cfn-vpn 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -0
- data/lib/cfnvpn.rb +4 -0
- data/lib/cfnvpn/embedded.rb +108 -0
- data/lib/cfnvpn/s3.rb +10 -0
- data/lib/cfnvpn/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f6be01a5786f8ea62be6d6b7f781ad1036b8edff08ba7d509707565fbeb5862
|
4
|
+
data.tar.gz: 9a9a2038b6c955871983649f1c2627c6c2eedf9a64cae20ceb04ba73c25a3616
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d0a839efc1e6d5826fc9b9edfcd3c608b0eb3a1f6b79df624de1be888b4d817a4c9c6994e9ea806e002998e0affa9cb5b0db1b25c04fa12677181e7d504fc958
|
7
|
+
data.tar.gz: 051bc8385ced35fafbcffa4b013cb8e4d962dafb74f88c1574df4684f37b64fd074dfa4bdcdba0edafa3bc3dee855bd83217a3c23a00f60be6c18dad6f728052
|
data/README.md
CHANGED
@@ -69,6 +69,7 @@ Commands:
|
|
69
69
|
cfn-vpn --version, -v # print the version
|
70
70
|
cfn-vpn client [name] --bucket=BUCKET --client-cn=CLIENT_CN # Create a new client certificate
|
71
71
|
cfn-vpn config [name] --bucket=BUCKET --client-cn=CLIENT_CN # Retrieve the config for the AWS Client VPN
|
72
|
+
cfn-vpn embedded [name] --bucket=BUCKET --client-cn=CLIENT_CN # Embed client certs into config and generate S3 presigned URL
|
72
73
|
cfn-vpn help [COMMAND] # Describe available commands or one specific command
|
73
74
|
cfn-vpn init [name] --bucket=BUCKET --server-cn=SERVER_CN --subnet-id=SUBNET_ID # Create a AWS Client VPN
|
74
75
|
cfn-vpn modify [name] # Modify your AWS Client VPN
|
@@ -225,6 +226,13 @@ to delete a route specify the `--del` flag with the cidr you want to delete.
|
|
225
226
|
`cfn-vpn routes myvpn --del 10.10.0.0/16`
|
226
227
|
|
227
228
|
|
229
|
+
### Embed client certificates into config file and share
|
230
|
+
|
231
|
+
This will pull the clients certificate and key archives from S3 and embed them into the config file, upload it back to S3 and generate a presigned URL for the user.
|
232
|
+
This allows the you to download or share a single, ready to import config file into a OpenVPN client.
|
233
|
+
|
234
|
+
`cfn-vpn embedded myvpn --client-cn user1 --bucket mybucket`
|
235
|
+
|
228
236
|
## Contributing
|
229
237
|
|
230
238
|
Bug reports and pull requests are welcome on GitHub at https://github.com/base2services/aws-client-vpn.
|
data/lib/cfnvpn.rb
CHANGED
@@ -8,6 +8,7 @@ require 'cfnvpn/revoke'
|
|
8
8
|
require 'cfnvpn/sessions'
|
9
9
|
require 'cfnvpn/routes'
|
10
10
|
require 'cfnvpn/share'
|
11
|
+
require 'cfnvpn/embedded'
|
11
12
|
|
12
13
|
module CfnVpn
|
13
14
|
class Cli < Thor
|
@@ -42,5 +43,8 @@ module CfnVpn
|
|
42
43
|
register CfnVpn::Share, 'share', 'share [name]', 'Provide a user with a s3 signed download for certificates and config'
|
43
44
|
tasks["share"].options = CfnVpn::Share.class_options
|
44
45
|
|
46
|
+
register CfnVpn::Embedded, 'embedded', 'embedded [name]', 'Embed client certs into config and generate S3 presigned URL'
|
47
|
+
tasks["embedded"].options = CfnVpn::Embedded.class_options
|
48
|
+
|
45
49
|
end
|
46
50
|
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
require 'cfnvpn/log'
|
2
|
+
require 'cfnvpn/s3'
|
3
|
+
|
4
|
+
module CfnVpn
|
5
|
+
class Embedded < Thor::Group
|
6
|
+
include Thor::Actions
|
7
|
+
include CfnVpn::Log
|
8
|
+
|
9
|
+
argument :name
|
10
|
+
|
11
|
+
class_option :profile, desc: 'AWS Profile'
|
12
|
+
class_option :region, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
13
|
+
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
14
|
+
|
15
|
+
class_option :bucket, required: true, desc: 'S3 bucket'
|
16
|
+
class_option :client_cn, required: true, desc: 'Client certificates to download'
|
17
|
+
class_option :ignore_routes, alias: :i, type: :boolean, desc: 'Ignore client VPN pushed routes and set routes in config file'
|
18
|
+
|
19
|
+
def self.source_root
|
20
|
+
File.dirname(__FILE__)
|
21
|
+
end
|
22
|
+
|
23
|
+
def set_loglevel
|
24
|
+
Log.logger.level = Logger::DEBUG if @options['verbose']
|
25
|
+
end
|
26
|
+
|
27
|
+
def create_config_directory
|
28
|
+
@build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
|
29
|
+
@config_dir = "#{@build_dir}/config"
|
30
|
+
Log.logger.debug("Creating config directory #{@config_dir}")
|
31
|
+
