-
Notifications
You must be signed in to change notification settings - Fork 10
/
secrets
37 lines (33 loc) · 1.11 KB
/
secrets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/ash
# Manage VPN secrets
case "$1" in
export)
echo "Exporting existing set of secrets to mounted container volume ..."
cp --force /etc/ipsec.d/cacerts/* /mnt/
cp --force /etc/ipsec.d/certs/* /mnt/
cp --force /etc/ipsec.d/private/* /mnt/
cp --force /home/* /mnt/
echo "Done!"
;;
import)
# Assign variables
host=$2
user=$3
password=$4
echo "Importing existing set of secrets from mounted container volume ..."
cd /mnt
cp --force caCert.pem /etc/ipsec.d/cacerts/
cp --force serverCert.pem *Cert.pem /etc/ipsec.d/certs/
cp --force caKey.pem serverKey.pem *Key.pem /etc/ipsec.d/private/
echo "Setting leftid = ${host} in ipsec.conf"
sed -i -- "s/@@host@@/${host}/g" /etc/ipsec.conf
echo "Setting the server key"
echo ": RSA serverKey.pem" >> /etc/ipsec.secrets
echo "Setting the XAUTH password"
echo "${user} : XAUTH \"${password}\"" >> /etc/ipsec.secrets
echo "Done, will restart IPsec and container!"
# Restart IPsec, some how '$ ipsec rereadall' does not do the job,
# let's go aggressive
ipsec restart
;;
esac