Browse Source

default config; make vpn config file; copy other needed files

master
Robin Thoni 8 years ago
parent
commit
61271e95d7
5 changed files with 113 additions and 23 deletions
  1. 2
    0
      .gitignore
  2. 19
    5
      vpngen-cli.py
  3. 54
    3
      vpngen.py
  4. 14
    14
      vpngen/default.conf
  5. 24
    1
      vpngen/vpngen.json

+ 2
- 0
.gitignore View File

1
 # Created by .ignore support plugin (hsz.mobi)
1
 # Created by .ignore support plugin (hsz.mobi)
2
 .idea
2
 .idea
3
+/vpngen.json
4
+/out
3
 
5
 
4
 ### Python template
6
 ### Python template
5
 # Byte-compiled / optimized / DLL files
7
 # Byte-compiled / optimized / DLL files

+ 19
- 5
vpngen-cli.py View File

11
     print(*args, file=sys.stderr, **kwargs)
11
     print(*args, file=sys.stderr, **kwargs)
12
 
12
 
13
 
13
 
14
-def remove_vpn(vpng, vpn_name, force):
15
-    return 0
14
+def create_variables(variables, defaults):
15
+    variables_set = {}
16
+    for variable in variables:
17
+        if variable == 'name':
18
+            continue
19
+        default = defaults[variable] if variable in defaults else ''
20
+        print("Enter a value for '%s' ['%s']: " % (variable, default), end='', flush=True)
21
+        value = sys.stdin.readline()
22
+        value = value[:-1]
23
+        if value == '':
24
+            value = default
25
+        variables_set[variable] = value
26
+    return variables_set
27
+
16
 
28
 
17
 def main():
29
 def main():
18
     parser = argparse.ArgumentParser(description='Manage OpenVPN VPNs')
30
     parser = argparse.ArgumentParser(description='Manage OpenVPN VPNs')
40
     if client_name is not None:
52
     if client_name is not None:
41
         client_name = config['clientPrefix'] + client_name + config['clientSuffix']
53
         client_name = config['clientPrefix'] + client_name + config['clientSuffix']
42
 
54
 
43
-    vpng = vpngen.VpnGen()
55
+    vpng = vpngen.VpnGen(config['defaultConfigPath'], config['ovpnConfigPath'])
44
 
56
 
45
     if args.create:
57
     if args.create:
46
-        res = vpng.create_vpn(vpn_name)
58
+        variables = create_variables(vpng.get_vpn_vars(), config['defaults']['vpn'])
59
+        res = vpng.create_vpn(vpn_name, variables)
47
         if res == vpngen.VpnGenError.Success:
60
         if res == vpngen.VpnGenError.Success:
48
             print("VPN %s created successfully" % vpn_name)
61
             print("VPN %s created successfully" % vpn_name)
49
         else:
62
         else:
57
             eprint("Failed to remove VPN %s: %s" % (vpn_name, res))
70
             eprint("Failed to remove VPN %s: %s" % (vpn_name, res))
58
             exit(1)
71
             exit(1)
59
     elif args.create_client:
72
     elif args.create_client:
60
-        res = vpng.create_client(vpn_name, client_name)
73
+        variables = create_variables(vpng.get_vpn_vars(), config['defaults']['vpn'])
74
+        res = vpng.create_client(vpn_name, client_name, variables)
61
         if res == vpngen.VpnGenError.Success:
75
         if res == vpngen.VpnGenError.Success:
62
             print("Client %s created successfully on VPN %s" % (client_name, vpn_name))
76
             print("Client %s created successfully on VPN %s" % (client_name, vpn_name))
63
         else:
77
         else:

+ 54
- 3
vpngen.py View File

1
 from enum import Enum
1
 from enum import Enum
2
+import os
3
+import os.path
4
+import re
5
+import shutil
2
 
6
 
3
 
7
 
4
 class VpnGenError(Enum):
8
 class VpnGenError(Enum):
10
 
14
 
11
 
15
 
12
 class VpnGen:
16
 class VpnGen:
13
-    def create_vpn(self, vpn_name):
14
-        return VpnGenError.ClientDoesNotExists
17
+    default_config_base_dir = ""
18
+    default_config_file = ""
19
+    ovpn_config_path = ""
20
+
21
+    def __init__(self, default_config_path, ovpn_config_path):
22
+        self.default_config_base_dir = default_config_path
23
+        self.default_config_file = "%s.conf" % default_config_path
24
+        self.ovpn_config_path = ovpn_config_path
25
+
26
+    def f7(self, seq):
27
+        seen = set()
28
+        seen_add = seen.add
29
+        return [x for x in seq if not (x in seen or seen_add(x))]
30
+
31
+    def _find_vars(self, content):
32
+        variables = re.findall('\$\{([^}]+)}', content)
33
+        variables = self.f7(variables)
34
+        return variables
35
+
36
+    def get_vpn_vars(self):
37
+        with open(self.default_config_file, "r") as f:
38
+            default_config = f.read()
39
+        variables = self._find_vars(default_config)
40
+        variables += ["KEY_COUNTRY", "KEY_PROVINCE", "KEY_CITY", "KEY_ORG", "KEY_EMAIL"]
41
+        return variables
42
+
43
+    def create_vpn(self, vpn_name, variables):
44
+        base_dir = "%s%s%s" % (self.ovpn_config_path, os.sep, vpn_name)
45
+        conf_file = "%s.conf" % base_dir
46
+        if os.path.exists(base_dir) or os.path.exists(conf_file):
47
+            return VpnGenError.VpnAlreadyExists
48
+
49
+        with open(self.default_config_file, "r") as f:
50
+            default_config = f.read()
51
+
52
+        variables['name'] = vpn_name
53
+        for variable in variables:
54
+            default_config = default_config.replace("${%s}" % variable, variables[variable])
55
+
56
+        os.makedirs(base_dir)
57
+        with open(conf_file, "w") as f:
58
+            f.write(default_config)
59
+
60
+        os.rmdir(base_dir)
61
+        shutil.copytree(self.default_config_base_dir, base_dir)
62
+
63
+
64
+
65
+        return VpnGenError.Success
15
 
