robin.thoni
/
vpngen
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
vpngen/vpngen-cli.py

vpngen-cli.py 17KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447 
  1. #! /usr/bin/env python3

  2. 

  3. from __future__ import print_function

  4. import argparse

  5. import json

  6. import os

  7. import sys

  8. import glob

  9. import json

  10. import os

  11. import os.path

  12. import re

  13. import shutil

  14. from enum import Enum

  15. from subprocess import call

  16. 

  17. 

  18. class VpnGenError(Enum):

  19.     Success = 0,

  20.     VpnAlreadyExists = 1,

  21.     VpnDoesNotExists = 2,

  22.     ClientAlreadyExists = 3,

  23.     ClientDoesNotExists = 4

  24. 

  25. 

  26. class VpnGen:

  27.     default_config_base_dir = ""

  28.     default_config_file = ""

  29.     default_client_config_file = ""

  30.     ovpn_config_path = ""

  31. 

  32.     def __init__(self, default_config_path, ovpn_config_path):

  33.         self.default_config_base_dir = os.path.abspath(default_config_path)

  34.         self.default_config_file = "%s.conf" % self.default_config_base_dir

  35.         self.default_client_config_file = "%s%sclients%sclient.conf" % (self.default_config_base_dir, os.sep, os.sep)

  36.         self.ovpn_config_path = os.path.abspath(ovpn_config_path)

  37. 

  38.     def f7(self, seq):

  39.         seen = set()

  40.         seen_add = seen.add

  41.         return [x for x in seq if not (x in seen or seen_add(x))]

  42. 

  43.     def get_vpn_vars(self):

  44.         with open(self.default_config_file, "r") as f:

  45.             default_config = f.read()

  46. 

  47.         variables = re.findall('\$\{([^}]+)}', default_config)

  48.         variables += ["KEY_COUNTRY", "KEY_PROVINCE", "KEY_CITY", "KEY_ORG", "KEY_EMAIL"]

  49.         variables = self.f7(variables)

  50. 

  51.         return variables

  52. 

  53.     def get_client_vars(self, vpn_name):

  54.         default_client_config_path = self.get_client_default_config_path(vpn_name)

  55.         if not os.path.exists(default_client_config_path):

  56.             return None

  57. 

  58.         with open(default_client_config_path, "r") as f:

  59.             default_config = f.read()

  60.         variables = re.findall('\$\{([^}]+)}', default_config)

  61.         variables = self.f7(variables)

  62. 

  63.         vpn_variables = self.get_vpn_vars()

  64.         real_variables = []

  65. 

  66.         for var in variables:

  67.             if var not in vpn_variables and var != "client":

  68.                 real_variables.append(var)

  69. 

  70.         return real_variables

  71. 

  72.     def get_base_dir(self, vpn_name):

  73.         return "%s%s%s%s" % (self.ovpn_config_path, os.sep, vpn_name, os.sep)

  74. 

  75.     def get_config_path(self, vpn_name):

  76.         return "%s%s%s.conf" % (self.ovpn_config_path, os.sep, vpn_name)

  77. 

  78.     def get_vpn_variables_path(self, vpn_name):

  79.         base_dir = self.get_base_dir(vpn_name)

  80.         return "%svpngen.json" % base_dir

  81. 

  82.     def get_easy_rsa_dir(self, vpn_name):

  83.         base_dir = self.get_base_dir(vpn_name)

  84.         return "%seasy-rsa%s" % (base_dir, os.sep)

  85. 

  86.     def get_easy_rsa_key_dir(self, vpn_name):

  87.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  88.         return "%skeys%s" % (easyrsadir, os.sep)

  89. 

  90.     def get_pkitool_path(self, vpn_name):

  91.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  92.         return "%spkitool" % easyrsadir

  93. 

  94.     def get_client_default_config_path(self, vpn_name):

  95.         base_dir = self.get_base_dir(vpn_name)

  96.         return "%s%sclients%sclient.conf" % (base_dir, os.sep, os.sep)

  97. 

  98.     def get_client_dir(self, vpn_name, client_name):

  99.         base_dir = self.get_base_dir(vpn_name)

  100.         return "%sclients%s%s-%s%s" % (base_dir, os.sep, client_name, vpn_name, os.sep)

  101. 

