vpnmaker 1.0.8 → 1.0.9

data/README.rdoc

@@ -1,10 +1,18 @@
-most of the code was stolen from here: http://github.com/pc/vpnmaker
-i made a gem and converted it to use haml
+most of the code was stolen from here: http://github.com/pc/vpnmaker, thank you!
+i made a gem, converted it to use haml, added bin/vpnmaker cli
 = VPNMaker
 
 VPNMaker takes the teetering jankiness out of setting up and administering OpenVPN.
 
-== Key management
+It comes without any guarantees, the code seems to work for me, your mileage will invariably vary!
+== Usage
+* vpnmaker -h is your best friend
+help format sucks, but it's better then using easy-rsa or doing openssl by hand
+== Example
+>>#vpnmaker init cli conf_name new_dir_path country province city organization organization_unit common_name key_name email
+
+== From the forked version:
+=== Key management
 
 To set up your VPN, run:
 
@@ -67,7 +75,7 @@ When Joe leaves the company, we can do:
 
 Which does the same revocation as in <tt>regenerate_user</tt>, but doesn't generate new keys.
 
-== OpenVPN management
+=== OpenVPN management
 
 To get OpenVPN set up, you should go back and edit <tt>foocorp.config.yaml</tt>, and add the following section:
 
@@ -86,6 +94,6 @@ You may want to modify some of the values. Then, head back to irb, and do someth
 
 Which will output a config file that you can copy and paste into <tt>openvpn.conf</tt> on your server. You'll want make sure that the following files exist in <tt>/root/openvpn</tt> (or whatever your root directory is): <tt>ca.crt</tt> (so that the server can verify the validity of client certificates), <tt>dh.pem</tt> (for encryption of the connection), <tt>server.crt</tt> (the server's public key), <tt>server.key</tt> (the server's private key), <tt>ta.key</tt> (shared secret between server and clients), and <tt>crl.pem</tt> (so that the server will reject revoked certificates).
 
-== OpenVPN client
+=== OpenVPN client
 
 Each client will need: <tt>user.key</tt>, <tt>user.crt</tt>, <tt>ca.crt</tt> and <tt>ta.key</tt>. Make sure to enable tls-auth = 1.

data/VERSION

@@ -1 +1 @@
-1.0.8
+1.0.9

data/bin/vpnmaker

@@ -145,6 +145,42 @@ module VPNMaker
               puts db.config_generator.server
             end
           }
+          mode('install') {
+            description "this will make /etc/openvpn/[your server].ovpn.conf and crl.pem and some files to make NAT work, look into basedir"
+            def run
+              #FIXME: This needs to be cleaned up
+              iptables_nat_rules = <<EOS
+# nat Table rules
+*nat
+:POSTROUTING ACCEPT [0:0]
+# Forward traffic through ppp0 - Change to match you out-interface
+-A POSTROUTING -s #{db.tracker.config[:server][:base_ip]} -o eth0 -j MASQUERADE
+# don't delete the 'COMMIT' line or these nat table rules won't
+# be processed
+COMMIT
+EOS
+              etc_default_ufw = File.read('/etc/default/ufw').gsub('DEFAULT_FORWARD_POLICY="DROP"', 'DEFAULT_FORWARD_POLICY="ACCEPT"')
+              etc_ufw_sysctl_conf = File.read('/etc/ufw/sysctl.conf').gsub('#net/ipv4/ip_forward=1', 'net/ipv4/ip_forward=1')
+              etc_ufw_before_rules = `sudo cat /etc/ufw/before.rules`.insert(0, iptables_nat_rules)
+              cfg = db.config_generator.server
+              fname = db.tracker.path + "/" + Manager.vpn_name(db.tracker.path) + "_server.conf"
+              File.open(fname ,'w') {|f| f.write(cfg)}
+              File.open("#{db.tracker.path}/ufw", 'w') {|f| f.write(etc_default_ufw)}
+              File.open("#{db.tracker.path}/sysctl.conf", 'w') {|f| f.write(etc_ufw_sysctl_conf)}
+              File.open("#{db.tracker.path}/before.rules", 'w') {|f| f.write(etc_ufw_before_rules)}
+
+              `sudo cp #{fname} /etc/openvpn`
+              `sudo cp #{db.tracker.path}/#{Manager.vpn_name(db.tracker.path)}_data/crl.pem /etc/openvpn`
+
+              msg = <<EOS
+sudo cp #{db.tracker.path}/ufw /etc/default/ufw
+sudo cp #{db.tracker.path}/sysctl.conf /etc/ufw/sysctl.conf
+sudo cp #{db.tracker.path}/before.rules /etc/ufw/before.rules
+EOS
+              say('Please check those files before copy/pasting!')
+              say msg
+            end
+          }
           keyword('dir') {
             required
             arity 1
@@ -162,7 +198,6 @@ module VPNMaker
             validate {|fname| File.exist?(fname) ? agree("file exists, overwrite?") : true }
           }
           def run
-
             puts "server run..."
             puts "need to save fname=#{params['server_config_fname'].value}" if params['server_config_fname'].given?
           end

data/lib/server.haml

@@ -9,7 +9,7 @@ server #{base_ip[:net]} #{base_ip[:mask]}
 tls-server
 comp-lzo
 cipher AES-256-CBC
-crl-verify #{crl_path}/crl.pem
+crl-verify /etc/openvpn/crl.pem
 
 - unless subnets.empty?
   \# subnets.each do

data/vpnmaker.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = "vpnmaker"
-  s.version = "1.0.8"
+  s.version = "1.0.9"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Voip Scout"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vpnmaker
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.9
   prerelease: 
 platform: ruby
 authors:
@@ -503,7 +503,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 795314368865926665
+      hash: -2957494701082372774
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: