Sfoglia il codice sorgente

rm old scripts; fixed client var not replaced

master
Robin Thoni 8 anni fa
parent
commit
cefdbccd07
5 ha cambiato i file con 17 aggiunte e 156 eliminazioni
  1. 1
    1
      TODO
  2. 0
    56
      mkclient
  3. 0
    62
      mkvpn
  4. 0
    35
      rmclient
  5. 16
    2
      vpngen.py

+ 1
- 1
TODO Vedi File

@@ -1,3 +1,3 @@
1 1
 Remove client
2 2
 
3
-Check if client has benn revoked
3
+Check if client has been revoked

+ 0
- 56
mkclient Vedi File

@@ -1,56 +0,0 @@
1
-#!/bin/bash
2
-if [ $# -ne 3 ]
3
-then
4
-    echo "Usage: mkclient clientname vpn" 1>&2
5
-    exit 1
6
-fi
7
-
8
-vpn="${2}"
9
-clientname="${1}-${vpn}"
10
-vpn="vpn_${vpn}"
11
-if [ ! -d "/etc/openvpn/${vpn}" ]
12
-then
13
-    echo "VPN does not exists" 1>&2
14
-    exit 2
15
-fi
16
-if [ $(echo "${clientname}" | grep -c -E "^[a-zA-Z0-9\._\-]+$") != 1 ]
17
-then
18
-    echo "Invalid client name"
19
-    exit 3
20
-fi
21
-cd "/etc/openvpn/${vpn}/easy-rsa/keys"
22
-clientsdir="/etc/openvpn/${vpn}/clients/"
23
-clientdir="$clientsdir${clientname}/"
24
-clientslinkdir="/var/vpn/${vpn}/"
25
-if [ -a "${clientname}.crt" ] || [ -a "${clientname}.csr" ] || [ -a "${clientname}.key" ] || [ -d $clientdir ]
26
-then
27
-    echo "Client ${clientname} already exists or is revoked"
28
-    exit 4
29
-fi
30
-
31
-cd ..
32
-source ./vars
33
-KEY_CN="${clientname}" KEY_NAME="${clientname}" ./pkitool ${clientname}
34
-ret=$?
35
-if [ $ret != 0 ]
36
-then
37
-    echo "pkitool exited with code $ret"
38
-    exit 5
39
-fi
40
-cd keys
41
-echo "Copying generated files"
42
-mkdir -p $clientdir
43
-cp "${clientname}.crt" "$clientdir/${clientname}-${vpn}.crt"
44
-cp "${clientname}.key" "$clientdir/${clientname}-${vpn}.key"
45
-echo "Copying ca and ta"
46
-cd "/etc/openvpn/${vpn}"
47
-cp ca.crt "$clientdir/ca-${vpn}.crt"
48
-cp ta.key "$clientdir/ta-${vpn}.key"
49
-echo "Creating client-${vpn}.conf"
50
-cd $clientsdir
51
-
52
-sed "s/%%client%%/${clientname}/g" client.conf > "$clientdir/${clientname}.conf"
53
-echo "Creating ${clientname}.tar.bz2"
54
-tar cfj "${clientname}.tar.bz2" "${clientname}/"*
55
-echo "mkclient completed"
56
-exit 0

+ 0
- 62
mkvpn Vedi File

@@ -1,62 +0,0 @@
1
-#! /usr/bin/env sh
2
-if [ $# -ne 1 ]
3
-then
4
-    echo "Usage: $0 vpnname" 1>&2
5
-    exit 1
6
-fi
7
-
8
-vpn="vpn_$1"
9
-ovpndir="/etc/openvpn"
10
-ovpndirconf="${ovpndir}/${vpn}"
11
-webdir="/var/vpn/${vpn}"
12
-if [ -d "${ovpndirconf}" ] || [ -d "${webdir}" ]
13
-then
14
-    echo "VPN already exists" 1>&2
15
-    exit 2
16
-fi
17
-echo "Creating OpenVPN configuration"
18
-cd "${ovpndir}"
19
-echo -n "VPN port: "
20
-read vpnport
21
-echo -n "VPN IP range: "
22
-read vpniprange
23
-sed "s/%%VPNNAME%%/${vpn}/g" sampleconf > "${vpn}.conf"
24
-sed "s/%%VPNPORT%%/${vpnport}/g" -i "${vpn}.conf"
25
-sed "s/%%VPNIPRANGE%%/${vpniprange}/g" -i "${vpn}.conf"
26
-cp -r sampleconfdir "${ovpndirconf}"
27
-cd "${ovpndirconf}"
28
-sed "s/%%VPNNAME%%/${vpn}/g" -i clients/client.conf
29
-sed "s/%%VPNPORT%%/${vpnport}/g" -i clients/client.conf
30
-cd "easy-rsa"
31
-editor vars
32
-. ./vars
33
-export KEY_OU="${KEY_ORG}"
34
-export KEY_CN="${KEY_ORG}"
35
-export KEY_NAME="${KEY_ORG}"
36
-./clean-all
37
-./build-ca
38
-./build-key-server server
39
-./build-dh
40
-openssl ca -gencrl -keyfile keys/ca.key -cert keys/ca.crt -out keys/crl.pem -config openssl.cnf
41
-unset KEY_OU
42
-unset KEY_CN
43
-unset KEY_NAME
44
-chmod 710 keys
45
-cd keys
46
-openvpn --genkey --secret ta.key
47
-cp dh*.pem ../../
48
-cp ca.crt ../../
49
-cp ta.key ../../
50
-cp server.crt ../../
51
-cp server.key ../../
52
-cd "${ovpndir}"
53
-chown -R root:ovpn-manager "${vpn}" "${vpn}.conf"
54
-
55
-echo "Creating web configuration"
56
-mkdir "${webdir}"
57
-cd "${webdir}"
58
-echo "AuthUserFile ${webdir}/.htpasswd" >> .htaccess
59
-echo "AuthType Basic" >> .htaccess
60
-echo "AuthName \"${vpn}\"" >> .htaccess
61
-echo "Require user ovpn-root" >> .htaccess
62
-cp ../.htpasswd .

