Re: [Openvpn-devel] [PATCH]: add config-variables to OpenVPN-1.3.2

[James Y. <ji...@yo...>]

Christian,

Rather than put a lot of scripting language infrastructure into OpenVPN's
config file parser, why not just use a shell script, i.e.:

  openvpn --dev-name vpn_${CUSTNO} \
          --port     5${CUSTNO} \
          --ifconfig 10.0.0.1 10.0.${CUSTNO}.1 \
          --dev-type tun \
          [ ... ]

After all, isn't this exactly the sort of problem that shell scripting
languages were supposed to solve?

James

ZLS Software GmbH <510...@t-...> said:

> Hi, Jim,
> 
> here is another one:
> 
> I've added variable-expandion to config-values and the keywords "set" and
"unset".
> With this technique you can easily split configuration of one peer across
two files:
> one with the specific and one with the common config values in a way that
can help to
> minimize the number of "configuration-knobs". 
> 
> 
> An example:
> 
>         /etc/openvpn/customer_123.conf:
> 
>         # specific configuration for customer #123
> 	set CUSTNO 123
>         config ./customers.common
> 
> 
>         /etc/openvpn/customer.common:
> 
>         # meta-configuration for all customers
>         dev-name vpn_$(CUSTNO)             # vpn_001 to vpn_255
>         port     5$(CUSTNO)                # 5001 to 5255
>         ifconfig 10.0.0.1 10.0.$(CUSTNO).1 # 10.0.001.1 to 10.0.255.1
>         dev-type tun                       # other stuff ...
>            .
>            .
>            .
> 
> These are the same variable-expansion routines I committed to the Snort-IDS
some time ago.
> 
> The syntax is  follows:
> 
>     set name value    define the variable "name" containing "value".
>     unset name        undefine the variable "name".
> 
>     $(name)           replace with the contents of variable "name".
> 
>     $(name:-default)  replace with the contents of the variable "name" or with
>                       "default" if "name" is undefined.
> 
>     $(name:?message)  replace with the contents of variable "name" or print out
>                       the error message "message" and exit.
> 
> 
> The next thing could be something like $(( expression or calculation )).
> 
> As before, the patch is quite young and certanly needs more testing :-)
> 
> 
> Regards,
> 
> Christian Lademann <lad...@zl...>
> 
> -- 
> *  Christian A. Lademann, ZLS Software GmbH          mailto:lad...@zl...
> *  ZLS Software GmbH
> *  Frankfurter Strasse 59       Postfach 1628             mailto:zl...@zl...
> *  D-65779 Kelkheim             D-65766 Kelkheim          http://www.zls.de
> *  Telefon +49-6195-9902-0      Telefax +49-6195-900600
> 
> 
> 



--