vpnmaker 1.0.8 → 1.0.9

Sign up to get free protection for your applications and to get access to all the features.
data/README.rdoc CHANGED
@@ -1,10 +1,18 @@
1
- most of the code was stolen from here: http://github.com/pc/vpnmaker
2
- i made a gem and converted it to use haml
1
+ most of the code was stolen from here: http://github.com/pc/vpnmaker, thank you!
2
+ i made a gem, converted it to use haml, added bin/vpnmaker cli
3
3
  = VPNMaker
4
4
 
5
5
  VPNMaker takes the teetering jankiness out of setting up and administering OpenVPN.
6
6
 
7
- == Key management
7
+ It comes without any guarantees, the code seems to work for me, your mileage will invariably vary!
8
+ == Usage
9
+ * vpnmaker -h is your best friend
10
+ help format sucks, but it's better then using easy-rsa or doing openssl by hand
11
+ == Example
12
+ >>#vpnmaker init cli conf_name new_dir_path country province city organization organization_unit common_name key_name email
13
+
14
+ == From the forked version:
15
+ === Key management
8
16
 
9
17
  To set up your VPN, run:
10
18
 
@@ -67,7 +75,7 @@ When Joe leaves the company, we can do:
67
75
 
68
76
  Which does the same revocation as in <tt>regenerate_user</tt>, but doesn't generate new keys.
69
77
 
70
- == OpenVPN management
78
+ === OpenVPN management
71
79
 
72
80
  To get OpenVPN set up, you should go back and edit <tt>foocorp.config.yaml</tt>, and add the following section:
73
81
 
@@ -86,6 +94,6 @@ You may want to modify some of the values. Then, head back to irb, and do someth
86
94
 
87
95
  Which will output a config file that you can copy and paste into <tt>openvpn.conf</tt> on your server. You'll want make sure that the following files exist in <tt>/root/openvpn</tt> (or whatever your root directory is): <tt>ca.crt</tt> (so that the server can verify the validity of client certificates), <tt>dh.pem</tt> (for encryption of the connection), <tt>server.crt</tt> (the server's public key), <tt>server.key</tt> (the server's private key), <tt>ta.key</tt> (shared secret between server and clients), and <tt>crl.pem</tt> (so that the server will reject revoked certificates).
88
96
 
89
- == OpenVPN client
97
+ === OpenVPN client
90
98
 
91
99
  Each client will need: <tt>user.key</tt>, <tt>user.crt</tt>, <tt>ca.crt</tt> and <tt>ta.key</tt>. Make sure to enable tls-auth = 1.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.8
1
+ 1.0.9
data/bin/vpnmaker CHANGED
@@ -145,6 +145,42 @@ module VPNMaker
145
145
  puts db.config_generator.server
146
146
  end
147
147
  }
148
+ mode('install') {
149
+ description "this will make /etc/openvpn/[your server].ovpn.conf and crl.pem and some files to make NAT work, look into basedir"
150
+ def run
151
+ #FIXME: This needs to be cleaned up
152
+ iptables_nat_rules = <<EOS
153
+ # nat Table rules
154
+ *nat
155
+ :POSTROUTING ACCEPT [0:0]
156
+ # Forward traffic through ppp0 - Change to match you out-interface
157
+ -A POSTROUTING -s #{db.tracker.config[:server][:base_ip]} -o eth0 -j MASQUERADE
158
+ # don't delete the 'COMMIT' line or these nat table rules won't
159
+ # be processed
160
+ COMMIT
161
+ EOS
162
+ etc_default_ufw = File.read('/etc/default/ufw').gsub('DEFAULT_FORWARD_POLICY="DROP"', 'DEFAULT_FORWARD_POLICY="ACCEPT"')
163
+ etc_ufw_sysctl_conf = File.read('/etc/ufw/sysctl.conf').gsub('#net/ipv4/ip_forward=1', 'net/ipv4/ip_forward=1')
164
+ etc_ufw_before_rules = `sudo cat /etc/ufw/before.rules`.insert(0, iptables_nat_rules)
165
+ cfg = db.config_generator.server
166
+ fname = db.tracker.path + "/" + Manager.vpn_name(db.tracker.path) + "_server.conf"
167
+ File.open(fname ,'w') {|f| f.write(cfg)}
168
+ File.open("#{db.tracker.path}/ufw", 'w') {|f| f.write(etc_default_ufw)}
169
+ File.open("#{db.tracker.path}/sysctl.conf", 'w') {|f| f.write(etc_ufw_sysctl_conf)}
170
+ File.open("#{db.tracker.path}/before.rules", 'w') {|f| f.write(etc_ufw_before_rules)}
171
+
172
+ `sudo cp #{fname} /etc/openvpn`
173
+ `sudo cp #{db.tracker.path}/#{Manager.vpn_name(db.tracker.path)}_data/crl.pem /etc/openvpn`
174
+
175
+ msg = <<EOS
176
+ sudo cp #{db.tracker.path}/ufw /etc/default/ufw
177
+ sudo cp #{db.tracker.path}/sysctl.conf /etc/ufw/sysctl.conf
178
+ sudo cp #{db.tracker.path}/before.rules /etc/ufw/before.rules
179
+ EOS
180
+ say('Please check those files before copy/pasting!')
181
+ say msg
182
+ end
183
+ }
148
184
  keyword('dir') {
149
185
  required
150
186
  arity 1
@@ -162,7 +198,6 @@ module VPNMaker
162
198
  validate {|fname| File.exist?(fname) ? agree("file exists, overwrite?") : true }
163
199
  }
164
200
  def run
165
-
166
201
  puts "server run..."
167
202
  puts "need to save fname=#{params['server_config_fname'].value}" if params['server_config_fname'].given?
168
203
  end
data/lib/server.haml CHANGED
@@ -9,7 +9,7 @@ server #{base_ip[:net]} #{base_ip[:mask]}
9
9
  tls-server
10
10
  comp-lzo
11
11
  cipher AES-256-CBC
12
- crl-verify #{crl_path}/crl.pem
12
+ crl-verify /etc/openvpn/crl.pem
13
13
 
14
14
  - unless subnets.empty?
15
15
  \# subnets.each do
data/vpnmaker.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "vpnmaker"
8
- s.version = "1.0.8"
8
+ s.version = "1.0.9"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Voip Scout"]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vpnmaker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.8
4
+ version: 1.0.9
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -503,7 +503,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
503
503
  version: '0'
504
504
  segments:
505
505
  - 0
506
- hash: 795314368865926665
506
+ hash: -2957494701082372774
507
507
  required_rubygems_version: !ruby/object:Gem::Requirement
508
508
  none: false
509
509
  requirements: