Add custom dockerCmd and vpnCmd based on the configuration file

[bvanelli]

Currently, you cannot have extra arguments for the cmd. One example would be the --servercert to allow self-signed certificates for the vpn connection.

I'm willing to provide the changes, if someone could review and merge it.

[ethack]

vpnCmd should allow as many arguments as you give on the command line. But in the case of --servercert I imagine you'd also need a --mount flag passed to the dockerCmd in order to make the certificate available in the container.

My guess is it would be easiest to detect the argument or arguments you need to special case and then add the appropriate flags to dockerCmd and vpnCmd. Something like that is done here:

docker-vpn/vpn.sh

Lines 42 to 50 in 940c738

	if [ -f "$vpnConfig/$vpnName.ovpn" ]; then
	dockerCmd+=("--mount" "type=bind,src=$vpnConfig/$vpnName.ovpn,dst=/vpn/config,readonly=true")
	vpnCmd+=("--config" "/vpn/config")
	fi
	if [ -f "$vpnConfig/$vpnName.creds" ]; then
	dockerCmd+=("--mount" "type=bind,src=$vpnConfig/$vpnName.creds,dst=/vpn/creds,readonly=true")
	vpnCmd+=("--auth-user-pass" "/vpn/creds")
	vpnCmd+=("--auth-retry" "interact")
	fi

I'd be happy to review and merge.

[bvanelli]

I was more thinking about the following use case: dlenski/openconnect#60 (comment), when you simply know already the certificate fingerprint and want to setup your connection. I was wondering if that should go directly into the .profile file or somewhere else. For example:

cat ~/.vpn/myvpn.profile
...
OC_EXTRA_COMMANDS=--servercert sha256:my-fingerprint-here

But you are right, the config file could solve those issues, if required. Maybe an update to the docs would sufface.

I'll take another look and open a PR if I see some possibility of improvement on the code or docs for that scenario.

Thanks for you response.