66
 
16
     def remove_vpn(self, vpn_name):
67
     def remove_vpn(self, vpn_name):
17
         return VpnGenError.ClientDoesNotExists
68
         return VpnGenError.ClientDoesNotExists
18
 
69
 
19
-    def create_client(self, vpn_name, client_name):
70
+    def create_client(self, vpn_name, client_name, variables):
20
         return VpnGenError.ClientDoesNotExists
71
         return VpnGenError.ClientDoesNotExists
21
 
72
 
22
     def remove_client(self, vpn_name, client_name):
73
     def remove_client(self, vpn_name, client_name):

+ 14
- 14
vpngen/default.conf View File

1
 # Server TCP/443
1
 # Server TCP/443
2
 mode server
2
 mode server
3
 proto tcp-server
3
 proto tcp-server
4
-port %%VPNPORT%%
5
-dev tun
4
+port ${port}
5
+dev ${dev}
6
 client-to-client
6
 client-to-client
7
 
7
 
8
 # Keys and certificates
8
 # Keys and certificates
9
-ca /etc/openvpn/%%VPNNAME%%/ca.crt
10
-cert /etc/openvpn/%%VPNNAME%%/server.crt
11
-key /etc/openvpn/%%VPNNAME%%/server.key
12
-dh /etc/openvpn/%%VPNNAME%%/dh1024.pem
13
-tls-auth /etc/openvpn/%%VPNNAME%%/ta.key 1
9
+ca /etc/openvpn/${name}/ca.crt
10
+cert /etc/openvpn/${name}/server.crt
11
+key /etc/openvpn/${name}/server.key
12
+dh /etc/openvpn/${name}/dh1024.pem
13
+tls-auth /etc/openvpn/${name}/ta.key 1
14
 
14
 
15
 key-direction 0
15
 key-direction 0
16
 cipher AES-256-CBC
16
 cipher AES-256-CBC
17
-crl-verify /etc/openvpn/%%VPNNAME%%/easy-rsa/keys/crl.pem
18
-client-config-dir /etc/openvpn/%%VPNNAME%%/clientsconf
17
+crl-verify /etc/openvpn/${name}/easy-rsa/keys/crl.pem
18
+client-config-dir /etc/openvpn/${name}/clientsconf
19
 
19
 
20
 # Network
20
 # Network
21
-server %%VPNIPRANGE%% 255.255.255.0
21
+server ${net} ${mask}
22
 keepalive 10 120
22
 keepalive 10 120
23
 
23
 
24
 # Uncomment this to redirect client internet traffic trough VPN
24
 # Uncomment this to redirect client internet traffic trough VPN
25
-# You'll also need to add iptables rules like
26
-# iptables -t nat -s %%internal_subnet%%/24 -A POSTROUTING -j SNAT --to %%out_ip%%
25
+# You'll also need to add iptables rules like:
26
+# iptables -t nat -s $internal_subnet/24 -A POSTROUTING -j SNAT --to $out_ip
27
 #push "redirect-gateway def1 bypass-dhcp"
27
 #push "redirect-gateway def1 bypass-dhcp"
28
 
28
 
29
 # Security
29
 # Security
36
 # Log
36
 # Log
37
 verb 1
37
 verb 1
38
 mute 20
38
 mute 20
39
-status /var/vpn/status-%%VPNNAME%%
40
-log-append /var/log/openvpn-%%VPNNAME%%.log
39
+status /var/vpn/status-${name}
40
+log-append /var/log/openvpn-${name}.log

+ 24
- 1
vpngen/vpngen.json View File

1
 {
1
 {
2
   "vpnPrefix": "vpn_",
2
   "vpnPrefix": "vpn_",
3
   "vpnSuffix": "",
3
   "vpnSuffix": "",
4
+
4
   "clientPrefix": "",
5
   "clientPrefix": "",
5
   "clientSuffix": "",
6
   "clientSuffix": "",
6
 
7
 
7
-  "defaultConfigPath": "/etc/vpngen/default"
8
+  "defaultConfigPath": "/etc/vpngen/default",
9
+
10
+  "ovpnConfigPath": "/etc/openvpn",
11
+
12
+  "defaults": {
13
+    "vpn": {
14
+      "name": "my_vpn",
15
+      "port": "4242",
16
+      "hostname": "vpn.example.com",
17
+      "net": "10.0.0.0",
18
+      "mask": "255.255.255.0",
19
+      "dev": "tap",
20
+
21
+      "KEY_COUNTRY": "COUNTRY",
22
+      "KEY_PROVINCE": "state",
23
+      "KEY_CITY": "City",
24
+      "KEY_ORG": "example",
25
+      "KEY_EMAIL": "root@example.com"
26
+    },
27
+    "client": {
28
+
29
+    }
30
+  }
8
 }
31
 }

Loading…
Cancel
Save