cfn-vpn 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +8 -0
- data/lib/cfnvpn.rb +4 -0
- data/lib/cfnvpn/embedded.rb +108 -0
- data/lib/cfnvpn/s3.rb +10 -0
- data/lib/cfnvpn/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f6be01a5786f8ea62be6d6b7f781ad1036b8edff08ba7d509707565fbeb5862
|
4
|
+
data.tar.gz: 9a9a2038b6c955871983649f1c2627c6c2eedf9a64cae20ceb04ba73c25a3616
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d0a839efc1e6d5826fc9b9edfcd3c608b0eb3a1f6b79df624de1be888b4d817a4c9c6994e9ea806e002998e0affa9cb5b0db1b25c04fa12677181e7d504fc958
|
7
|
+
data.tar.gz: 051bc8385ced35fafbcffa4b013cb8e4d962dafb74f88c1574df4684f37b64fd074dfa4bdcdba0edafa3bc3dee855bd83217a3c23a00f60be6c18dad6f728052
|
data/README.md
CHANGED
@@ -69,6 +69,7 @@ Commands:
|
|
69
69
|
cfn-vpn --version, -v # print the version
|
70
70
|
cfn-vpn client [name] --bucket=BUCKET --client-cn=CLIENT_CN # Create a new client certificate
|
71
71
|
cfn-vpn config [name] --bucket=BUCKET --client-cn=CLIENT_CN # Retrieve the config for the AWS Client VPN
|
72
|
+
cfn-vpn embedded [name] --bucket=BUCKET --client-cn=CLIENT_CN # Embed client certs into config and generate S3 presigned URL
|
72
73
|
cfn-vpn help [COMMAND] # Describe available commands or one specific command
|
73
74
|
cfn-vpn init [name] --bucket=BUCKET --server-cn=SERVER_CN --subnet-id=SUBNET_ID # Create a AWS Client VPN
|
74
75
|
cfn-vpn modify [name] # Modify your AWS Client VPN
|
@@ -225,6 +226,13 @@ to delete a route specify the `--del` flag with the cidr you want to delete.
|
|
225
226
|
`cfn-vpn routes myvpn --del 10.10.0.0/16`
|
226
227
|
|
227
228
|
|
229
|
+
### Embed client certificates into config file and share
|
230
|
+
|
231
|
+
This will pull the clients certificate and key archives from S3 and embed them into the config file, upload it back to S3 and generate a presigned URL for the user.
|
232
|
+
This allows the you to download or share a single, ready to import config file into a OpenVPN client.
|
233
|
+
|
234
|
+
`cfn-vpn embedded myvpn --client-cn user1 --bucket mybucket`
|
235
|
+
|
228
236
|
## Contributing
|
229
237
|
|
230
238
|
Bug reports and pull requests are welcome on GitHub at https://github.com/base2services/aws-client-vpn.
|
data/lib/cfnvpn.rb
CHANGED
@@ -8,6 +8,7 @@ require 'cfnvpn/revoke'
|
|
8
8
|
require 'cfnvpn/sessions'
|
9
9
|
require 'cfnvpn/routes'
|
10
10
|
require 'cfnvpn/share'
|
11
|
+
require 'cfnvpn/embedded'
|
11
12
|
|
12
13
|
module CfnVpn
|
13
14
|
class Cli < Thor
|
@@ -42,5 +43,8 @@ module CfnVpn
|
|
42
43
|
register CfnVpn::Share, 'share', 'share [name]', 'Provide a user with a s3 signed download for certificates and config'
|
43
44
|
tasks["share"].options = CfnVpn::Share.class_options
|
44
45
|
|
46
|
+
register CfnVpn::Embedded, 'embedded', 'embedded [name]', 'Embed client certs into config and generate S3 presigned URL'
|
47
|
+
tasks["embedded"].options = CfnVpn::Embedded.class_options
|
48
|
+
|
45
49
|
end
|
46
50
|
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
require 'cfnvpn/log'
|
2
|
+
require 'cfnvpn/s3'
|
3
|
+
|
4
|
+
module CfnVpn
|
5
|
+
class Embedded < Thor::Group
|
6
|
+
include Thor::Actions
|
7
|
+
include CfnVpn::Log
|
8
|
+
|
9
|
+
argument :name
|
10
|
+
|
11
|
+
class_option :profile, desc: 'AWS Profile'
|
12
|
+
class_option :region, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
13
|
+
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
14
|
+
|
15
|
+
class_option :bucket, required: true, desc: 'S3 bucket'
|
16
|
+
class_option :client_cn, required: true, desc: 'Client certificates to download'
|
17
|
+
class_option :ignore_routes, alias: :i, type: :boolean, desc: 'Ignore client VPN pushed routes and set routes in config file'
|
18
|
+
|
19
|
+
def self.source_root
|
20
|
+
File.dirname(__FILE__)
|
21
|
+
end
|
22
|
+
|
23
|
+
def set_loglevel
|
24
|
+
Log.logger.level = Logger::DEBUG if @options['verbose']
|
25
|
+
end
|
26
|
+
|
27
|
+
def create_config_directory
|
28
|
+
@build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
|
29
|
+
@config_dir = "#{@build_dir}/config"
|
30
|
+
Log.logger.debug("Creating config directory #{@config_dir}")
|
31
|
+