  102.     def get_client_config_path(self, vpn_name, client_name):

  103.         client_dir = self.get_client_dir(vpn_name, client_name)

  104.         return "%s%s-%s.conf" % (client_dir, client_name, vpn_name)

  105. 

  106.     def get_client_variables_path(self, vpn_name, client_name):

  107.         client_dir = self.get_client_dir(vpn_name, client_name)

  108.         return "%svpngen.json" % client_dir

  109. 

  110.     def get_client_generated_files_paths(self, vpn_name, client_name):

  111.         keys_dir = self.get_easy_rsa_key_dir(vpn_name,)

  112.         return [

  113.             "%s%s.crt" % (keys_dir, client_name),

  114.             "%s%s.key" % (keys_dir, client_name)

  115.         ]

  116. 

  117.     def get_client_tarball_path(self, vpn_name, client_name):

  118.         base_dir = self.get_base_dir(vpn_name)

  119.         return "%sclients%s%s-%s.tar.bz2" % (base_dir, os.sep, client_name, vpn_name)

  120. 

  121.     def get_server_needed_files_paths(self, vpn_name):

  122.         keys_dir = self.get_easy_rsa_key_dir(vpn_name)

  123.         return [

  124.             "%sca.crt" % keys_dir,

  125.             "%sta.key" % keys_dir

  126.         ]

  127. 

  128.     def get_client_misc_files_paths(self, vpn_name):

  129.         base_dir = self.get_base_dir(vpn_name)

  130.         return glob.glob("%smisc-files%s*" % (base_dir, os.sep))

  131. 

  132.     def get_all_needed_files_paths(self, vpn_name, client_name):

  133.         return self.get_client_generated_files_paths(vpn_name, client_name) +\

  134.                self.get_server_needed_files_paths(vpn_name) +\

  135.                self.get_client_misc_files_paths(vpn_name)

  136. 

  137.     def get_server_variables(self, vpn_name):

  138.         with open(self.get_vpn_variables_path(vpn_name), "r") as f:

  139.             return json.load(f)['variables']

  140. 

  141.     def get_client_variables(self, vpn_name, client_name):

  142.         with open(self.get_client_variables_path(vpn_name, client_name), "r") as f:

  143.             return json.load(f)['variables']

  144. 

  145.     def get_client_list(self, vpn_name):

  146.         base_dir = self.get_base_dir(vpn_name)

  147.         files_paths = glob.glob("%sclients%s*" % (base_dir, os.sep))

  148.         files_names = list(map(lambda file_path: os.path.basename(file_path), files_paths))

  149. 

  150.         clients = []

  151.         for file_name in files_names:

  152.             if file_name != 'client.conf' and not file_name.endswith(".tar.bz2"):

  153.                 clients.append(file_name[0:len(file_name) - len(vpn_name) - 1])

  154.         return clients

  155. 

  156.     def setup_vars(self, vpn_name, variables):

  157.         os.environ["KEY_COUNTRY"] = variables['KEY_COUNTRY']

  158.         os.environ["KEY_PROVINCE"] = variables['KEY_PROVINCE']

  159.         os.environ["KEY_CITY"] = variables['KEY_CITY']

  160.         os.environ["KEY_ORG"] = variables['KEY_ORG']

  161.         os.environ["KEY_OU"] = variables['KEY_ORG']

  162.         os.environ["KEY_CN"] = variables['KEY_ORG']

  163.         os.environ["KEY_NAME"] = variables['KEY_ORG']

  164.         os.environ["KEY_EMAIL"] = variables['KEY_EMAIL']

  165.         os.environ["KEY_SIZE"] = variables['KEY_SIZE']

  166.         os.environ["CA_EXPIRE"] = variables['CA_EXPIRE']

  167.         os.environ["KEY_EXPIRE"] = variables['KEY_EXPIRE']

  168. 

  169.         self.setup_vars_openssl(vpn_name)

  170. 

  171.     def setup_vars_openssl(self, vpn_name):

  172.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  173.         os.environ["EASY_RSA"] = easyrsadir

  174.         os.environ["OPENSSL"] = "openssl"

  175.         os.environ["PKCS11TOOL"] = "pkcs11-tool"

  176.         os.environ["GREP"] = "grep"

  177.         os.environ["KEY_CONFIG"] = "%s%s" % (easyrsadir, "openssl.cnf")

  178.         os.environ["KEY_DIR"] = "%s%s" % (easyrsadir, "keys")

  179.         os.environ["PKCS11_MODULE_PATH"] = "dummy"

  180.         os.environ["PKCS11_PIN"] = "dummy"

  181. 

