VPN close to being done
diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index 17ae9c9..ef6753b 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel
@@ -101,5 +101,4 @@
RUN echo "set_var EASYRSA /opt/openvpn/easyrsa3" | tee /opt/openvpn/easyrsa3/vars
RUN /opt/openvpn/easyrsa3/easyrsa --batch init-pki
RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-dh
-RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-crl
RUN chmod 777 /opt/openvpn/easyrsa3/pki/dh.pem
diff --git a/xos/configurations/devel/docker-compose.yml b/xos/configurations/devel/docker-compose.yml
index d8d652f..d4f6c3b 100644
--- a/xos/configurations/devel/docker-compose.yml
+++ b/xos/configurations/devel/docker-compose.yml
@@ -29,7 +29,7 @@
- ctl:${MYIP}
volumes:
- ../setup/id_rsa:/opt/xos/synchronizers/vpn/vpn_private_key:ro # private key
-
+ - /opt/openvpn:/opt/openvpn:rw
# FUTURE
#xos_swarm_synchronizer:
# image: xosproject/xos-swarm-synchronizer
@@ -48,3 +48,4 @@
- ../setup:/root/setup:ro
- ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
- ../../core/static/vpn:/opt/xos/core/static/vpn:rw
+ - /opt/openvpn:/opt/openvpn:rw
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index 9e7255b..0f474d3 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -167,14 +167,18 @@
pki_dir = "/opt/openvpn/easyrsa3/server-" + self.instance.id
if (not os.path.isdir(pki_dir)):
os.makedirs(pki_dir)
- shutil.copy2("/opt/openvpn/easyrsa3/", pki_dir)
+ shutil.copy2("/opt/openvpn/easyrsa3/openssl-1.0.cnf", pki_dir)
+ shutil.copy2("/opt/openvpn/easyrsa3/easyrsa", pki_dir)
+ shutil.copytree("/opt/openvpn/easyrsa3/x509-types", pki_dir + "/x509-types")
+ Popen(pki_dir + "/easyrsa --batch init-pki nopass", shell=True, stdout=PIPE).communicate()
Popen(pki_dir + "/easyrsa --batch --req-cn=XOS build-ca nopass", shell=True, stdout=PIPE).communicate()
+
self.instance.ca_crt = self.generate_ca_crt(self.instance.id)
return result
def generate_ca_crt(self, server_id):
"""str: Generates the ca cert by reading from the ca file"""
- with open("/opt/openvpn/easyrsa3/server-" + server_id + "/ca.crt") as crt:
+ with open("/opt/openvpn/easyrsa3/server-" + server_id + "/pki/ca.crt") as crt:
return crt.readlines()
class Meta:
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index 72a6407..d190424 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -212,10 +212,10 @@
return script
def get_client_cert(self, client_name):
- return open("/opt/openvpn/easyrsa3/server-" + self.id + "/issued/" + client_name + ".crt").readlines()
+ return open("/opt/openvpn/easyrsa3/server-" + self.id + "/pki/issued/" + client_name + ".crt").readlines()
def get_client_key(self, client_name):
- return open("/opt/openvpn/easyrsa3/server-" + self.id + "/private/" + client_name + ".key").readlines()
+ return open("/opt/openvpn/easyrsa3/server-" + self.id + "/pki/private/" + client_name + ".key").readlines()
def generate_client_conf(self, client_name):
"""str: Generates the client configuration to use to connect to this VPN server.
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index d90f40f..99cb83d 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -43,7 +43,10 @@
def run_playbook(self, o, fields):
# Generate the server files
- (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/easyrsa --batch build-server-full server-" + o.id + " nopass", shell=True, stdout=PIPE).communicate()
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch build-server-full server nopass", shell=True, stdout=PIPE).communicate()
+ print(str(stdout))
+ print(str(stderr))
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/server-" + o.id + "/easyrsa --batch gen-crl", shell=True, stdout=PIPE).communicate()
print(str(stdout))
print(str(stderr))
super(SyncVPNTenant, self).run_playbook(o, fields)
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 2642828..256dd63 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -27,16 +27,16 @@
file: path=/opt/openvpn/server-{{ tenant_id }} state=directory
- name: get server key
- copy: src=/opt/openvpn/easyrsa3/pki/private/server-{{ tenant_id }}.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
+ copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/private/server.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
- name: get server crt
- copy: src=/opt/openvpn/easyrsa3/pki/issued/server-{{ tenant_id }}.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
+ copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/issued/server.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
- name: get ca crt
- copy: src=/opt/openvpn/easyrsa3/pki/ca.crt dest=/opt/openvpn/ca.crt
+ copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/ca.crt dest=/opt/openvpn/ca.crt
- name: get crl
- copy: src=/opt/openvpn/easyrsa3/pki/crl.pem desk=/opt/openvpn/crl.pem
+ copy: src=/opt/openvpn/easyrsa3/server-{{ tenant_id }}/pki/crl.pem dest=/opt/openvpn/crl.pem
- name: get dh
copy: src=/opt/openvpn/easyrsa3/pki/dh.pem dest=/opt/openvpn/dh.pem
@@ -63,8 +63,8 @@
ca /opt/openvpn/ca.crt
cert /opt/openvpn/server-{{ tenant_id }}/server.crt
key /opt/openvpn/server-{{ tenant_id }}/server.key
- dh /opt/openvpn/dh.pem
- crl-verify /opt/openvpn/crl.pem
+ dh /opt/openvpn/server-{{ tenant_id }}/dh.pem
+ crl-verify /opt/openvpn/server-{{ tenant_id }}/crl.pem
server {{ server_network }} {{ vpn_subnet }}
ifconfig-pool-persist /opt/openvpn/server-{{ tenant_id }}/ipp.txt
comp-lzo