From ef2f06306e3feea8d18c7a8ee19f36f777b52d2a Mon Sep 17 00:00:00 2001
From: janole <ole@mobileways.de>
Date: Sun, 9 Jun 2024 21:31:58 +0200
Subject: [PATCH] Default country to US

---
 Dockerfile          | 3 +++
 scripts/init-vpn.sh | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c9a03e7..f87444a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,6 +34,9 @@ ENV TCPCONF=${VPNDIR}/tcp-server.conf
 
 ENV VPN_PORT=1194
 
+ENV CA_COUNTRY=US
+ENV VPN_COUNTRY=US
+ENV CLIENT_COUNTRY=US
 
 COPY ./rules.v4 /etc/iptables/rules.v4
 COPY ./templates ${TEMPLATESDIR}/
diff --git a/scripts/init-vpn.sh b/scripts/init-vpn.sh
index 18b84ce..62410f7 100755
--- a/scripts/init-vpn.sh
+++ b/scripts/init-vpn.sh
@@ -53,7 +53,7 @@ createCA()
 
 	mkdir -p `dirname ${CACERTFILE}`
 	CACONF="${TEMPLATESDIR}/openssl/ca.conf.template"
-	envsubst < ${CACONF} | openssl req -config - -x509 -new -nodes -extensions v3_ca -key ${CAKEYFILE} -sha256 -days ${CACERTDAYS:-3650} -out ${CACERTFILE}
+	envsubst < ${CACONF} | grep -Ev "^[^=]+=[ ]+$" | openssl req -config - -x509 -new -nodes -extensions v3_ca -key ${CAKEYFILE} -sha256 -days ${CACERTDAYS:-3650} -out ${CACERTFILE}
 }
 
 createServer()
@@ -71,7 +71,7 @@ createServer()
 	VPNCONF="${TEMPLATESDIR}/openssl/vpn.conf.template"
 	VPNCSRFILE="${VPNDIR}/vpn.csr"
 	mkdir -p `dirname ${VPNCSRFILE}`
-	envsubst < ${VPNCONF} | openssl req -config - -new -key ${VPNKEYFILE} -out ${VPNCSRFILE}
+	envsubst < ${VPNCONF} | grep -Ev "^[^=]+=[ ]+$" | openssl req -config - -new -key ${VPNKEYFILE} -out ${VPNCSRFILE}
 	openssl x509 -req -in ${VPNCSRFILE} -CA ${CACERTFILE} -CAkey ${CAKEYFILE} -CAcreateserial -out ${VPNCERTFILE} -days ${VPNCERTDAYS:-365} -sha256
 
 	createTA
@@ -101,7 +101,7 @@ createClient()
 	then
 		createKey ${KEYFILE}
 
-		envsubst < ${CLIENTCONF} | openssl req -config - -new -key ${KEYFILE} -out ${CSRFILE}
+		envsubst < ${CLIENTCONF} | grep -Ev "^[^=]+=[ ]+$" | openssl req -config - -new -key ${KEYFILE} -out ${CSRFILE}
 		openssl x509 -req -in ${CSRFILE} -CA ${CACERTFILE} -CAkey ${CAKEYFILE} -CAcreateserial -out ${CERTFILE} -days ${CLIENTCERTDAYS:-365} -sha256
 	fi