From 4f777e66b6e6045806806b46878c6b1dde2c8964 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:20:53 -0400 Subject: [PATCH] Update iiab-vpn --- roles/openvpn/templates/iiab-vpn | 121 +++++++++++++++---------------- 1 file changed, 60 insertions(+), 61 deletions(-) diff --git a/roles/openvpn/templates/iiab-vpn b/roles/openvpn/templates/iiab-vpn index dc78c1b6a..f1d3c1d9f 100755 --- a/roles/openvpn/templates/iiab-vpn +++ b/roles/openvpn/templates/iiab-vpn @@ -1,11 +1,12 @@ -#!/bin/sh +#!/bin/bash # script to manage openvpn + if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then - VPNCONFIG='party-line.conf' - VPNIP={{ openvpn_server_virtual_ip }} + VPNCONFIG='party-line.conf' + VPNIP=10.8.0.1 else - # expect the sourced file to set the above variables - source /etc/openvpn/iiab-vpn.conf + # expect the sourced file to set the above variables + source /etc/openvpn/iiab-vpn.conf fi # we'd like the user of this script to have root privilege @@ -15,22 +16,21 @@ if [ "$(id -u)" != "0" ]; then fi case $1 in -"stop" | "no" | "off") - killall openvpn - exit 0 - ;; -"status") - pid=`ps -e|grep openvpn` - if [ -z "$pid" ]; then - echo "The openvpn process is not running" - else - echo "Openvpn is running with id $pid" - ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` - echo "Local vpn tunnel address is $ip" - fi - exit 0 - ;; - + "stop" | "no" | "off") + killall openvpn + exit 0 + ;; + "status") + pid=`ps -e|grep openvpn` + if [ -z "$pid" ]; then + echo "The openvpn process is not running" + else + echo "Openvpn is running with id $pid" + ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` + echo "Local vpn tunnel address is $ip" + fi + exit 0 + ;; esac # we'd like for passwords authentication to be turned off @@ -38,56 +38,55 @@ grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config PASSWORDS_ENABLED=$? if [ $PASSWORDS_ENABLED -eq 0 ];then - case $1 in - "test" | "unsafe") ;; - *) - - echo "Openvpn is only safe when public/private keys are used" - echo " And when passwords are turned off in /etc/ssh/sshd_conf" - exit 1 - esac + case $1 in + "test" | "unsafe") ;; + *) + echo "Openvpn is only safe when public/private keys are used" + echo " And when passwords are turned off in /etc/ssh/sshd_conf" + exit 1 + esac fi # openvpn config file directory dir=/etc/openvpn if [ $# -eq 0 ]; then - cmd="test" + cmd="test" else - cmd=$1 + cmd=$1 fi case $cmd in -"test" | "unsafe" ) -# load TUN/TAP kernel module - modprobe tun + "test" | "unsafe" ) + # load TUN/TAP kernel module + modprobe tun - # make sure the wan is functioning - # 8.8.8.8 is one of google's dns servers - ping -c 3 -i 3 8.8.8.8 - if [ $? -ne 0 ]; then - echo "internet is not available, tunnel not possible" - exit 1 - fi - - # check the vpn tunnel - ping -c 5 -i 5 "$VPNIP" - # a zero return means the tunnel is up - if [ $? -ne "0" ]; then - echo "Stopping any openvpn instance" - killall openvpn - sleep 10 - echo "Starting openvpn and waiting 10 seconds for daemon to become ready" - openvpn --cd $dir --daemon --config $VPNCONFIG - fi - sleep 10 - echo "Testing VPN connection" - ping -c 4 -i 4 "$VPNIP" - if [ $? -eq 0 ]; then - echo "vpn tunnel established" - else - echo "vpn connection failed" - fi + # make sure the wan is functioning + # 8.8.8.8 is one of google's dns servers + ping -c 3 -i 3 8.8.8.8 + if [ $? -ne 0 ]; then + echo "internet is not available, tunnel not possible" + exit 1 + fi - ;; + # check the vpn tunnel + ping -c 5 -i 5 "$VPNIP" + # a zero return means the tunnel is up + if [ $? -ne "0" ]; then + echo "Stopping any openvpn instance" + killall openvpn + sleep 10 + echo "Starting openvpn and waiting 10 seconds for daemon to become r +eady" + openvpn --cd $dir --daemon --config $VPNCONFIG + fi + sleep 10 + echo "Testing VPN connection" + ping -c 4 -i 4 "$VPNIP" + if [ $? -eq 0 ]; then + echo "vpn tunnel established" + else + echo "vpn connection failed" + fi + ;; esac