38
39
40
..
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
..
65
66
67
68
69
70
71




72
73
74
75
76
77
78
...
191
192
193
194
195
196
197
198
199
200
201
202
203
# users  to be  able  to  change the  behavior  of vpn  with
# setenv, you must  change the param invokation  to a simple
# assignment.
#
# note  that you  may want  to  add a  visudo line  allowing
# %wheel  or  perhaps  even  all users  to  execute  openvpn
# without a  password; otherwise, only sudoers  will be able
# to  use vpn  and the  root password  will be  required for
# every state change.









__=$LINENO

param(){ eval $1=\${$1:-$2}; }

param vpn_basedir    ~/opt/vpn
	# the directory in which vpn's logfiles are stored, 
	# and possibly the script itself

................................................................................
	# a configuration file that is applied to all vpns

param vpn_srv_keydir /srv/vpn/ca
	# the directory on the server where vpn client keys
	# are stored

param vpn_cn         $(uname -n)
	# the name of the device / user / resource connecting
	# `vpn key` will use this value to determine which
	# client keys to download. i recommend a one-key-per-
	# device setup with the certificate CN used to assign
	# a name in the tunnel's DNS server, but one-key-per-
	# user or one-key-period setups are also possible.

param TMPDIR		 /tmp
	# a directory for temporary files, preferably one that
	# does not persist across boots (e.g. a tmpfs)

param USER			 $(whoami)
................................................................................
	# the user who should own all files and processes
	# created and destroyed by vpn

param vpn_pidbox     $TMPDIR/pid.$USER
	# a directory for storing pids in. this should be chmod
	# 700 and owned by the user invoking vpn, ideally





param vpn_script     $0
	# a path to the executable

param vpn_scrname    $(basename $vpn_script)
	# the name of the executable

# thus ends the admin-configurable portion of this script.
................................................................................
				echo -e " and openvpn is \e[32mrunning\e[m"
				exit 0
			} || {
				echo -e " but named process is \e[31mnot a vpn instance!\e[m"
				stale; exit 1
			}
		} ;;
	( help ) head -n $(expr $__ - 1) $vpn_script |
		tail -n $(expr $__ - 2); exit 255;;

	( * ) err "action must be one of: join | part | info | clean" ;;
esac








|
|
>
>
>
>
>
>
>
>
>
|







 







|
|
|
|
|







 







>
>
>
>







 







|
|




24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
..
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
..
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
...
204
205
206
207
208
209
210
211
212
213
214
215
216
# users  to be  able  to  change the  behavior  of vpn  with
# setenv, you must  change the param invokation  to a simple
# assignment.
#
# note  that you  may want  to  add a  visudo line  allowing
# %wheel  or  perhaps  even  all users  to  execute  openvpn
# without a  password; otherwise, only sudoers  will be able
# to  use vpn  and the root password will be  required every
# time  a user  connects. root  is not  needed to  tear down
# connections, as by  default the openvpn process  is set to
# pivot to the  account that invoked the script  after it is
# done with tasks that require privileged access.
#
# (it should  go without  saying, but ensure  you understand
# the  security implications  before  editing  sudoers on  a
# multiuser machine or  one that is directly  exposed to the
# internet.)

_text_=$LINENO

param(){ eval $1=\${$1:-$2}; }

param vpn_basedir    ~/opt/vpn
	# the directory in which vpn's logfiles are stored, 
	# and possibly the script itself

................................................................................
	# a configuration file that is applied to all vpns

param vpn_srv_keydir /srv/vpn/ca
	# the directory on the server where vpn client keys
	# are stored

param vpn_cn         $(uname -n)
	# the name of the device  / user / resource connecting.
	# `vpn  key` will  use  this value  to determine  which
	# client keys  to download. i recommend  a one-key-per-
	# device setup with the certificate CN used to assign a
	# name  in the  tunnel's DNS  server, but  one-key-per-
	# user or one-key-period setups are also possible.

param TMPDIR		 /tmp
	# a directory for temporary files, preferably one that
	# does not persist across boots (e.g. a tmpfs)

param USER			 $(whoami)
................................................................................
	# the user who should own all files and processes
	# created and destroyed by vpn

param vpn_pidbox     $TMPDIR/pid.$USER
	# a directory for storing pids in. this should be chmod
	# 700 and owned by the user invoking vpn, ideally

param vpn_bin        openvpn
	# the binary to use. if openvpn is not in your path,
	# enter its absolute path here

param vpn_script     $0
	# a path to the executable

param vpn_scrname    $(basename $vpn_script)
	# the name of the executable

# thus ends the admin-configurable portion of this script.
................................................................................
				echo -e " and openvpn is \e[32mrunning\e[m"
				exit 0
			} || {
				echo -e " but named process is \e[31mnot a vpn instance!\e[m"
				stale; exit 1
			}
		} ;;
	( help ) head -n $(expr $_text_ - 2) $vpn_script |
		tail -n $(expr $_text_ - 2); exit 255;;

	( * ) err "action must be one of: join | part | info | clean" ;;
esac