switch to parse, remove pia baked in config

Dockerfile

@@ -13,10 +13,6 @@ ADD run/root/*.sh /root/
 # add bash script to run privoxy
 ADD run/nobody/*.sh /home/nobody/
 
-# add config files
-ADD config/pia/default/* /home/nobody/certs/default/
-ADD config/pia/strong/* /home/nobody/certs/strong/
-
 # install app
 #############
 

run/root/openvpn.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # define common command lne parameters for openvpn
-openvpn_cli="/usr/bin/openvpn --cd /config/openvpn --config ${VPN_CONFIG} --daemon --dev ${VPN_DEVICE_TYPE}0 --remote ${VPN_REMOTE} ${VPN_PORT} --proto ${VPN_PROTOCOL} --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV ${VPN_PROV} --setenv DEBUG ${DEBUG} --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid"
+openvpn_cli="/usr/bin/openvpn --cd /config/openvpn --config ${VPN_CONFIG} --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV ${VPN_PROV} --setenv DEBUG ${DEBUG} --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid"
 
 if [[ "${VPN_PROV}" == "pia" ]]; then
 

run/root/start.sh

@@ -9,80 +9,11 @@ else
 
 	echo "[info] VPN is enabled, beginning configuration of VPN"
 
-	# create directory to store openvpn config files
-	mkdir -p /config/openvpn
-
-	# set perms and owner for openvpn directory
-	chown -R "${PUID}":"${PGID}" "/config/openvpn" &> /dev/null
-	exit_code_chown=$?
-	chmod -R 777 "/config/openvpn" &> /dev/null
-	exit_code_chmod=$?
-
-	# wildcard search for openvpn config files (match on first result)
-	VPN_CONFIG=$(find /config/openvpn -maxdepth 1 -name "*.ovpn" -print -quit)
-
-	# if ovpn filename is not custom.ovpn and the provider is pia then copy included ovpn and certs
-	if [[ "${VPN_CONFIG}" != "/config/openvpn/custom.ovpn" && "${VPN_PROV}" == "pia" ]]; then
-
-		if [[ "${STRONG_CERTS}" == "yes" ]]; then
-
-			echo "[info] VPN strong certs defined, copying to /config/openvpn/..."
-
-			# copy strong encryption ovpn and certs
-			cp -f /home/nobody/certs/strong/*.crt /config/openvpn/
-			cp -f /home/nobody/certs/strong/*.pem /config/openvpn/
-			cp -f "/home/nobody/certs/strong/strong.ovpn" "/config/openvpn/openvpn.ovpn"
-
-		else
-
-			echo "[info] VPN default certs defined, copying to /config/openvpn/..."
-
-			# copy default encryption ovpn and certs
-			cp -f /home/nobody/certs/default/*.crt /config/openvpn/
-			cp -f /home/nobody/certs/default/*.pem /config/openvpn/
-			cp -f "/home/nobody/certs/default/default.ovpn" "/config/openvpn/openvpn.ovpn"
-
-		fi
-
-		VPN_CONFIG="/config/openvpn/openvpn.ovpn"
-
-	# if ovpn file not found in /config/openvpn and the provider is not pia then exit
-	elif [[ -z "${VPN_CONFIG}" && "${VPN_PROV}" != "pia" ]]; then
-
-		echo "[crit] Missing OpenVPN configuration file in /config/openvpn/ (no files with an ovpn extension exist) please create and then restart this container" && exit 1
-
-	fi
-
 	if [[ "${DEBUG}" == "true" ]]; then
 		echo "[debug] Environment variables defined as follows" ; set
 		echo "[debug] Directory listing of files in /config/openvpn as follows" ; ls -al /config/openvpn
 	fi
 
-	echo "[info] VPN config file (ovpn extension) is located at ${VPN_CONFIG}"
-
-	# convert CRLF (windows) to LF (unix) for ovpn
-	/usr/bin/dos2unix "${VPN_CONFIG}"
-
-	if [[ "${VPN_PROV}" == "pia" ]]; then
-
-		if [[ "${VPN_PROTOCOL}" == "udp" && "${VPN_PORT}" != "1198" && "${STRONG_CERTS}" != "yes" ]]; then
-			echo "[warn] VPN provider remote port incorrect, overriding to 1198"
-			VPN_PORT="1198"
-
-		elif [[ "${VPN_PROTOCOL}" == "udp" && "${VPN_PORT}" != "1197" && "${STRONG_CERTS}" == "yes" ]]; then
-			echo "[warn] VPN provider remote port incorrect, overriding to 1197"
-			VPN_PORT="1197"
-
-		elif [[ "${VPN_PROTOCOL}" == "tcp" && "${VPN_PORT}" != "502" && "${STRONG_CERTS}" != "yes" ]]; then
-			echo "[warn] VPN provider remote port incorrect, overriding to 502"
-			VPN_PORT="502"
-
-		elif [[ "${VPN_PROTOCOL}" == "tcp" && "${VPN_PORT}" != "501" && "${STRONG_CERTS}" == "yes" ]]; then
-			echo "[warn] VPN provider remote port incorrect, overriding to 501"
-			VPN_PORT="501"
-		fi
-	fi
-
 	# if vpn username and password specified then write credentials to file (authentication maybe via keypair)
 	if [[ ! -z "${VPN_USER}" && ! -z "${VPN_PASS}" ]]; then
 
@@ -124,23 +55,6 @@ else
 		sed -i '/reneg-sec.*/d' "${VPN_CONFIG}"
 	fi
 
-	# write env vars to ovpn file (used as phased approach to parse ovpn file)
-	if [[ ! -z "${VPN_PROTOCOL}" ]]; then
-		if [[ "${VPN_PROTOCOL}" == "tcp" ]]; then
-			sed -i -r "s~^;?proto\s.*~proto tcp-client~g" "${VPN_CONFIG}"
-		else
-			sed -i -r "s~^;?proto\s.*~proto udp~g" "${VPN_CONFIG}"
-		fi
-	fi
-
-	if [[ ! -z "${VPN_REMOTE}" && ! -z "${VPN_PORT}" ]]; then
-		sed -i -r "s~^;?remote\s.*~remote ${VPN_REMOTE} ${VPN_PORT}~g" "${VPN_CONFIG}"
-	fi
-
-	if [[ ! -z "${VPN_DEVICE_TYPE}" ]]; then
-		sed -i -r "s~^;?dev\s.*~dev ${VPN_DEVICE_TYPE}~g" "${VPN_CONFIG}"
-	fi
-
 	if [[ "${DEBUG}" == "true" ]]; then
 		echo "[debug] Contents of ovpn file ${VPN_CONFIG} as follows..." ; cat "${VPN_CONFIG}"
 	fi
@@ -175,14 +89,6 @@ else
 		echo "[debug] Show name resolution for VPN endpoint ${VPN_REMOTE}" ; drill "${VPN_REMOTE}"
 	fi
 
-	# set perms and owner for files in /config/openvpn directory
-	chown -R "${PUID}":"${PGID}" "/config/openvpn" &> /dev/null
-	chmod -R 775 "/config/openvpn" &> /dev/null
-
-	if (( ${exit_code_chown} != 0 || ${exit_code_chmod} != 0 )); then
-		echo "[warn] Unable to chown/chmod /config/openvpn, assuming SMB mountpoint"
-	fi
-
 	# setup ip tables and routing for application
 	source /root/iptable.sh