diff --git a/openvpn/updateFreeVPN.sh b/openvpn/freevpn/configure-openvpn.sh similarity index 90% rename from openvpn/updateFreeVPN.sh rename to openvpn/freevpn/configure-openvpn.sh index 8c44c77b4..7ee18b427 100755 --- a/openvpn/updateFreeVPN.sh +++ b/openvpn/freevpn/configure-openvpn.sh @@ -17,8 +17,7 @@ OPENVPN_IP=$(curl -s https://freevpn.${DOMAIN}/accounts/ | grep IP | sed s/"^.* # freevpn.me , main server, presents two servers with different address # and related password to be used SERVER=${OPENVPN_IP%".freevpn.${DOMAIN}"} -PASSWORD=$(curl -s https://freevpn.${DOMAIN}/accounts/ | grep Password | sed s/"^.*Password\:.... "/""/g | sed s/"<.*"/""/g) -echo "${PASSWORD}" > /etc/freevpn_password +export OPENVPN_PASSWORD=$(curl -s https://freevpn.${DOMAIN}/accounts/ | grep Password | sed s/"^.*Password\:.... "/""/g | sed s/"<.*"/""/g) DIR="/tmp/freevpn" TARGET="/etc/openvpn/freevpn" diff --git a/openvpn/modify-openvpn-config.sh b/openvpn/modify-openvpn-config.sh new file mode 100755 index 000000000..8db4faf02 --- /dev/null +++ b/openvpn/modify-openvpn-config.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +echo "Modify chosen OpenVPN config for best behaviour in this container" + +# Every config modification have its own environemnt variable that can configure the behaviour. +# Different users, providers or host systems might have specific preferences. +# But we should try to add sensible defaults, a way to disable it, and alternative implementations as needed. + +CONFIG_MOD_USERPASS=${CONFIG_MOD_USERPASS:-"1"} + + +## Option 1 - Change the auth-user-pass line to point to credentials file +if [[ $CONFIG_MOD_USERPASS == "1" ]]; then + echo "Point auth-user-pass option to the username/password file" + sed -i "s/auth-user-pass/auth-user-pass \/config\/openvpn-credentials.txt/" "$CHOSEN_OPENVPN_CONFIG" +fi diff --git a/openvpn/nordvpn/configure-openvpn.sh b/openvpn/nordvpn/configure-openvpn.sh new file mode 100755 index 000000000..c8044fcc3 --- /dev/null +++ b/openvpn/nordvpn/configure-openvpn.sh @@ -0,0 +1,19 @@ +#! /bin/bash + +NORDVPN_PROTOCOL=${NORDVPN_PROTOCOL:-UDP} +export NORDVPN_PROTOCOL + +NORDVPN_CATEGORY=${NORDVPN_CATEGORY:-P2P} +export NORDVPN_CATEGORY + + +if [[ -n $OPENVPN_CONFIG ]]; then + tmp_Protocol="${OPENVPN_CONFIG##*.}" + export NORDVPN_PROTOCOL=${tmp_Protocol^^} + echo "Setting NORDVPN_PROTOCOL to: ${NORDVPN_PROTOCOL}" + ${VPN_PROVIDER_HOME}/updateConfigs.sh --openvpn-config +elif [[ -n $NORDVPN_COUNTRY ]]; then + export OPENVPN_CONFIG=$(${VPN_PROVIDER_HOME}/updateConfigs.sh) +else + export OPENVPN_CONFIG=$(${VPN_PROVIDER_HOME}/updateConfigs.sh --get-recommended) +fi \ No newline at end of file diff --git a/openvpn/nordvpn/updateConfigs.sh b/openvpn/nordvpn/updateConfigs.sh index c83381b68..786e01d91 100755 --- a/openvpn/nordvpn/updateConfigs.sh +++ b/openvpn/nordvpn/updateConfigs.sh @@ -110,7 +110,7 @@ download_hostname() { log "Downloading config: ${ovpnName}" log "Downloading from: ${nordvpn_cdn}" - curl ${nordvpn_cdn} -o "${ovpnName}" + curl -sSL ${nordvpn_cdn} -o "${ovpnName}" } update_hostname() { log "Checking line endings" diff --git a/openvpn/start.sh b/openvpn/start.sh index dcc2416ac..1e9151fc3 100755 --- a/openvpn/start.sh +++ b/openvpn/start.sh @@ -1,7 +1,17 @@ #!/bin/bash -VPN_PROVIDER="${OPENVPN_PROVIDER,,}" -VPN_PROVIDER_CONFIGS="/etc/openvpn/${VPN_PROVIDER}" -export VPN_PROVIDER_CONFIGS + +## +# Get some initial setup out of the way. +## + +[[ "${DEBUG}" == "true" ]] && set -x + +# If openvpn-pre-start.sh exists, run it +if [[ -x /scripts/openvpn-pre-start.sh ]]; then + echo "Executing /scripts/openvpn-pre-start.sh" + /scripts/openvpn-pre-start.sh "$@" + echo "/scripts/openvpn-pre-start.sh returned $?" +fi # If create_tun_device is set, create /dev/net/tun if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then @@ -10,98 +20,67 @@ if [[ "${CREATE_TUN_DEVICE,,}" == "true" ]]; then chmod 0666 /dev/net/tun fi -if [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then - echo "OpenVPN provider not set. Exiting." - exit 1 -elif [[ ! -d "${VPN_PROVIDER_CONFIGS}" ]]; then - echo "Could not find OpenVPN provider: ${OPENVPN_PROVIDER}" - echo "Please check your settings." - exit 1 +## +# Configure OpenVPN. +# This basically means to figure out the config file to use as well as username/password +## + +# If no OPENVPN_PROVIDER is given, we default to "custom" provider. +VPN_PROVIDER="${OPENVPN_PROVIDER:-custom}" +VPN_PROVIDER="${VPN_PROVIDER,,}" # to lowercase +VPN_PROVIDER_HOME="/etc/openvpn/${VPN_PROVIDER}" +mkdir -p "$VPN_PROVIDER_HOME" + +# Make sure that we have enough information to start OpenVPN +if [[ -z $OPENVPN_CONFIG_URL ]] && [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then + echo "ERROR: Cannot determine where to find your OpenVPN config. Both OPENVPN_CONFIG_URL and OPENVPN_PROVIDER is unset." + echo "You have to either provide a URL to the config you want to use, or set a configured provider that will download one for you." + echo "Exiting..." && exit 1 +fi +echo "Using OpenVPN provider: ${VPN_PROVIDER^^}" + +if [[ -n $OPENVPN_CONFIG_URL ]]; then + echo "Found URL to OpenVPN config, will download it." + CHOSEN_OPENVPN_CONFIG=$VPN_PROVIDER_HOME/downloaded_config.ovpn + curl -o "$CHOSEN_OPENVPN_CONFIG" -sSL "$OPENVPN_CONFIG_URL" + # shellcheck source=/dev/null + . /etc/openvpn/modify-openvpn-config.sh +elif [[ -x $VPN_PROVIDER_HOME/configure-openvpn.sh ]]; then + echo "Provider $OPENVPN_PROVIDER has a custom startup script, executing it" + # shellcheck source=/dev/null + . "$VPN_PROVIDER_HOME"/configure-openvpn.sh fi -echo "Using OpenVPN provider: ${OPENVPN_PROVIDER}" +if [[ -z ${CHOSEN_OPENVPN_CONFIG} ]]; then + # We still don't have a config. The user might have set a config in OPENVPN_CONFIG. + if [[ -n "${OPENVPN_CONFIG-}" ]]; then + readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}" -# If openvpn-pre-start.sh exists, run it -if [ -x /scripts/openvpn-pre-start.sh ] -then - echo "Executing /scripts/openvpn-pre-start.sh" - /scripts/openvpn-pre-start.sh "$@" - echo "/scripts/openvpn-pre-start.sh returned $?" -fi + ## Trim leading and trailing spaces from all entries. Inefficient as all heck, but works like a champ. + for i in "${!OPENVPN_CONFIG_ARRAY[@]}"; do + OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]#"${OPENVPN_CONFIG_ARRAY[${i}]%%[![:space:]]*}"}" + OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]%"${OPENVPN_CONFIG_ARRAY[${i}]##*[![:space:]]}"}" + done -if [[ "${OPENVPN_PROVIDER^^}" = "NORDVPN" ]] -then - if [[ -z $NORDVPN_PROTOCOL ]] - then - export NORDVPN_PROTOCOL=UDP + # If there were multiple configs (comma separated), select one of them + if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then + OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]})) + echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly" + OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}" fi - if [[ -z $NORDVPN_CATEGORY ]] - then - export NORDVPN_CATEGORY=P2P - fi - - if [[ -n $OPENVPN_CONFIG ]] - then - tmp_Protocol="${OPENVPN_CONFIG##*.}" - export NORDVPN_PROTOCOL=${tmp_Protocol^^} - echo "Setting NORDVPN_PROTOCOL to: ${NORDVPN_PROTOCOL}" - ${VPN_PROVIDER_CONFIGS}/updateConfigs.sh --openvpn-config - elif [[ -n $NORDVPN_COUNTRY ]] - then - export OPENVPN_CONFIG=$(${VPN_PROVIDER_CONFIGS}/updateConfigs.sh) + # Check that the chosen config exists. + if [[ -f "${VPN_PROVIDER_HOME}/${OPENVPN_CONFIG}.ovpn" ]]; then + echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" + CHOSEN_OPENVPN_CONFIG="${VPN_PROVIDER_HOME}/${OPENVPN_CONFIG}.ovpn" else - export OPENVPN_CONFIG=$(${VPN_PROVIDER_CONFIGS}/updateConfigs.sh --get-recommended) + echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." + exit 1 # No longer fall back to default. The user chose a specific config - we should use it or fail. fi -elif [[ "${OPENVPN_PROVIDER^^}" = "FREEVPN" ]] -then - FREEVPN_DOMAIN=${OPENVPN_CONFIG%%-*} - - # Update