Commit f8c985bb authored by David Kempe's avatar David Kempe
Browse files
parents d37c721d 53032e29
.idea/
ovs-server.iml
.project
!define PRODUCT_NAME "Sol1 OpenVPN Deployer"
!define PRODUCT_VERSION "2.0"
!define PRODUCT_VERSION "3.0"
!define PRODUCT_PUBLISHER "sol1"
!define PRODUCT_WEB_SITE "http://www.sol1.net"
Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "sol1-openvpn-deploy.exe"
ShowInstDetails show
ShowUnInstDetails show
AutoCloseWindow True
!define USERNAME "%%USERNAME%%"
!define ORGNICK "%%ORGNICK%%"
!define OPENVPN_GUI_FILE "openvpn-gui-1.0.3.exe"
!define OPENVPN_GUI_FILE "openvpn-gui.exe"
!define TEMP_DIR "$TEMP\Sol1_OpenVPN_Deployer"
; MUI 1.67 compatible ------
!include x64.nsh
!include "MUI.nsh"
!include WinVer.nsh
; MUI Settings
!define MUI_ABORTWARNING
!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\modern-install.ico"
!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"
; Welcome page
!insertmacro MUI_PAGE_WELCOME
; Instfiles page
!insertmacro MUI_PAGE_INSTFILES
; Finish page
!define MUI_FINISHPAGE_RUN
!define MUI_FINISHPAGE_RUN_NOTCHECKED
!define MUI_FINISHPAGE_RUN_TEXT "Always Run OpenVPN as a Service"
!define MUI_FINISHPAGE_RUN_FUNCTION "SecService"
!define MUI_PAGE_CUSTOMFUNCTION_PRE "FinalPagePre"
!define MUI_FINISHPAGE
!insertmacro MUI_PAGE_FINISH
; Language files
!insertmacro MUI_LANGUAGE "English"
; MUI end ------
; MUI end ---
var OSV
var ARCH
var SPV
var InstallStatus
var CONF_DIR
var BIN_DIR
;--------------------------------------------------------------------------------------------------
Function .oninit
SetRegView 64
ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenVPN" "UninstallString"
StrCmp $R0 "" +1 Continue
SetRegView 32
ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenVPN" "UninstallString"
Continue:
; Find windows Architecture
${If} ${RunningX64}
StrCpy $ARCH "64"
SetRegView 64
StrCpy $CONF_DIR "$PROGRAMFILES64\OpenVPN\config\"
StrCpy $BIN_DIR "$PROGRAMFILES64\OpenVPN\bin\"
WriteRegStr HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "$BIN_DIR${OPENVPN_GUI_FILE}" RUNASADMIN
${Else}
StrCpy $ARCH "32"
SetRegView 32
StrCpy $CONF_DIR "$PROGRAMFILES32\OpenVPN\config\"
StrCpy $BIN_DIR "$PROGRAMFILES64\OpenVPN\bin\"
WriteRegStr HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "$BIN_DIR${OPENVPN_GUI_FILE}" RUNASADMIN
${EndIf}
; Find windows version & iinstalled SP (not needed here)
ReadRegStr $OSV HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" "ProductName"
ReadRegStr $SPV HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" "CSDVersion"
;MessageBox mb_ok "$OSV $ARCH $SPV"
; Check if OpenVPN installed
IfFileExists $R0 Installed NotInstalled
Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "sol1-openvpn-deploy.exe"
InstallDir "$TEMP\Sol1_OpenVPN_Deployer"
ShowInstDetails show
ShowUnInstDetails show
AutoCloseWindow True
Installed:
StrCpy $InstallStatus "Installed"
StrCpy $R1 $R0 -14
StrCpy $CONF_DIR "$R1\config\"
Goto Done
NotInstalled:
StrCpy $InstallStatus "NotInstalled"
Done:
FunctionEnd
;--------------------------------------------------------------------------------------------------
