README.md
ovpnctl — script to automate OpenVPN startup with TOTP 2FA support
It depends on pyotp and filelock modules - install them first.
Make sure you have the ~/config.ovpn file.
Make sure you have (for this sample) the ~/config.ovpn.pw (chmod it 0600) file of three lines:
login
password
totp-secret
Run as
python3 ~/.local/bin/ovpnctl.py \
--management ~/config.ovpn.socket \
--cleanup ~/config.ovpn.log \
--cleanup ~/config.ovpn.ctl.log \
--add 'inactive 600' \
--add 'mute-replay-warnings' \
--add 'persist-key' \
--add 'persist-tun' \
--add 'reneg-sec 0' \
~/config.ovpn
It will end up with execution of sudo openvpn --config config.ovpn (plus few more options).
The script will evaluate config.ovpn and its environment for some grade of safety…
Another good place to have the socket in is /run/user/$(id -u)/…
Read the ovpnctl.py file header for details.
The help page is also available:
jno:~/src/ovpnctl[master:1]$ ./ovpnctl.py --help
2024-05-30 11:24:47 INFO start
usage: ovpnctl.py [-h] [--upfile UPFILE] [--lock LOCK] [--log LOG] [--format FORMAT] [--ovpnlog OVPNLOG] [--management MANAGEMENT] [--add ADD] [--debug]
[--cleanup CLEANUP]
config
OpenVPN Controller
positional arguments:
config OpenVPN config file
options:
-h, --help show this help message and exit
--upfile UPFILE OpenVPN up file, other than <config>.pw
--lock LOCK Lock file for this controller, other than <config>.lock
--log LOG Log file for this controller, other than <config>.ctl.log
--format FORMAT Log file format, other than '%(asctime)s %(levelname)s %(message)s'
--ovpnlog OVPNLOG Log file for openvpn(8), other than <config>.log
--management MANAGEMENT
Force using this socket to control OpenVPN
--add ADD Add more OpenVPN options
--debug Use DEBUG log level
--cleanup CLEANUP Remove these files on success
2024-05-30 11:24:47 INFO stop (0:00:00.003117 elapsed)
EOF
Описание
скрипт автоматизации запуска OpenVPN-клиента с поддержкой TOTP 2FA (для корпоративных шлюзов)
Конвейеры
0 успешных
0 с ошибкой