vpnmaker 1.0.8 → 1.0.9
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +13 -5
- data/VERSION +1 -1
- data/bin/vpnmaker +36 -1
- data/lib/server.haml +1 -1
- data/vpnmaker.gemspec +1 -1
- metadata +2 -2
data/README.rdoc
CHANGED
|
@@ -1,10 +1,18 @@
|
|
|
1
|
-
most of the code was stolen from here: http://github.com/pc/vpnmaker
|
|
2
|
-
i made a gem
|
|
1
|
+
most of the code was stolen from here: http://github.com/pc/vpnmaker, thank you!
|
|
2
|
+
i made a gem, converted it to use haml, added bin/vpnmaker cli
|
|
3
3
|
= VPNMaker
|
|
4
4
|
|
|
5
5
|
VPNMaker takes the teetering jankiness out of setting up and administering OpenVPN.
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
It comes without any guarantees, the code seems to work for me, your mileage will invariably vary!
|
|
8
|
+
== Usage
|
|
9
|
+
* vpnmaker -h is your best friend
|
|
10
|
+
help format sucks, but it's better then using easy-rsa or doing openssl by hand
|
|
11
|
+
== Example
|
|
12
|
+
>>#vpnmaker init cli conf_name new_dir_path country province city organization organization_unit common_name key_name email
|
|
13
|
+
|
|
14
|
+
== From the forked version:
|
|
15
|
+
=== Key management
|
|
8
16
|
|
|
9
17
|
To set up your VPN, run:
|
|
10
18
|
|
|
@@ -67,7 +75,7 @@ When Joe leaves the company, we can do:
|
|
|
67
75
|
|
|
68
76
|
Which does the same revocation as in <tt>regenerate_user</tt>, but doesn't generate new keys.
|
|
69
77
|
|
|
70
|
-
|
|
78
|
+
=== OpenVPN management
|
|
71
79
|
|
|
72
80
|
To get OpenVPN set up, you should go back and edit <tt>foocorp.config.yaml</tt>, and add the following section:
|
|
73
81
|
|
|
@@ -86,6 +94,6 @@ You may want to modify some of the values. Then, head back to irb, and do someth
|
|
|
86
94
|
|
|
87
95
|
Which will output a config file that you can copy and paste into <tt>openvpn.conf</tt> on your server. You'll want make sure that the following files exist in <tt>/root/openvpn</tt> (or whatever your root directory is): <tt>ca.crt</tt> (so that the server can verify the validity of client certificates), <tt>dh.pem</tt> (for encryption of the connection), <tt>server.crt</tt> (the server's public key), <tt>server.key</tt> (the server's private key), <tt>ta.key</tt> (shared secret between server and clients), and <tt>crl.pem</tt> (so that the server will reject revoked certificates).
|
|
88
96
|
|
|
89
|
-
|
|
97
|
+
=== OpenVPN client
|
|
90
98
|
|
|
91
99
|
Each client will need: <tt>user.key</tt>, <tt>user.crt</tt>, <tt>ca.crt</tt> and <tt>ta.key</tt>. Make sure to enable tls-auth = 1.
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.9
|
data/bin/vpnmaker
CHANGED
|
@@ -145,6 +145,42 @@ module VPNMaker
|
|
|
145
145
|
puts db.config_generator.server
|
|
146
146
|
end
|
|
147
147
|
}
|
|
148
|
+
mode('install') {
|
|
149
|
+
description "this will make /etc/openvpn/[your server].ovpn.conf and crl.pem and some files to make NAT work, look into basedir"
|
|
150
|
+
def run
|
|
151
|
+
#FIXME: This needs to be cleaned up
|
|
152
|
+
iptables_nat_rules = <<EOS
|
|
153
|
+
# nat Table rules
|
|
154
|
+
*nat
|
|
155
|
+
:POSTROUTING ACCEPT [0:0]
|
|
156
|
+
# Forward traffic through ppp0 - Change to match you out-interface
|
|
157
|
+
-A POSTROUTING -s #{db.tracker.config[:server][:base_ip]} -o eth0 -j MASQUERADE
|
|
158
|
+
# don't delete the 'COMMIT' line or these nat table rules won't
|
|
159
|
+
# be processed
|
|
160
|
+
COMMIT
|
|
161
|
+
EOS
|
|
162
|
+
etc_default_ufw = File.read('/etc/default/ufw').gsub('DEFAULT_FORWARD_POLICY="DROP"', 'DEFAULT_FORWARD_POLICY="ACCEPT"')
|
|
163
|
+
etc_ufw_sysctl_conf = File.read('/etc/ufw/sysctl.conf').gsub('#net/ipv4/ip_forward=1', 'net/ipv4/ip_forward=1')
|
|
164
|
+
etc_ufw_before_rules = `sudo cat /etc/ufw/before.rules`.insert(0, iptables_nat_rules)
|
|
165
|
+
cfg = db.config_generator.server
|
|
166
|
+
fname = db.tracker.path + "/" + Manager.vpn_name(db.tracker.path) + "_server.conf"
|
|
167
|
+
File.open(fname ,'w') {|f| f.write(cfg)}
|
|
168
|
+
File.open("#{db.tracker.path}/ufw", 'w') {|f| f.write(etc_default_ufw)}
|
|
169
|
+
File.open("#{db.tracker.path}/sysctl.conf", 'w') {|f| f.write(etc_ufw_sysctl_conf)}
|
|
170
|
+
File.open("#{db.tracker.path}/before.rules", 'w') {|f| f.write(etc_ufw_before_rules)}
|
|
171
|
+
|
|
172
|
+
`sudo cp #{fname} /etc/openvpn`
|
|
173
|
+
`sudo cp #{db.tracker.path}/#{Manager.vpn_name(db.tracker.path)}_data/crl.pem /etc/openvpn`
|
|
174
|
+
|
|
175
|
+
msg = <<EOS
|
|
176
|
+
sudo cp #{db.tracker.path}/ufw /etc/default/ufw
|
|
177
|
+
sudo cp #{db.tracker.path}/sysctl.conf /etc/ufw/sysctl.conf
|
|
178
|
+
sudo cp #{db.tracker.path}/before.rules /etc/ufw/before.rules
|
|
179
|
+
EOS
|
|
180
|
+
say('Please check those files before copy/pasting!')
|
|
181
|
+
say msg
|
|
182
|
+
end
|
|
183
|
+
}
|
|
148
184
|
keyword('dir') {
|
|
149
185
|
required
|
|
150
186
|
arity 1
|
|
@@ -162,7 +198,6 @@ module VPNMaker
|
|
|
162
198
|
validate {|fname| File.exist?(fname) ? agree("file exists, overwrite?") : true }
|
|
163
199
|
}
|
|
164
200
|
def run
|
|
165
|
-
|
|
166
201
|
puts "server run..."
|
|
167
202
|
puts "need to save fname=#{params['server_config_fname'].value}" if params['server_config_fname'].given?
|
|
168
203
|
end
|
data/lib/server.haml
CHANGED
data/vpnmaker.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vpnmaker
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.9
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -503,7 +503,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
503
503
|
version: '0'
|
|
504
504
|
segments:
|
|
505
505
|
- 0
|
|
506
|
-
hash:
|
|
506
|
+
hash: -2957494701082372774
|
|
507
507
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
508
508
|
none: false
|
|
509
509
|
requirements:
|