Section "Checking for OpenVPN and installing if not already installed"
IfFileExists "$PROGRAMFILES\OpenVPN\bin\openvpn.exe" +1 +2
IfFileExists "$PROGRAMFILES\OpenVPN\bin\${OPENVPN_GUI_FILE}" Config
CreateDirectory "$TEMP\Sol1_OpenVPN_Deployer"
NSISdl::download http://redirect.sol1.net/get-latest/openvpn $TEMP\Sol1_OpenVPN_Deployer\openvpn-latest-install.exe
${if} $InstallStatus == "Installed"
GoTo Config
${endif}
CreateDirectory "$TEMP\Sol1_OpenVPN_Deployer"
${If} ${IsWinXP}
NSISdl::download "http://redirect.sol1.net/get-latest/openvpn?arch=$ARCH&os=winxp" "${TEMP_DIR}\openvpn-latest-install.exe"
${else}
NSISdl::download "http://redirect.sol1.net/get-latest/openvpn?arch=$ARCH&os=moden" "${TEMP_DIR}\openvpn-latest-install.exe"
${EndIf}
Pop $R0 ;Get the return value
StrCmp $R0 "success" Install
MessageBox MB_OK "Unable to locate OpenVPN to download. It might of moved. Please try again and if you still have problems contact support@sol1.com.au"
Quit
Install:
ExecWait "$TEMP\Sol1_OpenVPN_Deployer\openvpn-latest-install.exe /S"
Call GetWindowsVersion
Pop $R0
StrCMP $R0 "Vista" +2 +1
StrCMP $R0 "Windows7" +1 +2
SetRegView 64
WriteRegStr HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" "$PROGRAMFILES\OpenVPN\bin\${OPENVPN_GUI_FILE}" RUNASADMIN
MessageBox MB_OK "Unable to locate OpenVPN to download. Please let support@sol1.com.au know. Directing you to download page, download for the below system.$\r$\n$OSV ($ARCH-Bit)$\r$\n"
ExecShell open "https://openvpn.net/index.php/open-source/downloads.html" SW_HIDE
CreateDirectory "$CONF_DIR"
StrCpy $InstallStatus "Failed"
GoTo Config
Install:
ExecWait "$TEMP\Sol1_OpenVPN_Deployer\openvpn-latest-install.exe /S"
Config:
SetOutPath "$PROGRAMFILES\OpenVPN\config\"
SetOverwrite ifnewer
File "${ORGNICK}-${USERNAME}.ovpn"
File "${ORGNICK}-${USERNAME}.p12"
MessageBox MB_YESNO "Would you like to connect ${ORGNICK}-${USERNAME} now?" IDYES Connect IDNO Done
Connect:
StrCpy $0 "${OPENVPN_GUI_FILE}"
DetailPrint "Searching for processes called '$0'"
KillProc::FindProcesses
StrCmp $1 "-1" Wooops
DetailPrint "-> Found $0 processes"
StrCmp $0 "0" Completed
Sleep 1500
StrCpy $0 "${OPENVPN_GUI_FILE}"
DetailPrint "Killing all processes called '$0'"
KillProc::KillProcesses
StrCmp $1 "-1" Wooops
DetailPrint "-> Killed $0 processes, failed to kill $1 processes"
Goto completed
Wooops:
MessageBox MB_OK "Reboot needed to complete install. Please reboot now"
Goto Done
Completed:
DetailPrint "Everything went okay :-D"
Exec "$PROGRAMFILES\OpenVPN\bin\${OPENVPN_GUI_FILE} --connect ${ORGNICK}-${USERNAME}.ovpn"
Done:
Config:
SetOutPath "$CONF_DIR"
SetOverwrite on
File "${ORGNICK}-${USERNAME}.ovpn"
File "${ORGNICK}-${USERNAME}.p12"
SectionEnd
;--------------------------------------------------------------------------------------------------
Function FinalPagePre
${if} $InstallStatus == "Installed"
!insertmacro MUI_INSTALLOPTIONS_WRITE "ioSpecial.ini" "Field 3" "Text" "OpenVPN already installed, Below files deployed\r\n${ORGNICK}-${USERNAME}.ovpn\r\n${ORGNICK}-${USERNAME}.p12\r\n\r\nClick Finish to close Setup"
