Browse Source

begin new version

master
Robin Thoni 8 years ago
parent
commit
a96a5d7f93

+ 94
- 0
.gitignore View File

@@ -0,0 +1,94 @@
1
+# Created by .ignore support plugin (hsz.mobi)
2
+.idea
3
+
4
+### Python template
5
+# Byte-compiled / optimized / DLL files
6
+__pycache__/
7
+*.py[cod]
8
+*$py.class
9
+
10
+# C extensions
11
+*.so
12
+
13
+# Distribution / packaging
14
+.Python
15
+env/
16
+build/
17
+develop-eggs/
18
+dist/
19
+downloads/
20
+eggs/
21
+.eggs/
22
+lib/
23
+lib64/
24
+parts/
25
+sdist/
26
+var/
27
+*.egg-info/
28
+.installed.cfg
29
+*.egg
30
+
31
+# PyInstaller
32
+#  Usually these files are written by a python script from a template
33
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
34
+*.manifest
35
+*.spec
36
+
37
+# Installer logs
38
+pip-log.txt
39
+pip-delete-this-directory.txt
40
+
41
+# Unit test / coverage reports
42
+htmlcov/
43
+.tox/
44
+.coverage
45
+.coverage.*
46
+.cache
47
+nosetests.xml
48
+coverage.xml
49
+*,cover
50
+.hypothesis/
51
+
52
+# Translations
53
+*.mo
54
+*.pot
55
+
56
+# Django stuff:
57
+*.log
58
+local_settings.py
59
+
60
+# Flask stuff:
61
+instance/
62
+.webassets-cache
63
+
64
+# Scrapy stuff:
65
+.scrapy
66
+
67
+# Sphinx documentation
68
+docs/_build/
69
+
70
+# PyBuilder
71
+target/
72
+
73
+# IPython Notebook
74
+.ipynb_checkpoints
75
+
76
+# pyenv
77
+.python-version
78
+
79
+# celery beat schedule file
80
+celerybeat-schedule
81
+
82
+# dotenv
83
+.env
84
+
85
+# virtualenv
86
+venv/
87
+ENV/
88
+
89
+# Spyder project settings
90
+.spyderproject
91
+
92
+# Rope project settings
93
+.ropeproject
94
+

+ 6
- 0
.idea/vcs.xml View File

@@ -0,0 +1,6 @@
1
+<?xml version="1.0" encoding="UTF-8"?>
2
+<project version="4">
3
+  <component name="VcsDirectoryMappings">
4
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
5
+  </component>
6
+</project>

+ 0
- 1
example/iptables_vpn_internet View File

@@ -1 +0,0 @@
1
-iptables -t nat -s 10.8.0.0/24 -A POSTROUTING -j SNAT --to 178.170.113.82

+ 0
- 35
example/vpn_internet.conf View File

@@ -1,35 +0,0 @@
1
-# Serveur TCP/443
2
-mode server
3
-proto tcp-server
4
-port 8080
5
-dev tun
6
-
7
-# Cles et certificats
8
-ca /etc/openvpn/vpn_internet/ca.crt
9
-cert /etc/openvpn/vpn_internet/server.crt
10
-key /etc/openvpn/vpn_internet/server.key
11
-dh /etc/openvpn/vpn_internet/dh1024.pem
12
-tls-auth /etc/openvpn/vpn_internet/ta.key 1
13
-
14
-key-direction 0
15
-cipher AES-256-CBC
16
-crl-verify /etc/openvpn/vpn_internet/easy-rsa/keys/crl.pem
17
-client-config-dir /etc/openvpn/vpn_internet/clientsconf
18
-
19
-# Reseau
20
-server 10.8.0.0 255.255.255.0
21
-push "redirect-gateway def1 bypass-dhcp"
22
-keepalive 10 120
23
-
24
-# Securite
25
-user www-data
26
-group ovpn-manager
27
-persist-key
28
-persist-tun
29
-comp-lzo
30
-
31
-# Log
32
-verb 1
33
-mute 20
34
-status /var/vpn.example.com/status-vpn_internet
35
-log-append /var/log/openvpn-vpn_internet.log

