From 15a2a3f8a6092c5768c53f3c27fe9d9cd32e348c Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Thu, 11 Aug 2022 09:36:31 -0400
Subject: [PATCH 1/3] Disable openvpn service AND openvpn_enabled in
 local_vars.yml

---
 roles/openvpn/templates/iiab-remote-off | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index 9d3b0d258..f450bc79d 100755
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -19,6 +19,12 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
+if grep -q '^openvpn_enabled:' /etc/iiab/local_vars.yml; then
+    sed -i "s/^openvpn_enabled:.*/openvpn_enabled: False/" /etc/iiab/local_vars.yml
+else
+    echo "openvpn_enabled: False" >> /etc/iiab/local_vars.yml
+fi
+
 systemctl disable openvpn
 systemctl stop openvpn
 

From 83dc48ba7d3841b38c136b3e5a754fc79ece40d4 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Thu, 11 Aug 2022 09:45:09 -0400
Subject: [PATCH 2/3] iiab-remote-off: Comment out stale guidance

---
 roles/openvpn/templates/iiab-remote-off | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index f450bc79d..914621435 100755
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -3,14 +3,14 @@
 # /usr/bin/iiab-remote-off should fully turn off multiple remote support
 # services like OpenVPN and others, to reduce risk of remote attacks.
 
-echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n'
-
-echo -e '1) Set this variable in /etc/iiab/local_vars.yml'
-echo -e '   openvpn_enabled: False\n'
-
-echo -e '2) Run:'
-echo -e '   cd /opt/iiab/iiab'
-echo -e '   sudo ./runrole openvpn\n'
+# echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n'
+#
+# echo -e '1) Set this variable in /etc/iiab/local_vars.yml'
+# echo -e '   openvpn_enabled: False\n'
+#
+# echo -e '2) Run:'
+# echo -e '   cd /opt/iiab/iiab'
+# echo -e '   sudo ./runrole openvpn\n'
 
 # Do nothing if OpenVPN not installed
 which openvpn

From 3227cffe5f0a898bb14677f57cb3263385e11771 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Thu, 11 Aug 2022 12:02:44 -0400
Subject: [PATCH 3/3] iiab-remote-off: UX explaining OpenVPN's truly off

---
 roles/openvpn/templates/iiab-remote-off | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index 914621435..6d5003b78 100755
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -31,7 +31,9 @@ systemctl stop openvpn
 sleep 5
 ps -e | grep openvpn    # 2018-09-05: "ps -e | grep vpn" no longer works (nor would "pgrep vpn") when invoked from iiab-vpn-off (as filename itself causes [multiple] "vpn" instances to appear in process list!)
 if [ $? -eq 0 ]; then
-    echo OpenVPN failed to stop.
+    echo "OpenVPN failed to stop."
 else
-    echo Successfully stopped and disabled OpenVPN.
+    echo "OpenVPN's systemd service was successfully stopped and disabled."
+    echo
+    echo "Also, 'openvpn_enabled: False' was set in /etc/iiab/local_vars.yml"
 fi