!insertmacro MUI_INSTALLOPTIONS_WRITE "ioSpecial.ini" "Field 4" "Type" ""
${endif}
${if} $InstallStatus == "Failed"
!insertmacro MUI_INSTALLOPTIONS_WRITE "ioSpecial.ini" "Field 3" "bottom" "200"
!insertmacro MUI_INSTALLOPTIONS_WRITE "ioSpecial.ini" "Field 3" "Text" "OpenVPN download failed, Please download manually for\r\n$OSV ($ARCH-Bit)\r\n\r\nBelow files deployed ready\r\n${ORGNICK}-${USERNAME}.ovpn\r\n${ORGNICK}-${USERNAME}.p12\r\n\r\nClick Finish to close Setup"
!insertmacro MUI_INSTALLOPTIONS_WRITE "ioSpecial.ini" "Field 4" "Type" ""
${endif}
FunctionEnd
;-----------------------------------------
Function GetWindowsVersion
Push $R0
Push $R1
ClearErrors
ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion
IfErrors 0 lbl_winnt
; we are not NT
ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion" VersionNumber
StrCpy $R1 $R0 1
StrCmp $R1 '4' 0 lbl_error
StrCpy $R1 $R0 3
StrCmp $R1 '4.0' lbl_win32_95
StrCmp $R1 '4.9' lbl_win32_ME lbl_win32_98
lbl_win32_95:
StrCpy $R0 '95'
Goto lbl_done
lbl_win32_98:
StrCpy $R0 '98'
Goto lbl_done
lbl_win32_ME:
StrCpy $R0 'ME'
Goto lbl_done
lbl_winnt:
StrCpy $R1 $R0 1
StrCmp $R1 '3' lbl_winnt_x
StrCmp $R1 '4' lbl_winnt_x
StrCpy $R1 $R0 3
StrCmp $R1 '5.0' lbl_winnt_2000
StrCmp $R1 '5.1' lbl_winnt_XP
StrCmp $R1 '5.2' lbl_winnt_2003
StrCmp $R1 '6.0' lbl_winnt_Vista
StrCmp $R1 '6.1' lbl_winnt_Windows7 lbl_error
lbl_winnt_x:
StrCpy $R0 "NT $R0" 6
Goto lbl_done
lbl_winnt_2000:
Strcpy $R0 '2000'
Goto lbl_done
lbl_winnt_XP:
Strcpy $R0 'XP'
Goto lbl_done
lbl_winnt_2003:
Strcpy $R0 '2003'
Goto lbl_done
lbl_winnt_Vista:
Strcpy $R0 'Vista'
Goto lbl_done
lbl_winnt_Windows7:
Strcpy $R0 'Windows7'
Goto lbl_done
lbl_error:
Strcpy $R0 ''
lbl_done:
Pop $R1
Exch $R0
Function SecService
MessageBox MB_YESNO "Are you sure you want to run this as a service?$\r$\nOnly suitable for a secure environment, this machine will have constant access to your work network." IDYES RunService IDNO Cancel
RunService:
; Set service to Automatic and start service.
WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\services\OpenVPNService" "Start" 2
DetailPrint "VPN Service START"
nsExec::ExecToLog '"$BIN_DIRopenvpnserv.exe" -start'
Pop $R0 # return value/error/timeout
;MessageBox mb_ok "Service Output $R0"
; Delete OpenVPN GUI Shortcuts
SetShellVarContext all
Delete "$DESKTOP\OpenVPN GUI.lnk"
Delete "$STARTMENU\Programs\OpenVPN\OpenVPN GUI.lnk"
Cancel:
;MessageBox mb_ok "The Cancel but was ticked, leaving everything default"
FunctionEnd
;----------------------------------------------------------------------------------------------------------------------------------------------------------------
......@@ -2,11 +2,11 @@
# Useful vars
openvpn_config_dir="/etc/openvpn/"
ccd_dir="$openvpn_config_dir/ccd/"
ccd_revoked_dir="$openvpn_config_dir/ccd_revoked/"
OPENVPNCONFIGDIR="/etc/openvpn/"
CCDDIR="$OPENVPNCONFIGDIR/ccd/"
CCDREVOKEDDIR="$OPENVPNCONFIGDIR/ccd_revoked/"
shorewall_vars="/etc/shorewall/openvpn.vars"
SHOREWALLVARS="/etc/shorewall/openvpn.vars"
# ask_key_questions
......@@ -24,7 +24,7 @@ shorewall_vars="/etc/shorewall/openvpn.vars"
function ask_key_questions
{
