Overview
| Comment: | updates |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
05feae3cd3cd96baa64df628096c28e4 |
| User & Date: | lexi on 2019-05-04 02:38:28 |
| Other Links: | manifest | tags |
Context
|
2019-05-04
| ||
| 03:20 | more updats check-in: 514964602b user: lexi tags: trunk | |
| 02:38 | updates check-in: 05feae3cd3 user: lexi tags: trunk | |
|
2019-05-03
| ||
| 15:21 | add vpn tool check-in: 75223838e1 user: lexi tags: trunk | |
Changes
Modified vpn/vpn from [8e3b5d4148] to [0b831e354e].
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 .. 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 .. 65 66 67 68 69 70 71 72 73 74 75 76 77 78 ... 191 192 193 194 195 196 197 198 199 200 201 202 203 |
# users to be able to change the behavior of vpn with # setenv, you must change the param invokation to a simple # assignment. # # note that you may want to add a visudo line allowing # %wheel or perhaps even all users to execute openvpn # without a password; otherwise, only sudoers will be able # to use vpn and the root password will be required for # every state change. __=$LINENO param(){ eval $1=\${$1:-$2}; } param vpn_basedir ~/opt/vpn # the directory in which vpn's logfiles are stored, # and possibly the script itself ................................................................................ # a configuration file that is applied to all vpns param vpn_srv_keydir /srv/vpn/ca # the directory on the server where vpn client keys # are stored param vpn_cn $(uname -n) # the name of the device / user / resource connecting # `vpn key` will use this value to determine which # client keys to download. i recommend a one-key-per- # device setup with the certificate CN used to assign # a name in the tunnel's DNS server, but one-key-per- # user or one-key-period setups are also possible. param TMPDIR /tmp # a directory for temporary files, preferably one that # does not persist across boots (e.g. a tmpfs) param USER $(whoami) ................................................................................ # the user who should own all files and processes # created and destroyed by vpn param vpn_pidbox $TMPDIR/pid.$USER # a directory for storing pids in. this should be chmod # 700 and owned by the user invoking vpn, ideally param vpn_script $0 # a path to the executable param vpn_scrname $(basename $vpn_script) # the name of the executable # thus ends the admin-configurable portion of this script. ................................................................................ echo -e " and openvpn is \e[32mrunning\e[m" exit 0 } || { echo -e " but named process is \e[31mnot a vpn instance!\e[m" stale; exit 1 } } ;; ( help ) head -n $(expr $__ - 1) $vpn_script | tail -n $(expr $__ - 2); exit 255;; ( * ) err "action must be one of: join | part | info | clean" ;; esac |
| | > > > > > > > > > | | | | | | > > > > | | |
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 .. 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 .. 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 ... 204 205 206 207 208 209 210 211 212 213 214 215 216 |
# users to be able to change the behavior of vpn with # setenv, you must change the param invokation to a simple # assignment. # # note that you may want to add a visudo line allowing # %wheel or perhaps even all users to execute openvpn # without a password; otherwise, only sudoers will be able # to use vpn and the root password will be required every # time a user connects. root is not needed to tear down # connections, as by default the openvpn process is set to # pivot to the account that invoked the script after it is # done with tasks that require privileged access. # # (it should go without saying, but ensure you understand # the security implications before editing sudoers on a # multiuser machine or one that is directly exposed to the # internet.) _text_=$LINENO param(){ eval $1=\${$1:-$2}; } param vpn_basedir ~/opt/vpn # the directory in which vpn's logfiles are stored, # and possibly the script itself ................................................................................ # a configuration file that is applied to all vpns param vpn_srv_keydir /srv/vpn/ca # the directory on the server where vpn client keys # are stored param vpn_cn $(uname -n) # the name of the device / user / resource connecting. # `vpn key` will use this value to determine which # client keys to download. i recommend a one-key-per- # device setup with the certificate CN used to assign a # name in the tunnel's DNS server, but one-key-per- # user or one-key-period setups are also possible. param TMPDIR /tmp # a directory for temporary files, preferably one that # does not persist across boots (e.g. a tmpfs) param USER $(whoami) ................................................................................ # the user who should own all files and processes # created and destroyed by vpn param vpn_pidbox $TMPDIR/pid.$USER # a directory for storing pids in. this should be chmod # 700 and owned by the user invoking vpn, ideally param vpn_bin openvpn # the binary to use. if openvpn is not in your path, # enter its absolute path here param vpn_script $0 # a path to the executable param vpn_scrname $(basename $vpn_script) # the name of the executable # thus ends the admin-configurable portion of this script. ................................................................................ echo -e " and openvpn is \e[32mrunning\e[m" exit 0 } || { echo -e " but named process is \e[31mnot a vpn instance!\e[m" stale; exit 1 } } ;; ( help ) head -n $(expr $_text_ - 2) $vpn_script | tail -n $(expr $_text_ - 2); exit 255;; ( * ) err "action must be one of: join | part | info | clean" ;; esac |