From 0f02500a857659c74198c7d95de9fdcb48ea7974 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Tue, 20 Nov 2018 09:28:48 +0200
Subject: [PATCH] Moved all OpenVPN parameters to conf file + fixing
 AUTH_FAILED messages

---
 entrypoint.sh | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 8f314b47..7e15e136 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -205,6 +205,19 @@ iptables -A OUTPUT -o tun0 -j ACCEPT
 exitOnError $?
 printf "DONE\n"
 
+############################################
+# Additional OpenVPN settings
+############################################
+cd "/openvpn/$PROTOCOL-$ENCRYPTION"
+# Uses the username/password from this file to get the token from PIA
+[ "$(grep "auth-user-pass /auth.conf" "$REGION.ovpn")" != "" ] || echo "auth-user-pass /auth.conf" >> "$REGION.ovpn"
+# Reconnects automatically on failure
+[ "$(grep "auth-retry nointeract" "$REGION.ovpn")" != "" ] || echo "auth-retry nointeract" >> "$REGION.ovpn"
+# Prevents auth_failed infinite loops - make it interact? Remove persist-tun? nobind?
+[ "$(grep "pull-filter ignore \"auth-token\"" "$REGION.ovpn")" != "" ] || echo "pull-filter ignore \"auth-token\"" >> "$REGION.ovpn"
+# Runs openvpn without root, as nonrootuser
+[ "$(grep "user nonrootuser" "$REGION.ovpn")" != "" ] || echo "user nonrootuser" >> "$REGION.ovpn"
+
 ############################################
 # OPENVPN LAUNCH
 ############################################
@@ -214,8 +227,8 @@ printf " * Encryption: $ENCRYPTION\n"
 printf " * Protocol: $PROTOCOL\n"
 printf " * Port: $PORT\n"
 printf " * Initial VPN IP address: $(echo "$VPNIPS" | head -n 1)\n\n"
-cd "/openvpn/$PROTOCOL-$ENCRYPTION"
-openvpn --config "$REGION.ovpn" --user nonrootuser --auth-retry nointeract --auth-user-pass /auth.conf
+
+openvpn --config "$REGION.ovpn"
 status=$?
 printf "\n =========================================\n"
 printf " OpenVPN exit with status $status\n"