+ 0
- 35
rmclient Vedi File

@@ -1,35 +0,0 @@
1
-#!/bin/bash
2
-if [ $# != 1 ]
3
-then
4
-	echo "Usage: rmclient clientname"
5
-	exit 1
6
-else
7
-	cd /etc/openvpn/easy-rsa/2.0/keys
8
-	clientsdir="/etc/openvpn/clients/"
9
-	clientdir="$clientsdir$1/"
10
-	clientsrmdir="/etc/openvpn/rmclients/"
11
-	clientslinkdir="/var/vpn/clients/"
12
-	if ! [ -a "$1.crt" ] && ! [ -a "$1.csr" ] && ! [ -a "$1.key" ] && ! [ -a $clientslinkdir"$1.tar.bz2" ] && ! [ -d $clientdir ]
13
-	then
14
-		echo "Client $1 does not exist"
15
-		exit 2
16
-	fi
17
-
18
-	cd ..
19
-	source ./vars
20
-	./revoke-full "$1"
21
-	cd keys
22
-	mkdir -p $clientsrmdir
23
-
24
-	if [ -d $clientdir ]
25
-	then
26
-		mv $clientdir $clientsrmdir
27
-	else
28
-		echo "Client dir does not exist"
29
-	fi
30
-
31
-	htpasswd -D $clientslinkdir'.htpasswd' $1
32
-
33
-	echo "rmclient completed"
34
-	exit 0
35
-fi

+ 16
- 2
vpngen.py Vedi File

@@ -147,8 +147,6 @@ class VpnGen:
147 147
         return clients
148 148
 
149 149
     def setup_vars(self, vpn_name, variables):
150
-        easyrsadir = self.get_easy_rsa_dir(vpn_name)
151
-
152 150
         os.environ["KEY_COUNTRY"] = variables['KEY_COUNTRY']
153 151
         os.environ["KEY_PROVINCE"] = variables['KEY_PROVINCE']
154 152
         os.environ["KEY_CITY"] = variables['KEY_CITY']
@@ -161,6 +159,10 @@ class VpnGen:
161 159
         os.environ["CA_EXPIRE"] = variables['CA_EXPIRE']
162 160
         os.environ["KEY_EXPIRE"] = variables['KEY_EXPIRE']
163 161
 
162
+        self.setup_vars_openssl(vpn_name)
163
+
164
+    def setup_vars_openssl(self, vpn_name):
165
+        easyrsadir = self.get_easy_rsa_dir(vpn_name)
164 166
         os.environ["EASY_RSA"] = easyrsadir
165 167
         os.environ["OPENSSL"] = "openssl"
166 168
         os.environ["PKCS11TOOL"] = "pkcs11-tool"
@@ -262,9 +264,21 @@ class VpnGen:
262 264
         client_dir = self.get_client_dir(vpn_name, client_name)
263 265
         if not os.path.exists(client_dir):
264 266
             return VpnGenError.ClientDoesNotExists
267
+
268
+        self.setup_vars_openssl(vpn_name)
269
+
270
+        curdir = os.curdir
271
+        easyrsadir = self.get_easy_rsa_dir(vpn_name)
272
+        os.chdir(easyrsadir)
273
+
274
+        call(["./revoke-full", client_name])
275
+
276
+        os.chdir(curdir)
277
+
265 278
         return VpnGenError.Success
266 279
 
267 280
     def rebuild_client(self, vpn_name, client_name, variables):
281
+        variables["client"] = client_name
268 282
         client_dir = self.get_client_dir(vpn_name, client_name)
269 283
         client_conf_file = self.get_client_config_path(vpn_name, client_name)
270 284
         client_default_config_path = self.get_client_default_config_path(vpn_name)

Loading…
Annulla
Salva