1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #763 from holta/openvpn

Minor refactor of {iiab-vpn, iiab-remote-off, iiab-remote-on} for readability
This commit is contained in:
A Holt 2018-04-29 02:59:45 -04:00 committed by GitHub
commit 88c850303c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 70 deletions

View file

@ -4,8 +4,8 @@
# do nothing if it is not installed
which openvpn
if [ $? -ne 0 ]; then
echo Cannot find the openvpn program.
exit 1
echo Cannot find the OpenVPN program (openvpn).
exit 1
fi
systemctl disable openvpn@xscenet.service
systemctl stop openvpn@xscenet.service
@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
sleep 5
ps -e|grep vpn
if [ $? -eq 0 ]; then
echo Openvpn failed to stop.
echo OpenVPN failed to stop.
else
echo Successfully stopped and disabled Openvpn
echo Successfully stopped and disabled OpenVPN.
fi

View file

@ -4,8 +4,8 @@
# do nothing if it is not installed
which openvpn
if [ $? -ne 0 ]; then
echo Cannot find the openvpn program.
exit 1
echo Cannot find the OpenVPN program (openvpn).
exit 1
fi
systemctl enable openvpn@xscenet.service
systemctl start openvpn@xscenet.service
@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
sleep 5
ping -c 2 10.8.0.1
if [ $? -eq 0 ]; then
echo Openvpn successfully started.
echo OpenVPN successfully started.
else
echo Openvpn failed to contact remote server.
echo OpenVPN failed to contact remote server.
fi

View file

@ -1,11 +1,12 @@
#!/bin/sh
#!/bin/bash
# script to manage openvpn
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
VPNCONFIG='party-line.conf'
VPNIP={{ openvpn_server_virtual_ip }}
VPNCONFIG='party-line.conf'
VPNIP={{ openvpn_server_virtual_ip }}
else
# expect the sourced file to set the above variables
source /etc/openvpn/iiab-vpn.conf
# expect the sourced file to set the above variables
source /etc/openvpn/iiab-vpn.conf
fi
# we'd like the user of this script to have root privilege
@ -15,79 +16,77 @@ if [ "$(id -u)" != "0" ]; then
fi
case $1 in
"stop" | "no" | "off")
killall openvpn
exit 0
;;
"status")
pid=`ps -e|grep openvpn`
if [ -z "$pid" ]; then
echo "The openvpn process is not running"
else
echo "Openvpn is running with id $pid"
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
echo "Local vpn tunnel address is $ip"
fi
exit 0
;;
"stop" | "no" | "off")
killall openvpn
exit 0
;;
"status")
pid=`ps -e|grep openvpn`
if [ -z "$pid" ]; then
echo "The OpenVPN process is not running"
else
echo "OpenVPN is running with id $pid"
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
echo "Local vpn tunnel address is $ip"
fi
exit 0
;;
esac
# we'd like for passwords authentication to be turned off
# we'd like for password authentication to be turned off
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
PASSWORDS_ENABLED=$?
if [ $PASSWORDS_ENABLED -eq 0 ];then
case $1 in
"test" | "unsafe") ;;
*)
echo "Openvpn is only safe when public/private keys are used"
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
exit 1
esac
case $1 in
"test" | "unsafe") ;;
*)
echo "OpenVPN is only safe when public/private keys are used"
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
exit 1
esac
fi
# openvpn config file directory
dir=/etc/openvpn
if [ $# -eq 0 ]; then
cmd="test"
cmd="test"
else
cmd=$1
cmd=$1
fi
case $cmd in
"test" | "unsafe" )
# load TUN/TAP kernel module
modprobe tun
"test" | "unsafe" )
# load TUN/TAP kernel module
modprobe tun
# make sure the wan is functioning
# 8.8.8.8 is one of google's dns servers
ping -c 3 -i 3 8.8.8.8
if [ $? -ne 0 ]; then
echo "internet is not available, tunnel not possible"
exit 1
fi
# check the vpn tunnel
ping -c 5 -i 5 "$VPNIP"
# a zero return means the tunnel is up
if [ $? -ne "0" ]; then
echo "Stopping any openvpn instance"
killall openvpn
sleep 10
echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
openvpn --cd $dir --daemon --config $VPNCONFIG
fi
sleep 10
echo "Testing VPN connection"
ping -c 4 -i 4 "$VPNIP"
if [ $? -eq 0 ]; then
echo "vpn tunnel established"
else
echo "vpn connection failed"
fi
# make sure the wan is functioning
# 8.8.8.8 is one of google's dns servers
ping -c 3 -i 3 8.8.8.8
if [ $? -ne 0 ]; then
echo "internet is not available, tunnel not possible"
exit 1
fi
;;
# check the vpn tunnel
ping -c 5 -i 5 "$VPNIP"
# a zero return means the tunnel is up
if [ $? -ne "0" ]; then
echo "Stopping any openvpn instance"
killall openvpn
sleep 10
echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
openvpn --cd $dir --daemon --config $VPNCONFIG
fi
sleep 10
echo "Testing VPN connection"
ping -c 4 -i 4 "$VPNIP"
if [ $? -eq 0 ]; then
echo "vpn tunnel established"
else
echo "vpn connection failed"
fi
;;
esac