+ 5
- 18
mkclient View File

@@ -1,14 +1,12 @@
1 1
 #!/bin/bash
2 2
 if [ $# -ne 3 ]
3 3
 then
4
-    echo "Usage: mkclient clientname password vpn" 1>&2
5
-    echo "password can be -p to show prompt" 1>&2
4
+    echo "Usage: mkclient clientname vpn" 1>&2
6 5
     exit 1
7 6
 fi
8 7
 
9
-pass="$2"
10
-vpn="$3"
11
-clientname="$1-${vpn}"
8
+vpn="${2}"
9
+clientname="${1}-${vpn}"
12 10
 vpn="vpn_${vpn}"
13 11
 if [ ! -d "/etc/openvpn/${vpn}" ]
14 12
 then
@@ -30,12 +28,6 @@ then
30 28
     exit 4
31 29
 fi
32 30
 
33
-if [ "${pass}" == "-p" ]
34
-then
35
-    echo -n "Password: "
36
-    read -s pass
37
-fi
38
-
39 31
 cd ..
40 32
 source ./vars
41 33
 KEY_CN="${clientname}" KEY_NAME="${clientname}" ./pkitool ${clientname}
@@ -56,14 +48,9 @@ cp ca.crt "$clientdir/ca-${vpn}.crt"
56 48
 cp ta.key "$clientdir/ta-${vpn}.key"
57 49
 echo "Creating client-${vpn}.conf"
58 50
 cd $clientsdir
51
+
59 52
 sed "s/%%client%%/${clientname}/g" client.conf > "$clientdir/${clientname}.conf"
60 53
 echo "Creating ${clientname}.tar.bz2"
61
-cd $clientdir
62
-tar cfj "${clientname}.tar.bz2" *
63
-echo "Creating symlink"
64
-ln -s "$clientdir${clientname}.tar.bz2" "$clientslinkdir${clientname}.tar.bz2"
65
-echo "Adding apache user"
66
-echo -e "<Files ${clientname}.tar.bz2>\n\tRequire user ${clientname} ovpn-root\n</Files>" >> $clientslinkdir'.htaccess'
67
-htpasswd -b "/var/vpn/${vpn}/.htpasswd" ${clientname} ${pass}
54
+tar cfj "${clientname}.tar.bz2" "${clientname}/"*
68 55
 echo "mkclient completed"
69 56
 exit 0

