mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Merge pull request #763 from holta/openvpn
Minor refactor of {iiab-vpn, iiab-remote-off, iiab-remote-on} for readability
This commit is contained in:
commit
88c850303c
3 changed files with 69 additions and 70 deletions
|
@ -4,8 +4,8 @@
|
|||
# do nothing if it is not installed
|
||||
which openvpn
|
||||
if [ $? -ne 0 ]; then
|
||||
echo Cannot find the openvpn program.
|
||||
exit 1
|
||||
echo Cannot find the OpenVPN program (openvpn).
|
||||
exit 1
|
||||
fi
|
||||
systemctl disable openvpn@xscenet.service
|
||||
systemctl stop openvpn@xscenet.service
|
||||
|
@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
|
|||
sleep 5
|
||||
ps -e|grep vpn
|
||||
if [ $? -eq 0 ]; then
|
||||
echo Openvpn failed to stop.
|
||||
echo OpenVPN failed to stop.
|
||||
else
|
||||
echo Successfully stopped and disabled Openvpn
|
||||
echo Successfully stopped and disabled OpenVPN.
|
||||
fi
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
# do nothing if it is not installed
|
||||
which openvpn
|
||||
if [ $? -ne 0 ]; then
|
||||
echo Cannot find the openvpn program.
|
||||
exit 1
|
||||
echo Cannot find the OpenVPN program (openvpn).
|
||||
exit 1
|
||||
fi
|
||||
systemctl enable openvpn@xscenet.service
|
||||
systemctl start openvpn@xscenet.service
|
||||
|
@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
|
|||
sleep 5
|
||||
ping -c 2 10.8.0.1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo Openvpn successfully started.
|
||||
echo OpenVPN successfully started.
|
||||
else
|
||||
echo Openvpn failed to contact remote server.
|
||||
echo OpenVPN failed to contact remote server.
|
||||
fi
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
# script to manage openvpn
|
||||
|
||||
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
|
||||
VPNCONFIG='party-line.conf'
|
||||
VPNIP={{ openvpn_server_virtual_ip }}
|
||||
VPNCONFIG='party-line.conf'
|
||||
VPNIP={{ openvpn_server_virtual_ip }}
|
||||
else
|
||||
# expect the sourced file to set the above variables
|
||||
source /etc/openvpn/iiab-vpn.conf
|
||||
# expect the sourced file to set the above variables
|
||||
source /etc/openvpn/iiab-vpn.conf
|
||||
fi
|
||||
|
||||
# we'd like the user of this script to have root privilege
|
||||
|
@ -15,79 +16,77 @@ if [ "$(id -u)" != "0" ]; then
|
|||
fi
|
||||
|
||||
case $1 in
|
||||
"stop" | "no" | "off")
|
||||
killall openvpn
|
||||
exit 0
|
||||
;;
|
||||
"status")
|
||||
pid=`ps -e|grep openvpn`
|
||||
if [ -z "$pid" ]; then
|
||||
echo "The openvpn process is not running"
|
||||
else
|
||||
echo "Openvpn is running with id $pid"
|
||||
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
|
||||
echo "Local vpn tunnel address is $ip"
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
|
||||
"stop" | "no" | "off")
|
||||
killall openvpn
|
||||
exit 0
|
||||
;;
|
||||
"status")
|
||||
pid=`ps -e|grep openvpn`
|
||||
if [ -z "$pid" ]; then
|
||||
echo "The OpenVPN process is not running"
|
||||
else
|
||||
echo "OpenVPN is running with id $pid"
|
||||
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
|
||||
echo "Local vpn tunnel address is $ip"
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# we'd like for passwords authentication to be turned off
|
||||
# we'd like for password authentication to be turned off
|
||||
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
|
||||
PASSWORDS_ENABLED=$?
|
||||
|
||||
if [ $PASSWORDS_ENABLED -eq 0 ];then
|
||||
case $1 in
|
||||
"test" | "unsafe") ;;
|
||||
*)
|
||||
|
||||
echo "Openvpn is only safe when public/private keys are used"
|
||||
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
|
||||
exit 1
|
||||
esac
|
||||
case $1 in
|
||||
"test" | "unsafe") ;;
|
||||
*)
|
||||
echo "OpenVPN is only safe when public/private keys are used"
|
||||
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
|
||||
exit 1
|
||||
esac
|
||||
fi
|
||||
|
||||
# openvpn config file directory
|
||||
dir=/etc/openvpn
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
cmd="test"
|
||||
cmd="test"
|
||||
else
|
||||
cmd=$1
|
||||
cmd=$1
|
||||
fi
|
||||
|
||||
case $cmd in
|
||||
"test" | "unsafe" )
|
||||
# load TUN/TAP kernel module
|
||||
modprobe tun
|
||||
"test" | "unsafe" )
|
||||
# load TUN/TAP kernel module
|
||||
modprobe tun
|
||||
|
||||
# make sure the wan is functioning
|
||||
# 8.8.8.8 is one of google's dns servers
|
||||
ping -c 3 -i 3 8.8.8.8
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "internet is not available, tunnel not possible"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check the vpn tunnel
|
||||
ping -c 5 -i 5 "$VPNIP"
|
||||
# a zero return means the tunnel is up
|
||||
if [ $? -ne "0" ]; then
|
||||
echo "Stopping any openvpn instance"
|
||||
killall openvpn
|
||||
sleep 10
|
||||
echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
|
||||
openvpn --cd $dir --daemon --config $VPNCONFIG
|
||||
fi
|
||||
sleep 10
|
||||
echo "Testing VPN connection"
|
||||
ping -c 4 -i 4 "$VPNIP"
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "vpn tunnel established"
|
||||
else
|
||||
echo "vpn connection failed"
|
||||
fi
|
||||
# make sure the wan is functioning
|
||||
# 8.8.8.8 is one of google's dns servers
|
||||
ping -c 3 -i 3 8.8.8.8
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "internet is not available, tunnel not possible"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
;;
|
||||
# check the vpn tunnel
|
||||
ping -c 5 -i 5 "$VPNIP"
|
||||
# a zero return means the tunnel is up
|
||||
if [ $? -ne "0" ]; then
|
||||
echo "Stopping any openvpn instance"
|
||||
killall openvpn
|
||||
sleep 10
|
||||
echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
|
||||
openvpn --cd $dir --daemon --config $VPNCONFIG
|
||||
fi
|
||||
sleep 10
|
||||
echo "Testing VPN connection"
|
||||
ping -c 4 -i 4 "$VPNIP"
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "vpn tunnel established"
|
||||
else
|
||||
echo "vpn connection failed"
|
||||
fi
|
||||
|
||||
;;
|
||||
esac
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue