iiab/roles/openvpn/templates/iiab-vpn

#!/bin/bash
# script to manage openvpn

if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
    VPNCONFIG='party-line.conf'
    VPNIP={{ openvpn_server_virtual_ip }}
else
    # expect the sourced file to set the above variables
    source /etc/openvpn/iiab-vpn.conf
fi

# we'd like the user of this script to have root privilege
if [ "$(id -u)" != "0" ]; then
    echo "This script must be run as root" 1>&2
    exit 1
fi

case $1 in
    "stop" | "no" | "off")
        killall openvpn
        exit 0
        ;;
    "status")
        pid=`ps -e|grep openvpn`
        if [ -z "$pid" ]; then
            echo "The OpenVPN process is not running"
        else
            echo "OpenVPN is running with id $pid"
            ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
            echo "Local vpn tunnel address is $ip"
        fi
        exit 0
        ;;
esac

# we'd like for password authentication to be turned off
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
PASSWORDS_ENABLED=$?

if [ $PASSWORDS_ENABLED -eq 0 ];then
    case $1 in
        "test" | "unsafe") ;;
        *)
            echo "OpenVPN is only safe when public/private keys are used"
            echo " And when passwords are turned off in /etc/ssh/sshd_conf"
            exit 1
    esac
fi

# openvpn config file directory
dir=/etc/openvpn

if [ $# -eq 0 ]; then
    cmd="test"
else
    cmd=$1
fi

case $cmd in
    "test" | "unsafe" )
        # load TUN/TAP kernel module
        modprobe tun

        # make sure the wan is functioning
        # 8.8.8.8 is one of google's dns servers
        ping -c 3 -i 3 8.8.8.8
        if [ $? -ne 0 ]; then
            echo "internet is not available, tunnel not possible"
            exit 1
        fi

        # check the vpn tunnel
        ping -c 5 -i 5 "$VPNIP"
        # a zero return means the tunnel is up
        if [ $? -ne "0" ]; then
            echo "Stopping any openvpn instance"
            killall openvpn
            sleep 10
            echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
            openvpn --cd $dir --daemon --config $VPNCONFIG
        fi
        sleep 10
        echo "Testing VPN connection"
        ping -c 4 -i 4 "$VPNIP"
        if [ $? -eq 0 ]; then
            echo "vpn tunnel established"
        else
            echo "vpn connection failed"
        fi

        ;;
esac
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`#!/bin/bash`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`# script to manage openvpn`
Update iiab-vpn 2018-04-29 06:20:53 +00:00
Test (#20) * change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo 2017-06-09 23:25:56 +00:00			`if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`VPNCONFIG='party-line.conf'`
Update iiab-vpn 2018-04-29 06:34:11 +00:00			`VPNIP={{ openvpn_server_virtual_ip }}`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`else`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`# expect the sourced file to set the above variables`
			`source /etc/openvpn/iiab-vpn.conf`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`fi`

			`# we'd like the user of this script to have root privilege`
			`if [ "$(id -u)" != "0" ]; then`
			`echo "This script must be run as root" 1>&2`
			`exit 1`
			`fi`

			`case $1 in`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`"stop" \| "no" \| "off")`
			`killall openvpn`
			`exit 0`
			`;;`
			`"status")`
			pid=`ps -e\|grep openvpn`
			`if [ -z "$pid" ]; then`
Update iiab-vpn 2018-04-29 06:34:11 +00:00			`echo "The OpenVPN process is not running"`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`else`
Update iiab-vpn 2018-04-29 06:34:11 +00:00			`echo "OpenVPN is running with id $pid"`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			ip=`ifconfig tun \| gawk '(/netmask /) {print( $2);}'`
			`echo "Local vpn tunnel address is $ip"`
			`fi`
			`exit 0`
			`;;`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`esac`

Update iiab-vpn 2018-04-29 06:40:33 +00:00			`# we'd like for password authentication to be turned off`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config`
			`PASSWORDS_ENABLED=$?`

			`if [ $PASSWORDS_ENABLED -eq 0 ];then`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`case $1 in`
			`"test" \| "unsafe") ;;`
			`*)`
Update iiab-vpn 2018-04-29 06:34:11 +00:00			`echo "OpenVPN is only safe when public/private keys are used"`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`echo " And when passwords are turned off in /etc/ssh/sshd_conf"`
			`exit 1`
			`esac`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`fi`

			`# openvpn config file directory`
			`dir=/etc/openvpn`

			`if [ $# -eq 0 ]; then`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`cmd="test"`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`else`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`cmd=$1`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`fi`

			`case $cmd in`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`"test" \| "unsafe" )`
			`# load TUN/TAP kernel module`
			`modprobe tun`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`# make sure the wan is functioning`
			`# 8.8.8.8 is one of google's dns servers`
			`ping -c 3 -i 3 8.8.8.8`
			`if [ $? -ne 0 ]; then`
			`echo "internet is not available, tunnel not possible"`
			`exit 1`
			`fi`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`# check the vpn tunnel`
			`ping -c 5 -i 5 "$VPNIP"`
			`# a zero return means the tunnel is up`
			`if [ $? -ne "0" ]; then`
			`echo "Stopping any openvpn instance"`
			`killall openvpn`
			`sleep 10`
Update iiab-vpn 2018-04-29 06:34:11 +00:00			`echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"`
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`openvpn --cd $dir --daemon --config $VPNCONFIG`
			`fi`
			`sleep 10`
			`echo "Testing VPN connection"`
			`ping -c 4 -i 4 "$VPNIP"`
			`if [ $? -eq 0 ]; then`
			`echo "vpn tunnel established"`
			`else`
			`echo "vpn connection failed"`
			`fi`
Update iiab-vpn 2018-04-29 06:34:11 +00:00
Update iiab-vpn 2018-04-29 06:20:53 +00:00			`;;`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`esac`