  182.     def create_vpn(self, vpn_name, variables):

  183.         base_dir = self.get_base_dir(vpn_name)

  184.         conf_file = self.get_config_path(vpn_name)

  185.         conf_vpngen_file = self.get_vpn_variables_path(vpn_name)

  186.         if os.path.exists(base_dir) or os.path.exists(conf_file):

  187.             return VpnGenError.VpnAlreadyExists

  188. 

  189.         with open(self.default_config_file, "r") as f:

  190.             default_config = f.read()

  191. 

  192.         variables['name'] = vpn_name

  193.         for variable in variables:

  194.             default_config = default_config.replace("${%s}" % variable, variables[variable])

  195. 

  196.         os.makedirs(base_dir)

  197.         with open(conf_file, "w") as f:

  198.             f.write(default_config)

  199. 

  200.         os.rmdir(base_dir)

  201.         shutil.copytree(self.default_config_base_dir, base_dir)

  202. 

  203.         curdir = os.curdir

  204.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  205.         pkitool = self.get_pkitool_path(vpn_name)

  206.         os.chdir(easyrsadir)

  207. 

  208.         self.setup_vars(vpn_name, variables)

  209. 

  210.         call([".%sclean-all" % os.sep])

  211.         call([pkitool, "--initca", "-batch"])

  212.         call([pkitool, "--server", "server", "-batch"])

  213.         call([".%sbuild-dh" % os.sep])

  214.         call(["openssl", "ca", "-gencrl",

  215.               "-keyfile", "keys%sca.key" % os.sep,

  216.               "-cert", "keys%sca.crt" % os.sep,

  217.               "-out", "keys%scrl.pem" % os.sep,

  218.               "-config", "openssl.cnf"])

  219. 

  220.         del os.environ["KEY_OU"]

  221.         del os.environ["KEY_CN"]

  222.         del os.environ["KEY_NAME"]

  223. 

  224.         call(["openvpn", "--genkey", "--secret", "keys%sta.key" % os.sep])

  225. 

  226.         with open(conf_vpngen_file, "w") as f:

  227.             json.dump({'variables': variables}, f, indent=4, separators=(',', ': '))

  228. 

  229.         os.chdir(curdir)

  230. 

  231.         return VpnGenError.Success

  232. 

  233.     def remove_vpn(self, vpn_name):

  234.         base_dir = self.get_base_dir(vpn_name)

  235.         conf_file = self.get_config_path(vpn_name)

  236.         if not os.path.exists(base_dir) and not os.path.exists(conf_file):

  237.             return VpnGenError.VpnDoesNotExists

  238.         os.remove(conf_file)

  239.         shutil.rmtree(base_dir)

  240.         return VpnGenError.Success

  241. 

  242.     def create_client(self, vpn_name, client_name, variables):

  243.         base_dir = self.get_base_dir(vpn_name)

  244.         if not os.path.exists(base_dir):

  245.             return VpnGenError.VpnDoesNotExists

  246.         client_dir = self.get_client_dir(vpn_name, client_name)

  247.         if os.path.exists(client_dir):

  248.             return VpnGenError.ClientAlreadyExists

  249. 

  250.         curdir = os.curdir

  251.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  252.         pkitool = self.get_pkitool_path(vpn_name)

  253.         os.chdir(easyrsadir)

  254. 

  255.         self.setup_vars(vpn_name, variables)

  256.         os.environ["KEY_CN"] = client_name

  257.         os.environ["KEY_NAME"] = client_name

  258. 

  259.         call([pkitool, client_name])

  260. 

  261.         os.chdir(curdir)

  262. 

  263.         os.makedirs(client_dir)

  264. 

  265.         return self.rebuild_client(vpn_name, client_name, variables)

  266. 

  267.     def remove_client(self, vpn_name, client_name):

  268.         base_dir = self.get_base_dir(vpn_name)

  269.         if not os.path.exists(base_dir):

  270.             return VpnGenError.VpnDoesNotExists

  271.         client_dir = self.get_client_dir(vpn_name, client_name)

  272.         if not os.path.exists(client_dir):

  273.             return VpnGenError.ClientDoesNotExists

  274. 

