iankelling.org
/
git
/
vpn-setup
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
dacf50e
)
add option, improve error handling
author
Ian Kelling
<iank@fsf.org>
Sun, 11 Oct 2020 12:59:39 +0000
(08:59 -0400)
committer
Ian Kelling
<iank@fsf.org>
Sun, 11 Oct 2020 12:59:39 +0000
(08:59 -0400)
client-cert-helper
patch
|
blob
|
history
vpn-mk-client-cert
patch
|
blob
|
history
diff --git
a/client-cert-helper
b/client-cert-helper
index 40078aad9562c5a84ac0f6e6f422e2fcca7dee5d..d5bdcdce2aee363eaaf9dc2f19647873c95a7d5b 100755
(executable)
--- a/
client-cert-helper
+++ b/
client-cert-helper
@@
-6,13
+6,18
@@
set -eE -o pipefail
rm -f /tmp/vpn-mk-client-cert.log
exec 2>/tmp/vpn-mk-client-cert.log
rm -f /tmp/vpn-mk-client-cert.log
exec 2>/tmp/vpn-mk-client-cert.log
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
date >&2
date >&2
+set -x
name=$1
common_name=$2
name=$1
common_name=$2
-echo common_name=$common_name >&2
-
server_dir=/etc/openvpn
if [[ -e /etc/openvpn/server ]]; then
server_dir=/etc/openvpn/server
server_dir=/etc/openvpn
if [[ -e /etc/openvpn/server ]]; then
server_dir=/etc/openvpn/server
@@
-37,7
+42,7
@@
fi
### end section roughly copied from vpn-server-setup
if [[ ! -e $cafile ]]; then
### end section roughly copied from vpn-server-setup
if [[ ! -e $cafile ]]; then
- echo error: no cafile found at $cafile >
/tmp/errors
+ echo error: no cafile found at $cafile >
&2
exit 1
fi
exit 1
fi
diff --git
a/vpn-mk-client-cert
b/vpn-mk-client-cert
index baecdf1cf30b5ee5539b8829db9e4cd4aa7e9705..78db36ee58ef52e3149897c32926c3cd79c2f41f 100755
(executable)
--- a/
vpn-mk-client-cert
+++ b/
vpn-mk-client-cert
@@
-37,6
+37,7
@@
usage: ${0##*/} VPN_SERVER_HOST
-c CLIENT_HOST Default is localhost. Else we ssh to root@CLIENT_HOST.
-n CONFIG_NAME default is client
-c CLIENT_HOST Default is localhost. Else we ssh to root@CLIENT_HOST.
-n CONFIG_NAME default is client
+-o SERVER_CONFIG_NAME Default is CONFIG_NAME
-s SCRIPT_PATH Use custom up/down script at SCRIPT_PATH. copied to same path
on client, if client is not localhost.
-s SCRIPT_PATH Use custom up/down script at SCRIPT_PATH. copied to same path
on client, if client is not localhost.
@@
-67,13
+68,14
@@
custom_script=false
script=/etc/openvpn/update-resolv-conf
client_host=$CLIENT_HOST
script=/etc/openvpn/update-resolv-conf
client_host=$CLIENT_HOST
-temp=$(getopt -l help hb:c:n:s: "$@") || usage 1
+temp=$(getopt -l help hb:c:n:
o:
s: "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
-b) common_name="$2"; shift 2 ;;
-c) client_host=$2; shell="ssh root@$client_host"; shift 2 ;;
-n) name="$2"; shift 2 ;;
eval set -- "$temp"
while true; do
case $1 in
-b) common_name="$2"; shift 2 ;;
-c) client_host=$2; shell="ssh root@$client_host"; shift 2 ;;
-n) name="$2"; shift 2 ;;
+ -o) server_name="$2"; shift 2 ;;
-s) custom_script=true; script="$2"; shift 2 ;;
-h|--help) usage ;;
--) shift; break ;;
-s) custom_script=true; script="$2"; shift 2 ;;
-h|--help) usage ;;
--) shift; break ;;
@@
-81,6
+83,10
@@
while true; do
esac
done
esac
done
+if [[ ! $server_name ]]; then
+ server_name="$name"
+fi
+
if [[ ! $common_name ]]; then
if [[ $client_host ]]; then
common_name=$client_host
if [[ ! $common_name ]]; then
if [[ $client_host ]]; then
common_name=$client_host
@@
-96,10
+102,11
@@
host=$1
# bash or else we get motd spam. note sleep 2, sleep 1 failed.
$shell '[[ -e /etc/openvpn ]] || apt install openvpn'
# bash or else we get motd spam. note sleep 2, sleep 1 failed.
$shell '[[ -e /etc/openvpn ]] || apt install openvpn'
-if ! ssh root@$host bash -s -- $name $common_name < client-cert-helper \
+if ! ssh root@$host bash -s -- $
server_
name $common_name < client-cert-helper \
| $shell 'id -u | grep -xF 0 || s=sudo; $s tar xzv -C /etc/openvpn/client'; then
echo ssh root@$host cat /tmp/vpn-mk-client-cert.log:
ssh root@$host cat /tmp/vpn-mk-client-cert.log
| $shell 'id -u | grep -xF 0 || s=sudo; $s tar xzv -C /etc/openvpn/client'; then
echo ssh root@$host cat /tmp/vpn-mk-client-cert.log:
ssh root@$host cat /tmp/vpn-mk-client-cert.log
+ echo EOF for root@$host:/tmp/vpn-mk-client-cert.log
exit 1
fi
exit 1
fi