Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # #########################################################################################
- # #
- # Clone the cryptostorm repo and set CONFIGURATION_DIR to the path: #
- # $ git clone https://github.com/cryptostorm/cryptostorm_client_configuration_files.git #
- # #
- # Security remarks: #
- # - disable ipv6: #
- # append the kernel directive ipv6.disable=1 in lilo/grub #
- # - disable RTC shit: #
- # go to the about:config and promise to be careful, #
- # there set the value "media.peerconnection.enabled" to false #
- # #
- # #########################################################################################
- # Configuration:
- TCP=true
- UDP=false
- TOKEN=""
- CONFIGURATION_DIR="/absolute/path/to/cryptostorm_client_configuration_files"
- NM_CONNECTIOINS_DIR="/etc/NetworkManager/system-connections"
- # #########################################################################################
- generate_from_ovpn () {
- # Generate name:
- NAME=$(echo $1 | sed 's/\.ovpn//g;s/_linux//g')
- # Generate remote string:
- REMOTE=""
- for str in $(cat "$CONFIGURATION_DIR"/linux/"$1" | grep "remote " | awk '{print $2,$3,$4}' | sed 's/\s/:/g'); do
- REMOTE+="$str, "
- done
- REMOTE=$(echo $REMOTE | sed 's/,$//g')
- # Write configuration file:
- echo "[connection]
- id=$NAME
- uuid=$(uuidgen)
- type=vpn
- permissions=
- secondaries=
- [vpn]
- remote-random=yes
- connection-type=password
- auth=SHA512
- password-flags=0
- remote=$REMOTE
- cipher=AES-256-CBC
- comp-lzo=adaptive
- reneg-seconds=0
- ns-cert-type=server"
- if [[ "$1" == *"udp"* ]]; then
- echo "mssfix=yes"
- fi
- echo "username=$(printf $TOKEN | sha512sum | awk '{print $1}')
- ca="$CONFIGURATION_DIR"/ca.crt
- dev=tun
- service-type=org.freedesktop.NetworkManager.openvpn
- [vpn-secrets]
- password=nopasswd
- [ipv4]
- dns=46.165.240.171;
- dns-search=deepdns.cryptostorm.net;
- ignore-auto-dns=true
- method=auto
- [ipv6]
- addr-gen-mode=stable-privacy
- dns-search=
- ip6-privacy=0
- method=ignore"
- }
- write_connection() {
- # Generate filename:
- FILE="$(echo $(basename "$1") | sed 's/\.ovpn//g;s/_linux//g')"
- printf "Writing $FILE:\t"
- # Genrate and write config (write errors to error.log)
- generate_from_ovpn $(basename "$1") 2>> error.log > "$NM_CONNECTIOINS_DIR/$FILE"
- if [[ $? -eq 0 ]]; then
- printf "[ok]\n"
- # Set correct permission on file (is now guaranteed to exist)
- chmod 0600 "$NM_CONNECTIOINS_DIR/$FILE"
- else
- printf "[failed]\n"
- # Set flag for fail in case sth. went wrong
- FAILED=true
- fi
- }
- # At the beginning there shall be no errors
- FAILED=false
- # Loop over all ovpn-files:
- for f in $(ls "$CONFIGURATION_DIR"/linux/*ovpn); do
- if [[ "$f" == *"tcp"* ]] && $TCP; then
- # TCP connections:
- write_connection "$f"
- elif [[ "$f" == *"udp"* ]] && $UDP; then
- # UDP connections:
- write_connection "$f"
- fi
- done
- # Check for errors:
- if $FAILED; then
- printf "\nSomething went wrong, see error.log\n"
- else
- rm error.log
Add Comment
Please, Sign In to add comment