  275.         self.setup_vars_openssl(vpn_name)

  276. 

  277.         curdir = os.curdir

  278.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  279.         os.chdir(easyrsadir)

  280. 

  281.         call(["./revoke-full", client_name])

  282. 

  283.         os.chdir(curdir)

  284. 

  285.         return VpnGenError.Success

  286. 

  287.     def rebuild_client(self, vpn_name, client_name, variables):

  288.         variables["client"] = client_name

  289.         client_dir = self.get_client_dir(vpn_name, client_name)

  290.         client_conf_file = self.get_client_config_path(vpn_name, client_name)

  291.         client_default_config_path = self.get_client_default_config_path(vpn_name)

  292.         with open(client_default_config_path, "r") as f:

  293.             client_default_config = f.read()

  294. 

  295.         for variable in variables:

  296.             client_default_config = client_default_config.replace("${%s}" % variable, variables[variable])

  297. 

  298.         files_names = glob.glob("%s%s*" % (client_dir, os.sep))

  299.         for file_name in files_names:

  300.             os.remove(file_name)

  301. 

  302.         with open(client_conf_file, "w") as f:

  303.             f.write(client_default_config)

  304. 

  305.         files_paths = self.get_all_needed_files_paths(vpn_name, client_name)

  306.         for file_path in files_paths:

  307.             dest = "%s%s-%s-%s" % (client_dir, client_name, vpn_name, os.path.basename(file_path))

  308.             shutil.copy(file_path, dest)

  309. 

  310.         split = os.path.splitext(client_conf_file)

  311.         client_ovpn_file = "%s.ovpn" % split[0]

  312.         shutil.copy(client_conf_file, client_ovpn_file)

  313. 

  314.         files_names = glob.glob("%s%s*" % (client_dir, os.sep))

  315.         files_names = list(map(lambda file_path: os.path.basename(file_path), files_names))

  316. 

  317.         call(["tar", "cfj", self.get_client_tarball_path(vpn_name, client_name),

  318.               "-C", client_dir] + files_names)

  319. 

  320.         client_variables = {}

  321.         for variable in self.get_client_vars(vpn_name):

  322.             client_variables[variable] = variables[variable]

  323. 

  324.         with open(self.get_client_variables_path(vpn_name, client_name), "w") as f:

  325.             json.dump({'variables': client_variables}, f, indent=4, separators=(',', ': '))

  326. 

  327.         return VpnGenError.Success

  328. 

  329. 

  330. 

  331. def eprint(*args, **kwargs):

  332.     print(*args, file=sys.stderr, **kwargs)

  333. 

  334. 

  335. def create_variables(variables, defaults):

  336.     variables_set = defaults.copy()

  337.     for variable in variables:

  338.         if variable == 'name' or variable == 'client':

  339.             continue

  340.         default = variables_set[variable] if variable in variables_set else ''

  341.         print("Enter a value for '%s' [%s]: " % (variable, default), end='', flush=True)

  342.         value = sys.stdin.readline()[:-1]

  343.         if value != '' or variable not in variables_set:

  344.             variables_set[variable] = value

  345.     return variables_set

  346. 

  347. 

  348. def main():

  349.     parser = argparse.ArgumentParser(description='Manage OpenVPN VPNs')

  350.     parser.add_argument('--vpn', help='The VPN to use', required=True)

  351.     parser.add_argument('--config', dest='config', default='/etc/vpngen/vpngen.json', help='Configuration file path')

  352. 

  353.     parser.add_argument('--create', help='Create a VPN', action='store_true')

  354.     parser.add_argument('--remove', help='Remove a VPN', action='store_true')

  355.     parser.add_argument('--create-client', help='Create a client for the VPN', metavar='CLIENT')

  356.     parser.add_argument('--remove-client', help='Remove a client for the VPN', metavar='CLIENT')

  357.     parser.add_argument('--rebuild-client', help='Rebuild a client configuration', metavar='CLIENT')

  358.     parser.add_argument('--rebuild-clients', help='Rebuild clients configurations', action='store_true')

  359. 

  360.     args = parser.parse_args()

  361. 

