diff options
| author | Michal Hrusecky <michal.hrusecky@turris.com> | 2020-11-16 14:34:19 +0100 |
|---|---|---|
| committer | Michal Hrusecky <michal.hrusecky@turris.com> | 2020-12-11 17:07:53 +0100 |
| commit | 0830dfa41c490252b6630f8e7627d634a2e6ed00 (patch) | |
| tree | 11f173f39904f0f6ab92e486502ece1418cd8211 /net/openvpn/files | |
| parent | 3292d24cfe1d5c3afcd1c0e0eb86f6f8d2dddfe4 (diff) | |
openvpn: Support username and password options
Some VPN providers require username and password for client to connect.
This commit adds an option to specify username, password and
cert_password directly in uci config which then gets expanded during
start of openpvn client.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Diffstat (limited to 'net/openvpn/files')
| -rw-r--r-- | net/openvpn/files/openvpn.config | 7 | ||||
| -rw-r--r-- | net/openvpn/files/openvpn.init | 39 |
2 files changed, 43 insertions, 3 deletions
diff --git a/net/openvpn/files/openvpn.config b/net/openvpn/files/openvpn.config index 09d504da2..57fb385d7 100644 --- a/net/openvpn/files/openvpn.config +++ b/net/openvpn/files/openvpn.config @@ -9,6 +9,13 @@ config openvpn custom_config # Set to 1 to enable this instance: option enabled 0 + # Credentials to login + #option username 'login' + #option password 'password' + + # Password for client certificate + #option cert_password 'cert_password' + # Include OpenVPN configuration option config /etc/openvpn/my-vpn.conf diff --git a/net/openvpn/files/openvpn.init b/net/openvpn/files/openvpn.init index 487a2269e..fba9b3c2c 100644 --- a/net/openvpn/files/openvpn.init +++ b/net/openvpn/files/openvpn.init @@ -69,6 +69,14 @@ section_enabled() { [ $enable -gt 0 ] || [ $enabled -gt 0 ] } +create_temp_file() { + mkdir -p "$(dirname "$1")" + rm -f "$1" + touch "$1" + chown root "$1" + chmod 0600 "$1" +} + openvpn_get_dev() { local dev dev_type local name="$1" @@ -103,6 +111,31 @@ openvpn_get_dev() { echo "--dev-type $dev_type --dev $dev" } +openvpn_get_credentials() { + local name="$1" + local ret="" + + config_get cert_password "$name" cert_password + config_get password "$name" password + config_get username "$name" username + + if [ -n "$cert_password" ]; then + create_temp_file /var/run/openvpn.$name.pass + echo "$cert_password" > /var/run/openvpn.$name.pass + ret=" --askpass /var/run/openvpn.$name.pass " + fi + + if [ -n "$username" ]; then + create_temp_file /var/run/openvpn.$name.userpass + echo "$username" > /var/run/openvpn.$name.userpass + echo "$password" >> /var/run/openvpn.$name.userpass + ret=" --auth-user-pass /var/run/openvpn.$name.userpass " + fi + + # Return overrides + echo "$ret" +} + openvpn_add_instance() { local name="$1" local dir="$2" @@ -118,7 +151,8 @@ openvpn_add_instance() { --up "/usr/libexec/openvpn-hotplug up $name" \ --down "/usr/libexec/openvpn-hotplug down $name" \ --script-security "${security:-2}" \ - $(openvpn_get_dev "$name" "$conf") + $(openvpn_get_dev "$name" "$conf") \ + $(openvpn_get_credentials "$name" "$conf") procd_set_param file "$dir/$conf" procd_set_param term_timeout 15 procd_set_param respawn @@ -150,8 +184,7 @@ start_instance() { return fi - [ ! -d "/var/etc" ] && mkdir -p "/var/etc" - [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf" + create_temp_file "/var/etc/openvpn-$s.conf" append_bools "$s" $OPENVPN_BOOLS append_params "$s" $OPENVPN_PARAMS |