generate_nm_configurations.sh

1. #!/bin/bash
2. # #########################################################################################
3. #                                                                                         #
4. # Clone the cryptostorm repo and set CONFIGURATION_DIR to the path:                       #
5. #  $ git clone https://github.com/cryptostorm/cryptostorm_client_configuration_files.git  #
6. #                                                                                         #
7. # Security remarks:                                                                       #
8. #   - disable ipv6:                                                                       #
9. #     append the kernel directive ipv6.disable=1 in lilo/grub                             #
10. #   - disable RTC shit:                                                                   #
11. #     go to the about:config and promise to be careful,                                   #
12. #     there set the value "media.peerconnection.enabled" to false                         #
13. #                                                                                         #
14. # #########################################################################################
15.  
16. # Configuration:
17.  
18. TCP=true
19. UDP=false
20.  
21. TOKEN=""
22. CONFIGURATION_DIR="/absolute/path/to/cryptostorm_client_configuration_files"
23.  
24. NM_CONNECTIOINS_DIR="/etc/NetworkManager/system-connections"
25.  
26. # #########################################################################################
27.  
28. generate_from_ovpn () {
29.  
30.   # Generate name:
31.   NAME=$(echo $1 | sed 's/\.ovpn//g;s/_linux//g')
32.  
33.   # Generate remote string:
34.   REMOTE=""
35.   for str in $(cat "$CONFIGURATION_DIR"/linux/"$1" | grep "remote " | awk '{print $2,$3,$4}' | sed 's/\s/:/g'); do
36.     REMOTE+="$str, "
37.   done
38.   REMOTE=$(echo $REMOTE | sed 's/,$//g')
39.  
40.   # Write configuration file:
41.   echo "[connection]
42. id=$NAME
43. uuid=$(uuidgen)
44. type=vpn
45. permissions=
46. secondaries=
47.  
48. [vpn]
49. remote-random=yes
50. connection-type=password
51. auth=SHA512
52. password-flags=0
53. remote=$REMOTE
54. cipher=AES-256-CBC
55. comp-lzo=adaptive
56. reneg-seconds=0
57. ns-cert-type=server"
58.   if [[ "$1" == *"udp"* ]]; then
59.     echo "mssfix=yes"
60.   fi
61.   echo "username=$(printf $TOKEN | sha512sum | awk '{print $1}')
62. ca="$CONFIGURATION_DIR"/ca.crt
63. dev=tun
64. service-type=org.freedesktop.NetworkManager.openvpn
65.  
66. [vpn-secrets]
67. password=nopasswd
68.  
69. [ipv4]
70. dns=46.165.240.171;
71. dns-search=deepdns.cryptostorm.net;
72. ignore-auto-dns=true
73. method=auto
74.  
75. [ipv6]
76. addr-gen-mode=stable-privacy
77. dns-search=
78. ip6-privacy=0
79. method=ignore"
80. }
81.  
82. write_connection() {
83.   # Generate filename:
84.   FILE="$(echo $(basename "$1") | sed 's/\.ovpn//g;s/_linux//g')"
85.  
86.   printf "Writing $FILE:\t"
87.   # Genrate and write config (write errors to error.log)
88.   generate_from_ovpn $(basename "$1") 2>> error.log > "$NM_CONNECTIOINS_DIR/$FILE"
89.  
90.   if [[ $? -eq 0 ]]; then
91.     printf "[ok]\n"
92.     # Set correct permission on file (is now guaranteed to exist)
93.     chmod 0600 "$NM_CONNECTIOINS_DIR/$FILE"
94.   else
95.     printf "[failed]\n"
96.     # Set flag for fail in case sth. went wrong
97.     FAILED=true
98.   fi
99. }
100.  
101. # At the beginning there shall be no errors
102. FAILED=false
103.  
104. # Loop over all ovpn-files:
105. for f in $(ls "$CONFIGURATION_DIR"/linux/*ovpn); do
106.  
107.   if [[ "$f" == *"tcp"* ]] && $TCP; then
108.   # TCP connections:
109.     write_connection "$f"
110.  
111.   elif [[ "$f" == *"udp"* ]] && $UDP; then
112.   # UDP connections:
113.     write_connection "$f"
114.   fi
115.  
116. done
117.  
118. # Check for errors:
119. if $FAILED; then
120.   printf "\nSomething went wrong, see error.log\n"
121. else
122.   rm error.log