  362.     with open(args.config, "r") as f:

  363.         config = json.load(f)

  364. 

  365.     vpn_name = config['vpnPrefix'] + args.vpn + config['vpnSuffix']

  366.     if args.create_client is not None:

  367.         client_name = args.create_client

  368.     elif args.remove_client is not None:

  369.         client_name = args.remove_client

  370.     elif args.rebuild_client is not None:

  371.         client_name = args.rebuild_client

  372.     else:

  373.         client_name = None

  374.     if client_name is not None:

  375.         client_name = config['clientPrefix'] + client_name + config['clientSuffix']

  376. 

  377.     vpng = VpnGen(config['defaultConfigPath'], config['ovpnConfigPath'])

  378. 

  379.     config_path = vpng.get_vpn_variables_path(vpn_name)

  380.     if os.path.exists(config_path):

  381.         with open(config_path, "r") as f:

  382.             data = json.load(f)

  383.         config['defaults'].update(data['variables'])

  384. 

  385.     if args.create:

  386.         default_variables = config['defaults'].copy()

  387.         variables = create_variables(vpng.get_vpn_vars(), default_variables)

  388.         res = vpng.create_vpn(vpn_name, variables)

  389.         if res == VpnGenError.Success:

  390.             print("VPN %s created successfully" % vpn_name)

  391.         else:

  392.             eprint("Failed to create VPN %s: %s" % (vpn_name, res))

  393.             exit(1)

  394.     elif args.remove:

  395.         res = vpng.remove_vpn(vpn_name)

  396.         if res == VpnGenError.Success:

  397.             print("VPN %s removed successfully" % vpn_name)

  398.         else:

  399.             eprint("Failed to remove VPN %s: %s" % (vpn_name, res))

  400.             exit(1)

  401.     elif args.create_client:

  402.         default_variables = config['defaults'].copy()

  403.         default_variables.update(vpng.get_server_variables(vpn_name))

  404.         variables = create_variables(vpng.get_client_vars(vpn_name), default_variables)

  405.         if variables is None:

  406.             res = VpnGenError.VpnDoesNotExists

  407.         else:

  408.             res = vpng.create_client(vpn_name, client_name, variables)

  409.         if res == VpnGenError.Success:

  410.             print("Client %s created successfully on VPN %s" % (client_name, vpn_name))

  411.         else:

  412.             eprint("Failed to create client %s on VPN %s: %s" % (client_name, vpn_name, res))

  413.             exit(1)

  414.     elif args.remove_client:

  415.         res = vpng.remove_client(vpn_name, client_name)

  416.         if res == VpnGenError.Success:

  417.             print("Client %s removed successfully on VPN %s" % (client_name, vpn_name))

  418.         else:

  419.             eprint("Failed to remove client %s on VPN %s: %s" % (client_name, vpn_name, res))

  420.             exit(1)

  421.     elif args.rebuild_client:

  422.         default_variables = config['defaults'].copy()

  423.         default_variables.update(vpng.get_server_variables(vpn_name))

  424.         default_variables.update(vpng.get_client_variables(vpn_name, client_name))

  425. 

  426.         res = vpng.rebuild_client(vpn_name, client_name, default_variables)

  427.         if res == VpnGenError.Success:

  428.             print("Client %s configuration rebuilt successfully on VPN %s" % (client_name, vpn_name))

  429.         else:

  430.             eprint("Failed to rebuild client %s configuration on VPN %s: %s" % (client_name, vpn_name, res))

  431.             exit(1)

  432.     elif args.rebuild_clients:

  433.         default_variables = config['defaults'].copy()

  434.         default_variables.update(vpng.get_server_variables(vpn_name))

  435. 

  436.         for client_name in vpng.get_client_list(vpn_name):

  437.             variables = default_variables.copy()

  438.             variables.update(vpng.get_client_variables(vpn_name, client_name))

  439.             res = vpng.rebuild_client(vpn_name, client_name, variables)

  440.             if res == VpnGenError.Success:

  441.                 print("Client %s configuration rebuilt successfully on VPN %s" % (client_name, vpn_name))

  442.             else:

  443.                 eprint("Failed to rebuild client %s configuration on VPN %s: %s" % (client_name, vpn_name, res))

  444.                 exit(1)

  445. 

  446. 

  447. main()