+ 82
- 0
vpngen-cli.py View File

@@ -0,0 +1,82 @@
1
+#! /usr/bin/env python3
2
+
3
+from __future__ import print_function
4
+import argparse
5
+import json
6
+import sys
7
+import vpngen
8
+
9
+
10
+def eprint(*args, **kwargs):
11
+    print(*args, file=sys.stderr, **kwargs)
12
+
13
+
14
+def remove_vpn(vpng, vpn_name, force):
15
+    return 0
16
+
17
+def main():
18
+    parser = argparse.ArgumentParser(description='Manage OpenVPN VPNs')
19
+    parser.add_argument('--vpn', help='The VPN to use', required=True)
20
+    parser.add_argument('--config', dest='config', default='/etc/vpngen/vpngen.json', help='Configuration file path')
21
+
22
+    parser.add_argument('--create', help='Create a VPN', action='store_true')
23
+    parser.add_argument('--remove', help='Remove a VPN', action='store_true')
24
+    parser.add_argument('--create-client', help='Create a client for the VPN', metavar='CLIENT')
25
+    parser.add_argument('--remove-client', help='Remove a client for the VPN', metavar='CLIENT')
26
+    parser.add_argument('--rebuild-clients', help='Rebuild clients configurations', action='store_true')
27
+
28
+    args = parser.parse_args()
29
+
30
+    with open(args.config, "r") as f:
31
+        config = json.load(f)
32
+
33
+    vpn_name = config['vpnPrefix'] + args.vpn + config['vpnSuffix']
34
+    if args.create_client is not None:
35
+        client_name = args.create_client
36
+    elif args.remove_client is not None:
37
+        client_name = args.remove_client
38
+    else:
39
+        client_name = None
40
+    if client_name is not None:
41
+        client_name = config['clientPrefix'] + client_name + config['clientSuffix']
42
+
43
+    vpng = vpngen.VpnGen()
44
+
45
+    if args.create:
46
+        res = vpng.create_vpn(vpn_name)
47
+        if res == vpngen.VpnGenError.Success:
48
+            print("VPN %s created successfully" % vpn_name)
49
+        else:
50
+            eprint("Failed to create VPN %s: %s" % (vpn_name, res))
51
+            exit(1)
52
+    elif args.remove:
53
+        res = vpng.remove_vpn(vpn_name)
54
+        if res == vpngen.VpnGenError.Success:
55
+            print("VPN %s removed successfully" % vpn_name)
56
+        else:
57
+            eprint("Failed to remove VPN %s: %s" % (vpn_name, res))
58
+            exit(1)
59
+    elif args.create_client:
60
+        res = vpng.create_client(vpn_name, client_name)
61
+        if res == vpngen.VpnGenError.Success:
62
+            print("Client %s created successfully on VPN %s" % (client_name, vpn_name))
63
+        else:
64
+            eprint("Failed to create client %s on VPN %s: %s" % (client_name, vpn_name, res))
65
+            exit(1)
66
+    elif args.remove_client:
67
+        res = vpng.remove_client(vpn_name, client_name)
68
+        if res == vpngen.VpnGenError.Success:
69
+            print("Client %s removed successfully on VPN %s" % (client_name, vpn_name))
70
+        else:
71
+            eprint("Failed to remove client %s on VPN %s: %s" % (client_name, vpn_name, res))
72
+            exit(1)
73
+    elif args.rebuild_clients:
74
+        res = vpng.rebuild_clients(vpn_name)
75
+        if res == vpngen.VpnGenError.Success:
76
+            print("Clients configurations rebuilt successfully on VPN %s" % vpn_name)
77
+        else:
78
+            eprint("Failed to rebuild clients configuration on VPN %s: %s" % (vpn_name, res))
79
+            exit(1)
80
+
81
+
82
+main()

+ 26
- 0
vpngen.py View File

@@ -0,0 +1,26 @@
1
+from enum import Enum
2
+
3
+
4
+class VpnGenError(Enum):
5
+    Success = 0,
6
+    VpnAlreadyExists = 1,
7
+    VpnDoesNotExists = 2,
8
+    ClientAlreadyExists = 3,
9
+    ClientDoesNotExists = 4
10
+
11
+
12
+class VpnGen:
13
+    def create_vpn(self, vpn_name):
14
+        return VpnGenError.ClientDoesNotExists
15
+
16
+    def remove_vpn(self, vpn_name):
17
+        return VpnGenError.ClientDoesNotExists
18
+
19
+    def create_client(self, vpn_name, client_name):
20
+        return VpnGenError.ClientDoesNotExists
21
+
22
+    def remove_client(self, vpn_name, client_name):
23
+        return VpnGenError.ClientDoesNotExists
24
+
25
+    def rebuild_clients(self, vpn_name):
26
+        return VpnGenError.ClientDoesNotExists

sampleconf → vpngen/default.conf View File

@@ -1,11 +1,11 @@
1
-# Serveur TCP/443
1
+# Server TCP/443
2 2
 mode server
3 3
 proto tcp-server
4 4
 port %%VPNPORT%%
5 5
 dev tun
6 6
 client-to-client
7 7
 
8
-# Cles et certificats
8
+# Keys and certificates
9 9
 ca /etc/openvpn/%%VPNNAME%%/ca.crt
10 10
 cert /etc/openvpn/%%VPNNAME%%/server.crt
11 11
 key /etc/openvpn/%%VPNNAME%%/server.key
@@ -17,11 +17,16 @@ cipher AES-256-CBC
17 17
 crl-verify /etc/openvpn/%%VPNNAME%%/easy-rsa/keys/crl.pem
18 18
 client-config-dir /etc/openvpn/%%VPNNAME%%/clientsconf
19 19
 
20
-# Reseau
20
+# Network
21 21
 server %%VPNIPRANGE%% 255.255.255.0
22 22
 keepalive 10 120
23 23
 
