[Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2
Hi, Jim, here is another one: I've added variable-expandion to config-values and the keywords "set" and "unset". With this technique you can easily split configuration of one peer across two files: one with the specific and one with the common config values in a way that can help to minimize the number of "configuration-knobs". An example: /etc/openvpn/customer_123.conf: # specific configuration for customer #123 set CUSTNO 123 config ./customers.common /etc/openvpn/customer.common: # meta-configuration for all customers dev-name vpn_$(CUSTNO) # vpn_001 to vpn_255 port 5$(CUSTNO)# 5001 to 5255 ifconfig 10.0.0.1 10.0.$(CUSTNO).1 # 10.0.001.1 to 10.0.255.1 dev-type tun # other stuff ... . . . These are the same variable-expansion routines I committed to the Snort-IDS some time ago. The syntax is follows: set name valuedefine the variable "name" containing "value". unset nameundefine the variable "name". $(name) replace with the contents of variable "name". $(name:-default) replace with the contents of the variable "name" or with "default" if "name" is undefined. $(name:?message) replace with the contents of variable "name" or print out the error message "message" and exit. The next thing could be something like $(( expression or calculation )). As before, the patch is quite young and certanly needs more testing :-) Regards, Christian Lademann -- * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de * ZLS Software GmbH * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de * Telefon +49-6195-9902-0 Telefax +49-6195-900600 openvpn-1.3.2-zls-vars.diff Description: Binary data
[Openvpn-devel] [PATCH]: add --dev-name - option to OpenVPN-1.3.2
Hi, Jim, attached I send you a patch for your kind review. It adds the capability to change the devicename of the allocated tun device (so far on Linux, only). For example: dev-type tun dev-name vpn_berlin This helps administration a lot, at least from my point of view ;-) Another bit I've changed is to make the ioctl(..., TUNSETIFF, ...) M_WARN instead of M_ERR, because Linux 2.2 doesn't seem to support this ioctl. The patch is quite young and certanly needs more testing. Regards, Christian Lademann -- * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de * ZLS Software GmbH * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de * Telefon +49-6195-9902-0 Telefax +49-6195-900600 openvpn-1.3.2-zls.diff Description: Binary data
Re: [Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2
Christian,
Rather than put a lot of scripting language infrastructure into OpenVPN's
config file parser, why not just use a shell script, i.e.:
openvpn --dev-name vpn_${CUSTNO} \
--port 5${CUSTNO} \
--ifconfig 10.0.0.1 10.0.${CUSTNO}.1 \
--dev-type tun \
[ ... ]
After all, isn't this exactly the sort of problem that shell scripting
languages were supposed to solve?
James
ZLS Software GmbH <510047448921-0...@t-online.de> said:
> Hi, Jim,
>
> here is another one:
>
> I've added variable-expandion to config-values and the keywords "set" and
"unset".
> With this technique you can easily split configuration of one peer across
two files:
> one with the specific and one with the common config values in a way that
can help to
> minimize the number of "configuration-knobs".
>
>
> An example:
>
> /etc/openvpn/customer_123.conf:
>
> # specific configuration for customer #123
> set CUSTNO 123
> config ./customers.common
>
>
> /etc/openvpn/customer.common:
>
> # meta-configuration for all customers
> dev-name vpn_$(CUSTNO) # vpn_001 to vpn_255
> port 5$(CUSTNO)# 5001 to 5255
> ifconfig 10.0.0.1 10.0.$(CUSTNO).1 # 10.0.001.1 to 10.0.255.1
> dev-type tun # other stuff ...
>.
>.
>.
>
> These are the same variable-expansion routines I committed to the Snort-IDS
some time ago.
>
> The syntax is follows:
>
> set name valuedefine the variable "name" containing "value".
> unset nameundefine the variable "name".
>
> $(name) replace with the contents of variable "name".
>
> $(name:-default) replace with the contents of the variable "name" or with
> "default" if "name" is undefined.
>
> $(name:?message) replace with the contents of variable "name" or print
> out
> the error message "message" and exit.
>
>
> The next thing could be something like $(( expression or calculation )).
>
> As before, the patch is quite young and certanly needs more testing :-)
>
>
> Regards,
>
> Christian Lademann
>
> --
> * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de
> * ZLS Software GmbH
> * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de
> * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de
> * Telefon +49-6195-9902-0 Telefax +49-6195-900600
>
>
>
--