FileUtils.mkdir_p(@config_dir)
|
32
|
+
end
|
33
|
+
|
34
|
+
def download_certificates
|
35
|
+
download = true
|
36
|
+
if File.exists?("#{@config_dir}/#{@options['client_cn']}.crt")
|
37
|
+
download = yes? "Certificates for #{@options['client_cn']} already exist in #{@config_dir}. Do you want to download again? ", :green
|
38
|
+
end
|
39
|
+
|
40
|
+
if download
|
41
|
+
Log.logger.info "Downloading certificates for #{@options['client_cn']} to #{@config_dir}"
|
42
|
+
s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
43
|
+
s3.get_object("#{@config_dir}/#{@options['client_cn']}.tar.gz")
|
44
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
45
|
+
Log.logger.debug cert.extract_certificate(@options['client_cn'])
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def download_config
|
50
|
+
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
51
|
+
@endpoint_id = vpn.get_endpoint_id()
|
52
|
+
Log.logger.debug "downloading client config for #{@endpoint_id}"
|
53
|
+
@config = vpn.get_config(@endpoint_id)
|
54
|
+
string = (0...8).map { (65 + rand(26)).chr.downcase }.join
|
55
|
+
@config.sub!(@endpoint_id, "#{string}.#{@endpoint_id}")
|
56
|
+
end
|
57
|
+
|
58
|
+
def add_routes
|
59
|
+
if @options['ignore_routes']
|
60
|
+
Log.logger.debug "Ignoring routes pushed by the client vpn"
|
61
|
+
@config.concat("\nroute-nopull\n")
|
62
|
+
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
63
|
+
routes = vpn.get_route_with_mask
|
64
|
+
Log.logger.debug "Found routes #{routes}"
|
65
|
+
routes.each do |r|
|
66
|
+
@config.concat("route #{r[:route]} #{r[:mask]}\n")
|
67
|
+
end
|
68
|
+
dns_servers = vpn.get_dns_servers()
|
69
|
+
if dns_servers.any?
|
70
|
+
Log.logger.debug "Found DNS servers #{dns_servers.join(' ')}"
|
71
|
+
@config.concat("dhcp-option DNS #{dns_servers.first}\n")
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def embed_certs
|
77
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
78
|
+
Log.logger.debug cert.extract_certificate(@options['client_cn'])
|
79
|
+
Log.logger.debug "Reading extracted certificate and private key"
|
80
|
+
key = File.read("#{@config_dir}/#{@options['client_cn']}.key")
|
81
|
+
crt = File.read("#{@config_dir}/#{@options['client_cn']}.crt")
|
82
|
+
Log.logger.debug "Embedding certificate and private key into config"
|
83
|
+
@config.concat("\n<key>\n#{key}\n</key>\n")
|
84
|
+
@config.concat("\n<cert>\n#{crt}\n</cert>\n")
|
85
|
+
end
|
86
|
+
|
87
|
+
def upload_embedded_config
|
88
|
+
@s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
89
|
+
@s3.store_embedded_config(@config, @options['client_cn'])
|
90
|
+
end
|
91
|
+
|
92
|
+
def get_presigned_url
|
93
|
+
@cn = @options['client_cn']
|
94
|
+
@config_url = @s3.get_url("#{@name}_#{@cn}.config.ovpn")
|
95
|
+
Log.logger.debug "Config presigned url: #{@config_url}"
|
96
|
+
end
|
97
|
+
|
98
|
+
def display_url
|
99
|
+
Log.logger.info "Share the below instructions with the user..."
|
100
|
+
say "\nDownload the embedded config from the below presigned URL which will expire in 1 hour."
|
101
|
+
say "\nConfig:\n"
|
102
|
+
say "\tcurl #{@config_url} > #{@name}_#{@cn}.config.ovpn", :cyan
|
103
|
+
say "\nOpen #{@name}_#{@cn}.config.ovpn with your favourite openvpn client."
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
|
108
|
+
end
|
data/lib/cfnvpn/s3.rb
CHANGED
@@ -53,5 +53,15 @@ module CfnVpn
|
|
53
53
|
presigner.presigned_url(:get_object, params)
|
54
54
|
end
|
55
55
|
|
56
|
+
def store_embedded_config(config, cn)
|
57
|
+
Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}_#{cn}.config.ovpn")
|
58
|
+
@client.put_object({
|
59
|
+
body: config,
|
60
|
+
bucket: @bucket,
|
61
|
+
key: "#{@path}/#{@name}_#{cn}.config.ovpn",
|
62
|
+
tagging: "cfnvpn:name=#{@name}"
|
63
|
+
})
|
64
|
+
end
|
65
|
+
|
56
66
|
end
|
57
67
|
end
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -231,6 +231,7 @@ files:
|
|
231
231
|
- lib/cfnvpn/clientvpn.rb
|
232
232
|
- lib/cfnvpn/cloudformation.rb
|
233
233
|
- lib/cfnvpn/config.rb
|
234
|
+
- lib/cfnvpn/embedded.rb
|
234
235
|
- lib/cfnvpn/init.rb
|
235
236
|
- lib/cfnvpn/log.rb
|
236
237
|
- lib/cfnvpn/modify.rb
|