read -p "Common Name of certificate (this should be unique): " OVPN_COMMONNAME
read -p "Common Name of certificate (this should be unique using [A-z0-9_] only ): " OVPN_COMMONNAME
read -p "Users E-mail address for certificate: " OVPN_EMAIL
}
......@@ -142,10 +142,26 @@ y" | \
# get_current_certificates
# echo's out a list of currect vpn certificates
#
function get_current_certificates {
function get_current_certificates () {
echo "Index User <email address>"
echo "Index User <email address>"
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'
}
function create_shorewall_vars () {
grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | sed "s/-//g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
}
function prompt_restart_shorewall () {
read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
if [ "$SHOREWALLYN" = "y" ] ; then
echo "OK proceeding"
shorewall restart
else
exit
fi
}
......@@ -52,7 +52,7 @@ $KEY
popd >/dev/null
OVPNFILE="openvpn-generic-client-${FILEBASE}.ovpn"
OVPNFILE="openvpn-${FILEBASE}.ovpn"
cp ${WORKDIR}/${FILEBASE}.ovpn ./$OVPNFILE
if [ "$CACHE_BUILDS" == "yes" ]
......@@ -91,4 +91,4 @@ else
echo -n
fi
echo "Your OpenVPN config file is openvpn-generic-client-${FILEBASE}.ovpn"
echo "Your OpenVPN config file is $OVPNFILE"
......@@ -39,9 +39,9 @@ sed "s/%%ORGNICK%%/$OVPN_ORGNICK/;
popd >/dev/null
zip -j openvpn-client-${FILEBASE}.zip ${WORKDIR}/*
zip -j openvpn-${FILEBASE}.zip ${WORKDIR}/*
if [ "$CACHE_BUILDS" == "yes" ]
then mv openvpn-client-${FILEBASE}.zip /var/lib/openvpn-server/openssl/builds/
then mv openvpn-${FILEBASE}.zip /var/lib/openvpn-server/openssl/builds/
fi
rm -rf $WORKDIR
......@@ -56,4 +56,4 @@ else
fi
echo "Your OpenVPN config files are in openvpn-client-${FILEBASE}.zip"
echo "Your OpenVPN config files are in openvpn-${FILEBASE}.zip"
......@@ -19,28 +19,28 @@ fi
cd /etc/openvpn/
if [ ! -d "$ccd_revoked_dir" ]; then
mkdir "$ccd_revoked_dir"
if [ ! -d "$CCDREVOKEDDIR" ]; then
mkdir "$CCDREVOKEDDIR"
fi
echo "Beginning ccd clean up..."
for f in `ls "$ccd_dir"` ; do
for f in `ls "$CCDDIR"` ; do
if grep -q "^R.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then
echo "$f moved"
mv "$ccd_dir/$f" "$ccd_revoked_dir/"
mv "$CCDDIR/$f" "$CCDREVOKEDDIR"
fi
done
echo "You can find moved files in $ccd_revoked_dir"
echo "You can find moved files in $CCDREVOKEDDIR"
echo ""
wtf=false
echo "Checking for ccd's without a valid key..."
for f in `ls "$ccd_dir"` ; do
for f in `ls "$CCDDIR"` ; do
if ! grep -q "^V.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then
wtf=true
......@@ -53,6 +53,10 @@ if [ "$wtf" = true ] ; then
echo "..wtfomgbbq!?! Son you've got a serious problem, the ccd file(s) above don't have a valid key nor are they revoked. Get it sorted will ya."
else
echo "...all good"
create_shorewall_vars
prompt_restart_shorewall
fi
......
......@@ -8,10 +8,9 @@
#setting the COMMONNAME to $1
COMMONNAME=$1
. /usr/share/openvpn-server/functions.sh
. /etc/openvpn-server/config.sh
CCDDIR=/etc/openvpn/ccd/
SHOREWALLVARS=/etc/shorewall/openvpn.vars
IPPREFIX=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf |grep 'server '|cut -f2 -d' '|cut -f1,2,3 -d.`.