24
-# Securite
24
+# Uncomment this to redirect client internet traffic trough VPN
25
+# You'll also need to add iptables rules like
26
+# iptables -t nat -s %%internal_subnet%%/24 -A POSTROUTING -j SNAT --to %%out_ip%%
27
+#push "redirect-gateway def1 bypass-dhcp"
28
+
29
+# Security
25 30
 user www-data
26 31
 group ovpn-manager
27 32
 persist-key
@@ -32,4 +37,4 @@ comp-lzo
32 37
 verb 1
33 38
 mute 20
34 39
 status /var/vpn/status-%%VPNNAME%%
35
-#log-append /var/log/openvpn-%%VPNNAME%%.log
40
+log-append /var/log/openvpn-%%VPNNAME%%.log

sampleconfdir/clients/client.conf → vpngen/default/clients/client.conf View File


sampleconfdir/easy-rsa/Makefile → vpngen/default/easy-rsa/Makefile View File


sampleconfdir/easy-rsa/README.gz → vpngen/default/easy-rsa/README.gz View File


sampleconfdir/easy-rsa/build-ca → vpngen/default/easy-rsa/build-ca View File


sampleconfdir/easy-rsa/build-dh → vpngen/default/easy-rsa/build-dh View File


sampleconfdir/easy-rsa/build-inter → vpngen/default/easy-rsa/build-inter View File


sampleconfdir/easy-rsa/build-key → vpngen/default/easy-rsa/build-key View File


sampleconfdir/easy-rsa/build-key-pass → vpngen/default/easy-rsa/build-key-pass View File


sampleconfdir/easy-rsa/build-key-pkcs12 → vpngen/default/easy-rsa/build-key-pkcs12 View File


sampleconfdir/easy-rsa/build-key-server → vpngen/default/easy-rsa/build-key-server View File


sampleconfdir/easy-rsa/build-req → vpngen/default/easy-rsa/build-req View File


sampleconfdir/easy-rsa/build-req-pass → vpngen/default/easy-rsa/build-req-pass View File


sampleconfdir/easy-rsa/clean-all → vpngen/default/easy-rsa/clean-all View File


sampleconfdir/easy-rsa/inherit-inter → vpngen/default/easy-rsa/inherit-inter View File


sampleconfdir/easy-rsa/keys/crl.pem → vpngen/default/easy-rsa/keys/crl.pem View File


sampleconfdir/easy-rsa/keys/index.txt → vpngen/default/easy-rsa/keys/index.txt View File


sampleconfdir/easy-rsa/keys/revoke-test.pem → vpngen/default/easy-rsa/keys/revoke-test.pem View File


sampleconfdir/easy-rsa/keys/serial → vpngen/default/easy-rsa/keys/serial View File


sampleconfdir/easy-rsa/list-crl → vpngen/default/easy-rsa/list-crl View File


sampleconfdir/easy-rsa/openssl-0.9.6.cnf.gz → vpngen/default/easy-rsa/openssl-0.9.6.cnf.gz View File


sampleconfdir/easy-rsa/openssl.cnf → vpngen/default/easy-rsa/openssl.cnf View File


sampleconfdir/easy-rsa/pkitool → vpngen/default/easy-rsa/pkitool View File


sampleconfdir/easy-rsa/revoke-full → vpngen/default/easy-rsa/revoke-full View File


sampleconfdir/easy-rsa/sign-req → vpngen/default/easy-rsa/sign-req View File


sampleconfdir/easy-rsa/vars → vpngen/default/easy-rsa/vars View File


sampleconfdir/easy-rsa/whichopensslcnf → vpngen/default/easy-rsa/whichopensslcnf View File


+ 8
- 0
vpngen/vpngen.json View File

@@ -0,0 +1,8 @@
1
+{
2
+  "vpnPrefix": "vpn_",
3
+  "vpnSuffix": "",
4
+  "clientPrefix": "",
5
+  "clientSuffix": "",
6
+
7
+  "defaultConfigPath": "/etc/vpngen/default"
8
+}

Loading…
Cancel
Save