Merge pull request #620 from kylemanna/dev

Fix /etc/openvpn/vars bug for old docker volumes
2020-12-04 09:11:37 -08:00 · 2020-12-04 09:11:37 -08:00 · 1228577d45
parent e47f86b0cc 6ad931090b
commit 1228577d45
5 changed files with 5 additions and 50 deletions
--- a/3
+++ b/3
@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
 ENV OPENVPN=/etc/openvpn
 ENV EASYRSA=/usr/share/easy-rsa \
    EASYRSA_CRL_DAYS=3650 \
-    EASYRSA_PKI=$OPENVPN/pki \
-    EASYRSA_VARS_FILE=$OPENVPN/vars
+    EASYRSA_PKI=$OPENVPN/pki

 VOLUME ["/etc/openvpn"]

--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi
 ENV OPENVPN /etc/openvpn
 ENV EASYRSA /usr/share/easy-rsa
 ENV EASYRSA_PKI $OPENVPN/pki
-ENV EASYRSA_VARS_FILE $OPENVPN/vars

 # Prevents refused client connection because of an expired CRL
 ENV EASYRSA_CRL_DAYS 3650
--- a/README.md
+++ b/README.md
@ -31,8 +31,8 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).
  private key used by the newly generated certificate authority.

      docker volume create --name $OVPN_DATA
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
+      docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
+      docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

 * Start OpenVPN server process

@ -40,11 +40,11 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq).

 * Generate a client certificate without a passphrase

-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
+      docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

 * Retrieve the client configuration with embedded certificates

-      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
+      docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

 ## Next Steps

--- a/bin/easyrsa_vars
+++ b/bin/easyrsa_vars
@ -1,39 +0,0 @@
-#!/bin/sh
-
-#
-# Import/export EasyRSA default settings
-#
-
-if [ "$DEBUG" == "1" ]; then
-  set -x
-fi
-
-set -e
-
-if [ $# -lt 1 ]; then
-    echo "No command provided"
-    echo
-    echo "$0 export > /path/to/file"
-    echo "$0 import < /path/to/file"
-    exit 1
-fi
-
-cmd=$1
-shift
-
-case "$cmd" in
-    export)
-        if [ -f "$EASYRSA_VARS_FILE" ]; then
-            cat "$EASYRSA_VARS_FILE"
-        else
-            cat "$EASYRSA/vars.example"
-        fi
-        ;;
-    import)
-        cat > "$EASYRSA_VARS_FILE"
-        ;;
-    *)
-        echo "Unknown cmd \"$cmd\""
-        exit 2
-        ;;
-esac
--- a/bin/ovpn_initpki
+++ b/bin/ovpn_initpki
@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh"
 # Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
 nopass=$1

-# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence
-# in the init-pki script
-touch $EASYRSA_VARS_FILE
-
 # Provides a sufficient warning before erasing pre-existing files
 easyrsa init-pki