Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
From d7b06b8a204e5c70b9b3c076230808ee1765a4db Mon Sep 17 00:00:00 2001
From: Michal Hrusecky <michal.hrusecky@turris.com>
Date: Mon, 16 Nov 2020 14:34:19 +0100
Subject: [PATCH] openvpn: Support username and password options
Some VPN providers require username and password for client to connect.
This commit adds an option to specify username, password and
cert_password directly in uci config which then gets expanded during
start of openpvn client.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
---
package/network/services/openvpn/Makefile | 2 +-
.../services/openvpn/files/openvpn.config | 7 ++++
.../services/openvpn/files/openvpn.init | 39 +++++++++++++++++--
3 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 1d5c5a7..711aef5 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
PKG_VERSION:=2.4.7
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config
index 1fd846f..b62d5f2 100644
--- a/package/network/services/openvpn/files/openvpn.config
+++ b/package/network/services/openvpn/files/openvpn.config
@@ -9,6 +9,13 @@ config openvpn custom_config
# Set to 1 to enable this instance:
option enabled 0
+ # Credentials to login
+ #option username 'login'
+ #option password 'password'
+
+ # Password for client certificate
+ #option cert_password 'cert_password'
+
# Include OpenVPN configuration
option config /etc/openvpn/my-vpn.conf
diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index a454eb4..f100f40 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -69,6 +69,14 @@ section_enabled() {
[ $enable -gt 0 ] || [ $enabled -gt 0 ]
}
+create_temp_file() {
+ mkdir -p "$(dirname "$1")"
+ rm -f "$1"
+ touch "$1"
+ chown root "$1"
+ chmod 0600 "$1"
+}
+
openvpn_get_dev() {
local dev dev_type
local name="$1"
@@ -103,6 +111,31 @@ openvpn_get_dev() {
echo "--dev-type $dev_type --dev $dev"
}
+openvpn_get_credentials() {
+ local name="$1"
+ local ret=""
+
+ config_get cert_password "$name" cert_password
+ config_get password "$name" password
+ config_get username "$name" username
+
+ if [ -n "$cert_password" ]; then
+ create_temp_file /var/run/openvpn.$name.pass
+ echo "$cert_password" > /var/run/openvpn.$name.pass
+ ret=" --askpass /var/run/openvpn.$name.pass "
+ fi
+
+ if [ -n "$username" ]; then
+ create_temp_file /var/run/openvpn.$name.userpass
+ echo "$username" > /var/run/openvpn.$name.userpass
+ echo "$password" >> /var/run/openvpn.$name.userpass
+ ret=" --auth-user-pass /var/run/openvpn.$name.userpass "
+ fi
+
+ # Return overrides
+ echo "$ret"
+}
+
openvpn_add_instance() {
local name="$1"
local dir="$2"
@@ -118,7 +151,8 @@ openvpn_add_instance() {
--up "/usr/libexec/openvpn-hotplug up $name" \
--down "/usr/libexec/openvpn-hotplug down $name" \
--script-security "${security:-2}" \
- $(openvpn_get_dev "$name" "$conf")
+ $(openvpn_get_dev "$name" "$conf") \
+ $(openvpn_get_credentials "$name" "$conf")
procd_set_param file "$dir/$conf"
procd_set_param term_timeout 15
procd_set_param respawn
@@ -150,8 +184,7 @@ start_instance() {
return
fi
- [ ! -d "/var/etc" ] && mkdir -p "/var/etc"
- [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf"
+ create_temp_file "/var/etc/openvpn-$s.conf"
append_bools "$s" $OPENVPN_BOOLS
append_params "$s" $OPENVPN_PARAMS
--
2.30.0