|
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+#!/bin/bash
|
|
|
2
|
+#
|
|
|
3
|
+# .---. . .
|
|
|
4
|
+# | | |
|
|
|
5
|
+# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
|
6
|
+# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
|
7
|
+# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
|
8
|
+#
|
|
|
9
|
+# Freedom in the Cloud
|
|
|
10
|
+#
|
|
|
11
|
+# Blogging functions for mesh clients
|
|
|
12
|
+#
|
|
|
13
|
+# License
|
|
|
14
|
+# =======
|
|
|
15
|
+#
|
|
|
16
|
+# This program is free software: you can redistribute it and/or modify
|
|
|
17
|
+# it under the terms of the GNU Affero General Public License as published by
|
|
|
18
|
+# the Free Software Foundation, either version 3 of the License, or
|
|
|
19
|
+# (at your option) any later version.
|
|
|
20
|
+#
|
|
|
21
|
+# This program is distributed in the hope that it will be useful,
|
|
|
22
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
23
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
24
|
+# GNU Affero General Public License for more details.
|
|
|
25
|
+#
|
|
|
26
|
+# You should have received a copy of the GNU Affero General Public License
|
|
|
27
|
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
28
|
+
|
|
|
29
|
+PROJECT_NAME='freedombone'
|
|
|
30
|
+
|
|
|
31
|
+export TEXTDOMAIN=${PROJECT_NAME}-mesh-blog
|
|
|
32
|
+export TEXTDOMAINDIR="/usr/share/locale"
|
|
|
33
|
+
|
|
|
34
|
+MY_USERNAME='fbone'
|
|
|
35
|
+
|
|
|
36
|
+OPENVPN_SERVER_NAME="server"
|
|
|
37
|
+OPENVPN_KEY_FILENAME='client.ovpn'
|
|
|
38
|
+VPN_COUNTRY_CODE="US"
|
|
|
39
|
+VPN_AREA="Apparent Free Speech Zone"
|
|
|
40
|
+VPN_LOCATION="Freedomville"
|
|
|
41
|
+VPN_ORGANISATION="Freedombone"
|
|
|
42
|
+VPN_UNIT="Freedombone Unit"
|
|
|
43
|
+STUNNEL_PORT=3439
|
|
|
44
|
+VPN_TLS_PORT=553
|
|
|
45
|
+VPN_MESH_TLS_PORT=653
|
|
|
46
|
+
|
|
|
47
|
+function vpn_generate_keys {
|
|
|
48
|
+ # generate host keys
|
|
|
49
|
+ if [ ! -f /etc/openvpn/dh2048.pem ]; then
|
|
|
50
|
+ ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
|
|
|
51
|
+ fi
|
|
|
52
|
+ if [ ! -f /etc/openvpn/dh2048.pem ]; then
|
|
|
53
|
+ echo $'vpn dhparams were not generated' >> /var/log/${PROJECT_NAME}.log
|
|
|
54
|
+ exit 73724523
|
|
|
55
|
+ fi
|
|
|
56
|
+ cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
|
|
|
57
|
+
|
|
|
58
|
+ cd /etc/openvpn/easy-rsa
|
|
|
59
|
+ . ./vars
|
|
|
60
|
+ ./clean-all
|
|
|
61
|
+ vpn_openssl_version='1.0.0'
|
|
|
62
|
+ if [ ! -f openssl-${vpn_openssl_version}.cnf ]; then
|
|
|
63
|
+ echo $"openssl-${vpn_openssl_version}.cnf was not found" >> /var/log/${PROJECT_NAME}.log
|
|
|
64
|
+ exit 7392353
|
|
|
65
|
+ fi
|
|
|
66
|
+ cp openssl-${vpn_openssl_version}.cnf openssl.cnf
|
|
|
67
|
+
|
|
|
68
|
+ if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
|
|
|
69
|
+ rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
|
|
|
70
|
+ fi
|
|
|
71
|
+ if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
|
|
|
72
|
+ rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key
|
|
|
73
|
+ fi
|
|
|
74
|
+ if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr ]; then
|
|
|
75
|
+ rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr
|
|
|
76
|
+ fi
|
|
|
77
|
+ sed -i 's| --interact||g' build-key-server
|
|
|
78
|
+ sed -i 's| --interact||g' build-ca
|
|
|
79
|
+ ./build-ca
|
|
|
80
|
+ ./build-key-server ${OPENVPN_SERVER_NAME}
|
|
|
81
|
+ if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
|
|
|
82
|
+ echo $'OpenVPN crt not found' >> /var/log/${PROJECT_NAME}.log
|
|
|
83
|
+ exit 7823352
|
|
|
84
|
+ fi
|
|
|
85
|
+ server_cert=$(cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt)
|
|
|
86
|
+ if [ ${#server_cert} -lt 10 ]; then
|
|
|
87
|
+ cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
|
|
|
88
|
+ echo $'Server cert generation failed' >> /var/log/${PROJECT_NAME}.log
|
|
|
89
|
+ exit 3284682
|
|
|
90
|
+ fi
|
|
|
91
|
+
|
|
|
92
|
+ if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
|
|
|
93
|
+ echo $'OpenVPN key not found' >> /var/log/${PROJECT_NAME}.log
|
|
|
94
|
+ exit 6839436
|
|
|
95
|
+ fi
|
|
|
96
|
+ if [ ! -f /etc/openvpn/easy-rsa/keys/ca.key ]; then
|
|
|
97
|
+ echo $'OpenVPN ca not found' >> /var/log/${PROJECT_NAME}.log
|
|
|
98
|
+ exit 7935203
|
|
|
99
|
+ fi
|
|
|
100
|
+ cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
|
|
|
101
|
+
|
|
|
102
|
+ create_user_vpn_key ${MY_USERNAME}
|
|
|
103
|
+}
|
|
|
104
|
+
|
|
|
105
|
+function generate_stunnel_keys {
|
|
|
106
|
+ echo "Creating stunnel keys" >> /var/log/${PROJECT_NAME}.log
|
|
|
107
|
+ openssl req -x509 -nodes -days 3650 -sha256 \
|
|
|
108
|
+ -subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
|
|
|
109
|
+ -newkey rsa:2048 -keyout /etc/stunnel/key.pem \
|
|
|
110
|
+ -out /etc/stunnel/cert.pem
|
|
|
111
|
+ if [ ! -f /etc/stunnel/key.pem ]; then
|
|
|
112
|
+ echo $'stunnel key not created' >> /var/log/${PROJECT_NAME}.log
|
|
|
113
|
+ exit 793530
|
|
|
114
|
+ fi
|
|
|
115
|
+ if [ ! -f /etc/stunnel/cert.pem ]; then
|
|
|
116
|
+ echo $'stunnel cert not created' >> /var/log/${PROJECT_NAME}.log
|
|
|
117
|
+ exit 204587
|
|
|
118
|
+ fi
|
|
|
119
|
+ chmod 400 /etc/stunnel/key.pem
|
|
|
120
|
+ chmod 640 /etc/stunnel/cert.pem
|
|
|
121
|
+
|
|
|
122
|
+ cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
|
|
|
123
|
+ chmod 640 /etc/stunnel/stunnel.pem
|
|
|
124
|
+
|
|
|
125
|
+ openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
|
|
|
126
|
+ if [ ! -f /etc/stunnel/stunnel.p12 ]; then
|
|
|
127
|
+ echo $'stunnel pkcs12 not created' >> /var/log/${PROJECT_NAME}.log
|
|
|
128
|
+ exit 639353
|
|
|
129
|
+ fi
|
|
|
130
|
+ chmod 640 /etc/stunnel/stunnel.p12
|
|
|
131
|
+
|
|
|
132
|
+ cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
|
|
|
133
|
+ cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
|
|
|
134
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
|
|
|
135
|
+ echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log
|
|
|
136
|
+}
|
|
|
137
|
+
|
|
|
138
|
+function mesh_setup_vpn {
|
|
|
139
|
+ vpn_generate_keys
|
|
|
140
|
+
|
|
|
141
|
+ cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
|
|
|
142
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
|
|
|
143
|
+
|
|
|
144
|
+ generate_stunnel_keys
|
|
|
145
|
+
|
|
|
146
|
+ sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn
|
|
|
147
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/client.ovpn
|
|
|
148
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
|
|
|
149
|
+
|
|
|
150
|
+ # create an archive of the vpn client files
|
|
|
151
|
+ cd /home/$MY_USERNAME
|
|
|
152
|
+ tar -czvf vpn.tar.gz stunnel* client.ovpn
|
|
|
153
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz
|
|
|
154
|
+
|
|
|
155
|
+ if [ -f vpn.tar.gz ]; then
|
|
|
156
|
+ dialog --title $"Generate VPN client keys" \
|
|
|
157
|
+ --msgbox $"\nNew VPN client keys have been generated in the /home/fbone directory.\n\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\n\nThey should uncompress vpn.tar.gz to their /home/fbone directory, then connect using your IP address or domain name." 15 70
|
|
|
158
|
+ fi
|
|
|
159
|
+}
|
|
|
160
|
+
|
|
|
161
|
+function connect_to_vpn {
|
|
|
162
|
+ dialog --title $"VPN Connect to another mesh network" \
|
|
|
163
|
+ --backtitle $"Freedombone Mesh" \
|
|
|
164
|
+ --defaultno \
|
|
|
165
|
+ --yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator and uncompressed it into the /home/fbone directory?" 10 70
|
|
|
166
|
+ sel=$?
|
|
|
167
|
+ case $sel in
|
|
|
168
|
+ 1) return;;
|
|
|
169
|
+ 255) return;;
|
|
|
170
|
+ esac
|
|
|
171
|
+
|
|
|
172
|
+ data=$(tempfile 2>/dev/null)
|
|
|
173
|
+ trap "rm -f $data" 0 1 2 5 15
|
|
|
174
|
+ dialog --title $"VPN Connect to another mesh network" \
|
|
|
175
|
+ --backtitle $"Freedombone Mesh" \
|
|
|
176
|
+ --inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data
|
|
|
177
|
+ sel=$?
|
|
|
178
|
+ case $sel in
|
|
|
179
|
+ 0)
|
|
|
180
|
+ ip_or_domain=$(<$data)
|
|
|
181
|
+ if [ ${#ip_or_domain} -gt 1 ]; then
|
|
|
182
|
+ if [[ "$ip_or_domain" == *'.'* ]]; then
|
|
|
183
|
+
|
|
|
184
|
+ if [ ! -f ~/client.ovpn ]; then
|
|
|
185
|
+ rm $data
|
|
|
186
|
+ exit 1
|
|
|
187
|
+ fi
|
|
|
188
|
+ if [ ! -f ~/stunnel.pem ]; then
|
|
|
189
|
+ rm $data
|
|
|
190
|
+ exit 1
|
|
|
191
|
+ fi
|
|
|
192
|
+ if [ ! -f ~/stunnel.p12 ]; then
|
|
|
193
|
+ rm $data
|
|
|
194
|
+ exit 1
|
|
|
195
|
+ fi
|
|
|
196
|
+
|
|
|
197
|
+ sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn
|
|
|
198
|
+
|
|
|
199
|
+ clear
|
|
|
200
|
+ cd ~/
|
|
|
201
|
+ sudo stunnel stunnel-client.conf
|
|
|
202
|
+ sudo openvpn client.ovpn
|
|
|
203
|
+ fi
|
|
|
204
|
+ fi
|
|
|
205
|
+ ;;
|
|
|
206
|
+ esac
|
|
|
207
|
+
|
|
|
208
|
+ rm $data
|
|
|
209
|
+}
|
|
|
210
|
+
|
|
|
211
|
+data=$(tempfile 2>/dev/null)
|
|
|
212
|
+trap "rm -f $data" 0 1 2 5 15
|
|
|
213
|
+dialog --backtitle $"Freedombone Mesh" \
|
|
|
214
|
+ --title $"Connect to another mesh network" \
|
|
|
215
|
+ --radiolist $"Choose an operation:" 10 75 2 \
|
|
|
216
|
+ 1 $"Connect to another mesh network" on \
|
|
|
217
|
+ 2 $"Generate VPN keys for another mesh network to connect to me" off 2> $data
|
|
|
218
|
+sel=$?
|
|
|
219
|
+case $sel in
|
|
|
220
|
+ 1) exit 1;;
|
|
|
221
|
+ 255) exit 1;;
|
|
|
222
|
+esac
|
|
|
223
|
+case $(cat $data) in
|
|
|
224
|
+ 1) rm $data
|
|
|
225
|
+ connect_to_vpn;;
|
|
|
226
|
+ 2) rm $data
|
|
|
227
|
+ mesh_setup_vpn;;
|
|
|
228
|
+esac
|
|
|
229
|
+
|
|
|
230
|
+exit 0
|
Bob Mottram
7 年之前