IP=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f2 -d' '`
......@@ -32,15 +31,6 @@ echo FIREWALLED=yes >> /etc/openvpn-server/config.sh
;;
esac
function prompt_restart_shorewall () {
read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
if [ "$SHOREWALLYN" = "y" ] ; then
echo "OK proceeding"
shorewall restart
else
exit
fi
}
function get_new_ip() {
local newip=""
......@@ -59,6 +49,13 @@ function get_new_ip() {
}
# Return the openvpn server endpoint for an IP
function get_server_endpoint_ip {
echo "$1" | awk -F"." '{$4++;print $1"."$2"."$3"."$4}'
}
#Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints.
#They must be taken from successive /30 subnets in order to be compatible with Windows clients
#and the TAP-Win32 driver.
......@@ -85,17 +82,22 @@ if [ -x $ip ] ; then
echo "we appear to have run out of ip's, fix it"
echo "then run \$ $0 $COMMONNAME"
else
IFS='.' read -ra ipnums <<< $ip
(( ipnums[3]++ ))
newgw=$(echo ${ipnums[*]} | sed "s/ /\./g")
endpointip=$(get_server_endpoint_ip $ip)
echo "your new ip will be $ip"
echo "your new gateway will be $newgw"
echo "writing new ccd for you"
echo ifconfig-push $ip $newgw > $CCDDIR$COMMONNAME
echo "your new gateway will be $endpointip"
if [ $COMMONNAME == "" ] ; then
echo "writing new ccd $COMMONNAME"
echo ifconfig-push $ip $endpointip > $CCDDIR$COMMONNAME
echo "writing new shorewall vars"
grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
prompt_restart_shorewall
echo "writing new shorewall vars"
create_shorewall_vars
prompt_restart_shorewall
else
echo "no command name supplied so nothing will be written out"
echo "to write the results run \$ $0 <COMMONNAME>"
fi
fi
......
#!/usr/bin/env bash
. ../scripts/make-static-ip
TESTDIR="/tmp/openvpn-server_unit-tests"
CCDDIR="$TESTDIR/ccd"
SHOREWALLVARS="$TESTDIR/shorewall.vars"
rm -rf $TESTDIR
mkdir $TESTDIR
mkdir $CCDDIR
echo "Test ip range generation:"
for i in {1..50} ; do
get_new_ip 10.0.0.1 255.255.255.0 > $CCDDIR/range_a$i
done
for i in {51..100} ; do
get_new_ip 10.0.0.1 255.255.254.0 > $CCDDIR/range_b$i
done
echo -n "Start ip: "
if [ `cat $CCDDIR/range_a1` -eq "10.0.0.5" ] ; then
echo PASSED
else
echo FAILED
fi
echo -n "boundary ip: "
if [ `cat $CCDDIR/range_b63` -eq "10.0.0.253" ] && [ `cat $CCDDIR/range_b64` -eq "10.0.1.1" ] ; then
echo PASSED
else
echo FAILED
fi
echo -n "End ip: "
if [ `cat $CCDDIR/range_b100` -eq "10.0.1.145" ] ; then
echo PASSED
else
echo FAILED
fi
echo -n "Test reallocation to removed ip:"
rm $CCDDIR/range_a2
rm $CCDDIR/range_b99
get_new_ip 10.0.0.1 255.255.254.0 > $CCDDIR/allocate_a2
get_new_ip 10.0.0.1 255.255.254.0 > $CCDDIR/allocate_b99
if [ `cat $CCDDIR/allocate_a2` -eq "10.0.0.9" ] && [ `cat $CCDDIR/allocate_b99` -eq "10.0.1.141" ] ; then
echo PASSED
else
echo FAILED
fi
echo -n "Test server ip:"
testip=$(get_new_ip 10.0.0.1 255.255.254.0)
testendpointip=$(get_server_endpoint_ip $ip)
if [ $testip -eq "10.0.1.149" ] && [ $testendpointip -eq "10.0.1.150" ] ; then
echo PASSED
else
echo FAILED
fi
echo -n "Test no available ip's:"
if [ `get_new_ip 10.0.0.1 255.255.255.0` -ue "" ] ; then
echo PASSED
else
echo FAILED
fi
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment