Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Help with a bash script for openvpn

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Help with a bash script for openvpn
# 1  
Old 10-17-2007
Help with a bash script for openvpn
I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from.

So the idea is to have an array in a script (we can state some up and down script) or an external file where we have this data:

nameofcertificate:ip or network or range

example

jsmith:1.2.3.4
jsmith:1.2.3.5
jsmith:192.168.1.[10-20]

so Mr Smitch can connect only from these locations.

I state that at the beginning of the connection I've got both the variables, one derived from the common_name and the other from the env and is trusted_ip.

Now I've got to compare the array (or external file) with this variables and if there is a corrispondence permit the connection else not. If a valid certificate is not in the list there is no check on ip.

I am not very skilled for this kind of work, someone can help me? Thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

2. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

3. Solaris

OpenVPN and NAT

Hi. I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term. I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies

4. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

5. UNIX for Dummies Questions & Answers

How do I install a OpenVPN in CentOS?

Hi, I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given. So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
Discussion started by: TheCorporation
1 Replies

6. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: http://wiki.centos.org/HowTos/vpnc but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

7. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

8. UNIX for Advanced & Expert Users

OpenVPN 2.09 ns-cert-type ???

--ns-cert-type client|server Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for... (0 Replies)
Discussion started by: kungpow
0 Replies

9. Cybersecurity

RV082 with OpenVPN and/or isakmpd

Has anyone gotten either isakmpd or OpenVPN working with a Linksys RV082? Would you be willing to share a conf file? Thanks! (0 Replies)
Discussion started by: vertigo23
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

tentacle_client

TENTACLE_CLIENT(1)					   Client file transfer protocol					TENTACLE_CLIENT(1)

NAME

       tentacle_client - a client file transfer protocol

SYNOPSIS

       tentacle_client <options> Tentacle is a client/server file transfer protocol that aims to be:

       -   Executable programs or shell commands
       -   System calls (functions provided by the kernel)
       -   Library calls (functions within program libraries)

       Tentacle  was  created  to  replace  more complex tools like SCP and FTP for simple file transfer/retrieval, and switch from authentication
       mechanisms like .netrc, interactive logins and SSH keys to X.509 certificates. Simple password authentication over a SSL secured connection
       is supported too.

       The  client  and  server  (TCP port 41121) are designed to be run from the command line or called from a shell script, and no configuration
       files are needed.

       Tentacle is now the default file transfer method for Pandora FMS and Babel Enterprise.

       Tentacle is implemented in Perl and ANSI C (Windows platforms included).

       You can download it and get more information at the official Sourceforge website http://tentacled.sourceforge.net/.

OPTIONS

       Tentacle Client options :
	      -a address : Server address (default 127.0.0.1).
	      -c : Enable SSL without a client certificate.
	      -e cert : OpenSSL certificate file. Enables SSL.
	      -f ca : Verify that the peer certificate is signed by a ca.
	      -g : Get files from the server.
	      -h : Show help.
	      -k key : OpenSSL private key file.
	      -p port : Server port (default 41121).
	      -q : Quiet. Do now print error messages.
	      -r number : Number of retries for network operations (default 3).
	      -t time : Time-out for network operations in seconds (default 1s).
	      -v : Be verbose.
	      -w : Prompt for OpenSSL private key password.
	      -x pwd : Server password.

EXAMPLES

       tentacle_client -a 192.168.1.1 -v /bin/bash
	      Simple file transfer with maximum file size set to 1MB

       tentacle_client -a 192.168.1.1 -x password -v /bin/bash
	      Simple file transfer with password authentication (not secure)

       tentacle_client -a 192.168.1.1 -x password -e cert.pem -k key.pem -v /bin/bash
	      Secure file transfer with client certificate and password authentication

NOTES

       Tentacle requires Perl 5.8 or higher to works

SEE ALSO

       tentacle_server(1), pandora_server(1), pandora_agent(1)

0.2.0								    2010-05-11							TENTACLE_CLIENT(1)