VPN client-server setup with username and password login

client

#!/bin/bash

set -e

args=(
  /usr/sbin/openvpn
  --client
  --proto udp
  --remote 192.168.2.10 30335
  --dev tun
  --tls-client
  --ns-cert-type server
  --ca ca.crt
  --auth-user-pass
)

set -x
exec "${args[@]}"

login.py

#!/usr/bin/env python

import sys, os

ACCOUNTS = {
    'a': 'b',
}

def login(username, password):
    with open('auth.log', 'ab') as f:
        print>>f, "username:", username, "password:", password
    return ACCOUNTS.get(username) == password

if login(os.environ.get('username'), os.environ.get('password')):
    sys.exit(0)
else:
    sys.exit(1)

server

#!/bin/bash

set -e

args=(
  /usr/sbin/openvpn
  --cd /var/local/vpn-server
  --proto udp
  --port 30335
  --dev tun0
  --server 10.100.0.0 255.255.255.0
  --auth-user-pass-verify ./login.py via-env
  --script-security 3
  --client-cert-not-required
  --username-as-common-name
  --tls-server
  --dh dh2048.pem
  --ca keys/ca.crt
  --cert keys/server.crt
  --key keys/server.key
)

set -x
exec "${args[@]}"