[Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2
Hi, Jim, here is another one: I've added variable-expandion to config-values and the keywords "set" and "unset". With this technique you can easily split configuration of one peer across two files: one with the specific and one with the common config values in a way that can help to minimize the number of "configuration-knobs". An example: /etc/openvpn/customer_123.conf: # specific configuration for customer #123 set CUSTNO 123 config ./customers.common /etc/openvpn/customer.common: # meta-configuration for all customers dev-name vpn_$(CUSTNO) # vpn_001 to vpn_255 port 5$(CUSTNO)# 5001 to 5255 ifconfig 10.0.0.1 10.0.$(CUSTNO).1 # 10.0.001.1 to 10.0.255.1 dev-type tun # other stuff ... . . . These are the same variable-expansion routines I committed to the Snort-IDS some time ago. The syntax is follows: set name valuedefine the variable "name" containing "value". unset nameundefine the variable "name". $(name) replace with the contents of variable "name". $(name:-default) replace with the contents of the variable "name" or with "default" if "name" is undefined. $(name:?message) replace with the contents of variable "name" or print out the error message "message" and exit. The next thing could be something like $(( expression or calculation )). As before, the patch is quite young and certanly needs more testing :-) Regards, Christian Lademann -- * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de * ZLS Software GmbH * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de * Telefon +49-6195-9902-0 Telefax +49-6195-900600 openvpn-1.3.2-zls-vars.diff Description: Binary data
[Openvpn-devel] [PATCH]: add --dev-name - option to OpenVPN-1.3.2
Hi, Jim, attached I send you a patch for your kind review. It adds the capability to change the devicename of the allocated tun device (so far on Linux, only). For example: dev-type tun dev-name vpn_berlin This helps administration a lot, at least from my point of view ;-) Another bit I've changed is to make the ioctl(..., TUNSETIFF, ...) M_WARN instead of M_ERR, because Linux 2.2 doesn't seem to support this ioctl. The patch is quite young and certanly needs more testing. Regards, Christian Lademann -- * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de * ZLS Software GmbH * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de * Telefon +49-6195-9902-0 Telefax +49-6195-900600 openvpn-1.3.2-zls.diff Description: Binary data
Re: [Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2
Christian, Rather than put a lot of scripting language infrastructure into OpenVPN's config file parser, why not just use a shell script, i.e.: openvpn --dev-name vpn_${CUSTNO} \ --port 5${CUSTNO} \ --ifconfig 10.0.0.1 10.0.${CUSTNO}.1 \ --dev-type tun \ [ ... ] After all, isn't this exactly the sort of problem that shell scripting languages were supposed to solve? James ZLS Software GmbH <510047448921-0...@t-online.de> said: > Hi, Jim, > > here is another one: > > I've added variable-expandion to config-values and the keywords "set" and "unset". > With this technique you can easily split configuration of one peer across two files: > one with the specific and one with the common config values in a way that can help to > minimize the number of "configuration-knobs". > > > An example: > > /etc/openvpn/customer_123.conf: > > # specific configuration for customer #123 > set CUSTNO 123 > config ./customers.common > > > /etc/openvpn/customer.common: > > # meta-configuration for all customers > dev-name vpn_$(CUSTNO) # vpn_001 to vpn_255 > port 5$(CUSTNO)# 5001 to 5255 > ifconfig 10.0.0.1 10.0.$(CUSTNO).1 # 10.0.001.1 to 10.0.255.1 > dev-type tun # other stuff ... >. >. >. > > These are the same variable-expansion routines I committed to the Snort-IDS some time ago. > > The syntax is follows: > > set name valuedefine the variable "name" containing "value". > unset nameundefine the variable "name". > > $(name) replace with the contents of variable "name". > > $(name:-default) replace with the contents of the variable "name" or with > "default" if "name" is undefined. > > $(name:?message) replace with the contents of variable "name" or print > out > the error message "message" and exit. > > > The next thing could be something like $(( expression or calculation )). > > As before, the patch is quite young and certanly needs more testing :-) > > > Regards, > > Christian Lademann > > -- > * Christian A. Lademann, ZLS Software GmbH mailto:ladem...@zls.de > * ZLS Software GmbH > * Frankfurter Strasse 59 Postfach 1628 mailto:z...@zls.de > * D-65779 Kelkheim D-65766 Kelkheim http://www.zls.de > * Telefon +49-6195-9902-0 Telefax +49-6195-900600 > > > --