#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # Blogging functions for mesh clients # # License # ======= # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-mesh-blog export TEXTDOMAINDIR="/usr/share/locale" MY_USERNAME='fbone' OPENVPN_SERVER_NAME="server" OPENVPN_KEY_FILENAME='client.ovpn' VPN_COUNTRY_CODE="US" VPN_AREA="Apparent Free Speech Zone" VPN_LOCATION="Freedomville" VPN_ORGANISATION="Freedombone" VPN_UNIT="Freedombone Unit" STUNNEL_PORT=3439 VPN_MESH_TLS_PORT=653 function vpn_generate_keys { # generate host keys if [ ! -f /etc/openvpn/dh2048.pem ]; then ${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem fi if [ ! -f /etc/openvpn/dh2048.pem ]; then echo $'vpn dhparams were not generated' >> /var/log/${PROJECT_NAME}.log exit 73724523 fi cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem cd /etc/openvpn/easy-rsa || exit 246872464 # shellcheck disable=SC1091 . ./vars ./clean-all vpn_openssl_version='1.0.0' if [ ! -f openssl-${vpn_openssl_version}.cnf ]; then echo $"openssl-${vpn_openssl_version}.cnf was not found" >> /var/log/${PROJECT_NAME}.log exit 7392353 fi cp openssl-${vpn_openssl_version}.cnf openssl.cnf if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt fi if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key fi if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr ]; then rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr fi sed -i 's| --interact||g' build-key-server sed -i 's| --interact||g' build-ca ./build-ca ./build-key-server ${OPENVPN_SERVER_NAME} if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then echo $'OpenVPN crt not found' >> /var/log/${PROJECT_NAME}.log exit 7823352 fi server_cert=$(cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt) if [ ${#server_cert} -lt 10 ]; then cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt echo $'Server cert generation failed' >> /var/log/${PROJECT_NAME}.log exit 3284682 fi if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then echo $'OpenVPN key not found' >> /var/log/${PROJECT_NAME}.log exit 6839436 fi if [ ! -f /etc/openvpn/easy-rsa/keys/ca.key ]; then echo $'OpenVPN ca not found' >> /var/log/${PROJECT_NAME}.log exit 7935203 fi cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn create_user_vpn_key ${MY_USERNAME} } function generate_stunnel_keys { echo "Creating stunnel keys" >> /var/log/${PROJECT_NAME}.log openssl req -x509 -nodes -days 3650 -sha256 \ -subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \ -newkey rsa:2048 -keyout /etc/stunnel/key.pem \ -out /etc/stunnel/cert.pem if [ ! -f /etc/stunnel/key.pem ]; then echo $'stunnel key not created' >> /var/log/${PROJECT_NAME}.log exit 793530 fi if [ ! -f /etc/stunnel/cert.pem ]; then echo $'stunnel cert not created' >> /var/log/${PROJECT_NAME}.log exit 204587 fi chmod 400 /etc/stunnel/key.pem chmod 640 /etc/stunnel/cert.pem cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem chmod 640 /etc/stunnel/stunnel.pem openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass: if [ ! -f /etc/stunnel/stunnel.p12 ]; then echo $'stunnel pkcs12 not created' >> /var/log/${PROJECT_NAME}.log exit 639353 fi chmod 640 /etc/stunnel/stunnel.p12 cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12 chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log } function mesh_setup_vpn { vpn_generate_keys cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* generate_stunnel_keys sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/client.ovpn chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel* # create an archive of the vpn client files cd /home/$MY_USERNAME || exit 346825628354 tar -czvf vpn.tar.gz stunnel* client.ovpn chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/vpn.tar.gz if [ -f vpn.tar.gz ]; then zenity --info --title $"Generate VPN client keys" --text $"\\nNew VPN client keys have been generated in the /home/fbone directory.\\n\\nYou can find it by selecting \"Places\" then \"Home Directory\" on the top menu bar. Transmit the vpn.tar.gz file to whoever is running the other mesh network so that they can connect to yours.\\n\\nThey should uncompress vpn.tar.gz to their /home/fbone directory, forward port $VPN_MESH_TLS_PORT then connect using your IP address or domain name." --width 600 fi } function connect_to_mesh { connect_title=$"Connect to another mesh network" HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_mesh/hostname if [ -f ${HIDDEN_SERVICE_PATH} ]; then connect_title=$"Connect from $(cat $HIDDEN_SERVICE_PATH) to another mesh network" fi data=$(zenity --entry --title "$connect_title" --text $'Enter the IP address or domain name of the other mesh') sel=$? case $sel in 0) ip_or_domain="$data" if [ ${#ip_or_domain} -gt 1 ]; then if [[ "$ip_or_domain" == *'.'* ]]; then connect_failed= if [ ! -f ~/client.ovpn ]; then connect_failed=1 fi if [ ! -f ~/stunnel.pem ]; then connect_failed=1 fi if [ ! -f ~/stunnel.p12 ]; then connect_failed=1 fi if [ $connect_failed ]; then zenity --info --title $"Connect to another mesh network" --text $"\nObtain the vpn.tar.gz file from the other mesh administrator, uncompress it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system." --width 400 exit 1 fi sed -i "s|route .*|route $ip_or_domain 255.255.255.255 net_gateway|g" ~/client.ovpn clear cd ~/ || exit 234628422874 sudo stunnel stunnel-client.conf sudo openvpn client.ovpn fi fi ;; esac } data=$(zenity --list 1 $"Connect to another mesh network" 2 $"Generate VPN keys for another mesh network to connect to me" --column="id" --title $"Connect to another mesh network" --column=$"Choose an operation:" --hide-column=1 --print-column=1 --width=500 --height=100) sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac case $data in 1) connect_to_mesh;; 2) mesh_setup_vpn;; esac exit 0