FileUtils.mkdir_p(@config_dir)
|
32
|
+
end
|
33
|
+
|
34
|
+
def download_certificates
|
35
|
+
download = true
|
36
|
+
if File.exists?("#{@config_dir}/#{@options['client_cn']}.crt")
|
37
|
+
download = yes? "Certificates for #{@options['client_cn']} already exist in #{@config_dir}. Do you want to download again? ", :green
|
38
|
+
end
|
39
|
+
|
40
|
+
if download
|
41
|
+
Log.logger.info "Downloading certificates for #{@options['client_cn']} to #{@config_dir}"
|
42
|
+
s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
43
|
+
s3.get_object("#{@config_dir}/#{@options['client_cn']}.tar.gz")
|
44
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
45
|
+
Log.logger.debug cert.extract_certificate(@options['client_cn'])
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def download_config
|
50
|
+
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
51
|
+
@endpoint_id = vpn.get_endpoint_id()
|
52
|
+
Log.logger.debug "downloading client config for #{@endpoint_id}"
|
53
|
+
@config = vpn.get_config(@endpoint_id)
|
54
|
+
string = (0...8).map { (65 + rand(26)).chr.downcase }.join
|
55
|
+
@config.sub!(@endpoint_id, "#{string}.#{@endpoint_id}")
|
56
|
+
end
|
57
|
+
|
58
|
+
def add_routes
|
59
|
+
if @options['ignore_routes']
|
60
|
+
Log.logger.debug "Ignoring routes pushed by the client vpn"
|
61
|
+
@config.concat("\nroute-nopull\n")
|
62
|
+
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
63
|
+
routes = vpn.get_route_with_mask
|
64
|
+
Log.logger.debug "Found routes #{routes}"
|
65
|
+
routes.each do |r|
|
66
|
+
@config.concat("route #{r[:route]} #{r[:mask]}\n")
|
67
|
+
end
|
68
|
+
dns_servers = vpn.get_dns_servers()
|
69
|
+
if dns_servers.any?
|
70
|
+
Log.logger.debug "Found DNS servers #{dns_servers.join(' ')}"
|
71
|
+
@config.concat("dhcp-option DNS #{dns_servers.first}\n")
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def embed_certs
|
77
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
78
|
+
Log.logger.debug cert.extract_certificate(@options['client_cn'])
|
79
|
+
Log.logger.debug "Reading extracted certificate and private key"
|
80
|
+
key = File.read("#{@config_dir}/#{@options['client_cn']}.key")
|
81
|
+
crt = File.read("#{@config_dir}/#{@options['client_cn']}.crt")
|
82
|
+
Log.logger.debug "Embedding certificate and private key into config"
|
83
|
+
@config.concat("\n<key>\n#{key}\n</key>\n")
|
84
|
+
@config.concat("\n<cert>\n#{crt}\n</cert>\n")
|
85
|
+
end
|
86
|
+
|
87
|
+
def upload_embedded_config
|
88
|
+
@s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
89
|
+
@s3.store_embedded_config(@config, @options['client_cn'])
|
90
|
+
end
|
91
|
+
|
92
|
+
def get_presigned_url
|
93
|
+
@cn = @options['client_cn']
|
94
|
+
@config_url = @s3.get_url("#{@name}_#{@cn}.config.ovpn")
|
95
|
+
Log.logger.debug "Config presigned url: #{@config_url}"
|
96
|
+
end
|
97
|
+
|
98
|
+
def display_url
|
99
|
+
Log.logger.info "Share the below instructions with the user..."
|
100
|
+
say "\nDownload the embedded config from the below presigned URL which will expire in 1 hour."
|
101
|
+
say "\nConfig:\n"
|
102
|
+
say "\tcurl #{@config_url} > #{@name}_#{@cn}.config.ovpn", :cyan
|
103
|
+
say "\nOpen #{@name}_#{@cn}.config.ovpn with your favourite openvpn client."
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
108
|
+
end
|
data/lib/cfnvpn/s3.rb
CHANGED
@@ -53,5 +53,15 @@ module CfnVpn
|
|
53
53
|
presigner.presigned_url(:get_object, params)
|
54
54
|
end
|
55
55
|
|
56
|
+
def store_embedded_config(config, cn)
|
57
|
+
Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}_#{cn}.config.ovpn")
|
58
|
+
@client.put_object({
|
59
|
+
body: config,
|
60
|
+
bucket: @bucket,
|
61
|
+
key: "#{@path}/#{@name}_#{cn}.config.ovpn",
|
62
|
+
tagging: "cfnvpn:name=#{@name}"
|
63
|
+
})
|
64
|
+
end
|
65
|
+
|
56
66
|
end
|
57
67
|
end
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -231,6 +231,7 @@ files:
|
|
231
231
|
- lib/cfnvpn/clientvpn.rb
|
232
232
|
- lib/cfnvpn/cloudformation.rb
|
233
233
|
- lib/cfnvpn/config.rb
|
234
|
+
- lib/cfnvpn/embedded.rb
|
234
235
|
- lib/cfnvpn/init.rb
|
235
236
|
- lib/cfnvpn/log.rb
|
236
237
|
- lib/cfnvpn/modify.rb
|