forked from alikayhan/bitrise-step-open-vpn-with-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
step.sh
105 lines (90 loc) · 3.2 KB
/
step.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
set -eu
case "$OSTYPE" in
linux*)
echo "Configuring for Ubuntu"
echo "Preparing CA"
echo "${ca_crt}" > /etc/openvpn/ca.crt
echo "Preparing TA"
echo "${ta_key}" > /etc/openvpn/ta.key
echo ${user} > /etc/openvpn/auth.txt
echo ${password} >> /etc/openvpn/auth.txt
cat <<EOF > /etc/openvpn/client.conf
client
dev tun
remote ${host} ${port} ${proto}
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /etc/openvpn/ca.crt
tls-auth /etc/openvpn/ta.key
auth-user-pass /etc/openvpn/auth.txt
cipher AES-256-CBC
auth SHA256
tls-client
remote-cert-tls server
setenv CLIENT_CERT 0
key-direction 1
EOF
# We start the VPN service. By default, openvpn takes the client.conf file from the path /etc/openvpn
service openvpn start
# bitrise machines exit on error. We don't want this for this script so we can install resolvconf
set +e
# resolvconf fails in bitrise machines because it can't delete a file shared with the host machine. Let's ignore it
apt install resolvconf -y || true
# We add the DNS IP addresses and search domain to resolve the domains correctly and restart resolvconf
echo -e "nameserver ${vpn_dns}\nnameserver ${vpn_dns2}\nsearch ${search_domain}\n$(cat /etc/resolv.conf)" > /etc/resolvconf/resolv.conf.d/base
service resolvconf restart
if ifconfig | grep tun0 > /dev/null
then
echo "VPN connection succeeded"
else
echo "VPN connection failed!"
exit 1
fi
;;
darwin*)
echo "Configuring for Mac OS"
echo "${ca_crt}" > ca.crt
echo "${ta_key}" > ta.key
echo ${user} > auth.txt
echo ${password} >> auth.txt
# We call openvpn as a command, indicating all the necessary parameters by command line
sudo openvpn --client --tls-client --remote-cert-tls server --resolv-retry infinite --dev tun --proto ${proto} --remote ${host} ${port} --auth-user-pass auth.txt --auth SHA256 --persist-key --persist-tun --compress lz4-v2 --cipher AES-256-CBC --ca ca.crt --tls-auth ta.key --key-direction 1 > /dev/null 2>&1 &
sleep 5
# Traverse the macOS network adapters and set the DNS IP addresses and search domain for each one
IFS=$'\n'
# VPN DNS Server IP addresses and search domain
vpndns=${vpn_dns}
vpndns2=${vpn_dns2}
searchdomain=${search_domain}
adapters=`networksetup -listallnetworkservices |grep -v denotes`
for adapter in $adapters
do
echo updating dns for $adapter
dnssvr=(`networksetup -getdnsservers $adapter`)
if [ $dnssvr != $vpndns ]; then
# We set the DNS IP addresses of the VPN
networksetup -setdnsservers $adapter $vpndns $vpndns2
networksetup -setsearchdomains $adapter $searchdomain
else
# We reverse the DNS IP address to the originals
networksetup -setdnsservers $adapter empty
fi
done
if ifconfig -l | grep utun0 > /dev/null
then
echo "VPN connection succeeded"
else
echo "VPN connection failed!"
exit 1
fi
;;
*)
echo "Unknown operative system: $OSTYPE, exiting"
exit 1
;;
esac