summaryrefslogtreecommitdiff
path: root/op-mode-definitions/openvpn.xml
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-08-17 00:02:11 +0200
committerChristian Poessinger <christian@poessinger.com>2019-08-17 00:02:11 +0200
commitfdb474235a8ce7fd0d5cc9fd74e5c880eb2093e6 (patch)
tree6534104015f4481ed97934e454efffc60f5d6ff5 /op-mode-definitions/openvpn.xml
parent49153d4e138c762d00db471febb9fd312c0ab122 (diff)
downloadvyos-1x-fdb474235a8ce7fd0d5cc9fd74e5c880eb2093e6.tar.gz
vyos-1x-fdb474235a8ce7fd0d5cc9fd74e5c880eb2093e6.zip
openvpn: T1548: add op-mode command for key generation
Diffstat (limited to 'op-mode-definitions/openvpn.xml')
-rw-r--r--op-mode-definitions/openvpn.xml48
1 files changed, 48 insertions, 0 deletions
diff --git a/op-mode-definitions/openvpn.xml b/op-mode-definitions/openvpn.xml
new file mode 100644
index 000000000..44f8e01e9
--- /dev/null
+++ b/op-mode-definitions/openvpn.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="generate">
+ <children>
+ <node name="openvpn">
+ <properties>
+ <help>OpenVPN key generation tool</help>
+ </properties>
+ <children>
+ <tagNode name="key">
+ <properties>
+ <help>Generate shared-secret key with specified file name</help>
+ <completionHelp>
+ <list>&lt;filename&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>
+ result=1;
+ key_path=$4
+ full_path=
+
+ # Prepend /config/auth if the path is not absolute
+ if echo $key_path | egrep -ve '^/.*' > /dev/null; then
+ full_path=/config/auth/$key_path
+ else
+ full_path=$key_path
+ fi
+
+ key_dir=`dirname $full_path`
+ if [ ! -d $key_dir ]; then
+ echo "Directory $key_dir does not exist!"
+ exit 1
+ fi
+
+ echo "Generating OpenVPN key to $full_path"
+ sudo /usr/sbin/openvpn --genkey --secret "$full_path"
+ result=$?
+ if [ $result = 0 ]; then
+ echo "Your new local OpenVPN key has been generated"
+ fi
+ /usr/libexec/vyos/validators/file-exists --directory /config/auth "$full_path"
+ </command>
+ </tagNode>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>