FreeVPN certs - /etc/openvpn/updateFreeVPN.sh - # Get password obtained from updateFreeVPN.sh - export OPENVPN_PASSWORD=$(cat /etc/freevpn_password) - rm /etc/freevpn_password -elif [[ "${OPENVPN_PROVIDER^^}" = "VPNBOOK" ]] -then - pwd_url=$(curl -s "https://www.vpnbook.com/freevpn" | grep -m2 "Password:" | tail -n1 | cut -d \" -f2) - curl -s -X POST --header "apikey: 5a64d478-9c89-43d8-88e3-c65de9999580" \ - -F "url=https://www.vpnbook.com/${pwd_url}" \ - -F 'language=eng' \ - -F 'isOverlayRequired=true' \ - -F 'FileType=.Auto' \ - -F 'IsCreateSearchablePDF=false' \ - -F 'isSearchablePdfHideTextLayer=true' \ - -F 'scale=true' \ - -F 'detectOrientation=false' \ - -F 'isTable=false' \ - "https://api.ocr.space/parse/image" -o /tmp/vpnbook_pwd - export OPENVPN_PASSWORD=$(cat /tmp/vpnbook_pwd | awk -F',' '{ print $1 }' | awk -F':' '{print $NF}' | tr -d '"' | awk '{print $1 $2}') -fi - -if [[ -n "${OPENVPN_CONFIG-}" ]]; then - readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}" - ## Trim leading and trailing spaces from all entries. Inefficient as all heck, but works like a champ. - for i in "${!OPENVPN_CONFIG_ARRAY[@]}"; do - OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]#"${OPENVPN_CONFIG_ARRAY[${i}]%%[![:space:]]*}"}" - OPENVPN_CONFIG_ARRAY[${i}]="${OPENVPN_CONFIG_ARRAY[${i}]%"${OPENVPN_CONFIG_ARRAY[${i}]##*[![:space:]]}"}" - done - if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then - OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]})) - echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly" - OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}" - fi - if [[ -f "${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn" ]]; then - echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" - OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn" else - echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." - echo "Using default OpenVPN gateway for provider ${VPN_PROVIDER}" - OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" + echo "No VPN configuration provided. Using default." + CHOSEN_OPENVPN_CONFIG="${VPN_PROVIDER_HOME}/default.ovpn" fi -else - echo "No VPN configuration provided. Using default." - OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" fi # add OpenVPN user/pass @@ -110,7 +89,7 @@ if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**N echo "OpenVPN credentials not set. Exiting." exit 1 fi - echo "Found existing OPENVPN credentials..." + echo "Found existing OPENVPN credentials at /config/openvpn-credentials.txt" else echo "Setting OPENVPN credentials..." mkdir -p /config @@ -165,6 +144,7 @@ if [[ "${ENABLE_UFW,,}" == "true" ]]; then ufw disable echo "" > /etc/ufw/user.rules fi + # Enable firewall echo "enabling firewall" sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw @@ -215,4 +195,5 @@ if [[ -n "${LOCAL_NETWORK-}" ]]; then fi fi -exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${OPENVPN_CONFIG}" +# shellcheck disable=SC2086 +exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${CHOSEN_OPENVPN_CONFIG}" \ No newline at end of file diff --git a/openvpn/vpnbook/configure-openvpn.sh b/openvpn/vpnbook/configure-openvpn.sh new file mode 100755 index 000000000..29ecba679 --- /dev/null +++ b/openvpn/vpnbook/configure-openvpn.sh @@ -0,0 +1,15 @@ +#! /bin/bash + +pwd_url=$(curl -s "https://www.vpnbook.com/freevpn" | grep -m2 "Password:" | tail -n1 | cut -d \" -f2) +curl -s -X POST --header "apikey: 5a64d478-9c89-43d8-88e3-c65de9999580" \ + -F "url=https://www.vpnbook.com/${pwd_url}" \ + -F 'language=eng' \ + -F 'isOverlayRequired=true' \ + -F 'FileType=.Auto' \ + -F 'IsCreateSearchablePDF=false' \ + -F 'isSearchablePdfHideTextLayer=true' \ + -F 'scale=true' \ + -F 'detectOrientation=false' \ + -F 'isTable=false' \ + "https://api.ocr.space/parse/image" -o /tmp/vpnbook_pwd +export OPENVPN_PASSWORD=$(cat /tmp/vpnbook_pwd | awk -F',' '{ print $1 }' | awk -F':' '{print $NF}' | tr -d '"') \ No newline at end of file