From 4f777e66b6e6045806806b46878c6b1dde2c8964 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:20:53 -0400 Subject: [PATCH 1/8] Update iiab-vpn --- roles/openvpn/templates/iiab-vpn | 121 +++++++++++++++---------------- 1 file changed, 60 insertions(+), 61 deletions(-) diff --git a/roles/openvpn/templates/iiab-vpn b/roles/openvpn/templates/iiab-vpn index dc78c1b6a..f1d3c1d9f 100755 --- a/roles/openvpn/templates/iiab-vpn +++ b/roles/openvpn/templates/iiab-vpn @@ -1,11 +1,12 @@ -#!/bin/sh +#!/bin/bash # script to manage openvpn + if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then - VPNCONFIG='party-line.conf' - VPNIP={{ openvpn_server_virtual_ip }} + VPNCONFIG='party-line.conf' + VPNIP=10.8.0.1 else - # expect the sourced file to set the above variables - source /etc/openvpn/iiab-vpn.conf + # expect the sourced file to set the above variables + source /etc/openvpn/iiab-vpn.conf fi # we'd like the user of this script to have root privilege @@ -15,22 +16,21 @@ if [ "$(id -u)" != "0" ]; then fi case $1 in -"stop" | "no" | "off") - killall openvpn - exit 0 - ;; -"status") - pid=`ps -e|grep openvpn` - if [ -z "$pid" ]; then - echo "The openvpn process is not running" - else - echo "Openvpn is running with id $pid" - ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` - echo "Local vpn tunnel address is $ip" - fi - exit 0 - ;; - + "stop" | "no" | "off") + killall openvpn + exit 0 + ;; + "status") + pid=`ps -e|grep openvpn` + if [ -z "$pid" ]; then + echo "The openvpn process is not running" + else + echo "Openvpn is running with id $pid" + ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` + echo "Local vpn tunnel address is $ip" + fi + exit 0 + ;; esac # we'd like for passwords authentication to be turned off @@ -38,56 +38,55 @@ grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config PASSWORDS_ENABLED=$? if [ $PASSWORDS_ENABLED -eq 0 ];then - case $1 in - "test" | "unsafe") ;; - *) - - echo "Openvpn is only safe when public/private keys are used" - echo " And when passwords are turned off in /etc/ssh/sshd_conf" - exit 1 - esac + case $1 in + "test" | "unsafe") ;; + *) + echo "Openvpn is only safe when public/private keys are used" + echo " And when passwords are turned off in /etc/ssh/sshd_conf" + exit 1 + esac fi # openvpn config file directory dir=/etc/openvpn if [ $# -eq 0 ]; then - cmd="test" + cmd="test" else - cmd=$1 + cmd=$1 fi case $cmd in -"test" | "unsafe" ) -# load TUN/TAP kernel module - modprobe tun + "test" | "unsafe" ) + # load TUN/TAP kernel module + modprobe tun - # make sure the wan is functioning - # 8.8.8.8 is one of google's dns servers - ping -c 3 -i 3 8.8.8.8 - if [ $? -ne 0 ]; then - echo "internet is not available, tunnel not possible" - exit 1 - fi - - # check the vpn tunnel - ping -c 5 -i 5 "$VPNIP" - # a zero return means the tunnel is up - if [ $? -ne "0" ]; then - echo "Stopping any openvpn instance" - killall openvpn - sleep 10 - echo "Starting openvpn and waiting 10 seconds for daemon to become ready" - openvpn --cd $dir --daemon --config $VPNCONFIG - fi - sleep 10 - echo "Testing VPN connection" - ping -c 4 -i 4 "$VPNIP" - if [ $? -eq 0 ]; then - echo "vpn tunnel established" - else - echo "vpn connection failed" - fi + # make sure the wan is functioning + # 8.8.8.8 is one of google's dns servers + ping -c 3 -i 3 8.8.8.8 + if [ $? -ne 0 ]; then + echo "internet is not available, tunnel not possible" + exit 1 + fi - ;; + # check the vpn tunnel + ping -c 5 -i 5 "$VPNIP" + # a zero return means the tunnel is up + if [ $? -ne "0" ]; then + echo "Stopping any openvpn instance" + killall openvpn + sleep 10 + echo "Starting openvpn and waiting 10 seconds for daemon to become r +eady" + openvpn --cd $dir --daemon --config $VPNCONFIG + fi + sleep 10 + echo "Testing VPN connection" + ping -c 4 -i 4 "$VPNIP" + if [ $? -eq 0 ]; then + echo "vpn tunnel established" + else + echo "vpn connection failed" + fi + ;; esac From 8f490949f557456cdc5ccfe51e97aeea7ba7cccd Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:24:41 -0400 Subject: [PATCH 2/8] Update iiab-remote-on --- roles/openvpn/templates/iiab-remote-on | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-on b/roles/openvpn/templates/iiab-remote-on index 5f40903da..ae8110732 100644 --- a/roles/openvpn/templates/iiab-remote-on +++ b/roles/openvpn/templates/iiab-remote-on @@ -4,8 +4,8 @@ # do nothing if it is not installed which openvpn if [ $? -ne 0 ]; then - echo Cannot find the openvpn program. - exit 1 + echo Cannot find the openvpn program. + exit 1 fi systemctl enable openvpn@xscenet.service systemctl start openvpn@xscenet.service @@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service sleep 5 ping -c 2 10.8.0.1 if [ $? -eq 0 ]; then - echo Openvpn successfully started. + echo Openvpn successfully started. else - echo Openvpn failed to contact remote server. + echo Openvpn failed to contact remote server. fi From 66c4132c6d112af7fa541c251d8cdc9033d2938f Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:25:14 -0400 Subject: [PATCH 3/8] Update iiab-remote-off --- roles/openvpn/templates/iiab-remote-off | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 527c77cab..8663c11b5 100644 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -4,8 +4,8 @@ # do nothing if it is not installed which openvpn if [ $? -ne 0 ]; then - echo Cannot find the openvpn program. - exit 1 + echo Cannot find the openvpn program. + exit 1 fi systemctl disable openvpn@xscenet.service systemctl stop openvpn@xscenet.service @@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service sleep 5 ps -e|grep vpn if [ $? -eq 0 ]; then - echo Openvpn failed to stop. + echo Openvpn failed to stop. else - echo Successfully stopped and disabled Openvpn + echo Successfully stopped and disabled Openvpn fi From 440b21102bbb756a959565b5d8dcf209618f96af Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:34:11 -0400 Subject: [PATCH 4/8] Update iiab-vpn --- roles/openvpn/templates/iiab-vpn | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/openvpn/templates/iiab-vpn b/roles/openvpn/templates/iiab-vpn index f1d3c1d9f..c3aab24eb 100755 --- a/roles/openvpn/templates/iiab-vpn +++ b/roles/openvpn/templates/iiab-vpn @@ -3,7 +3,7 @@ if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then VPNCONFIG='party-line.conf' - VPNIP=10.8.0.1 + VPNIP={{ openvpn_server_virtual_ip }} else # expect the sourced file to set the above variables source /etc/openvpn/iiab-vpn.conf @@ -23,9 +23,9 @@ case $1 in "status") pid=`ps -e|grep openvpn` if [ -z "$pid" ]; then - echo "The openvpn process is not running" + echo "The OpenVPN process is not running" else - echo "Openvpn is running with id $pid" + echo "OpenVPN is running with id $pid" ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` echo "Local vpn tunnel address is $ip" fi @@ -41,7 +41,7 @@ if [ $PASSWORDS_ENABLED -eq 0 ];then case $1 in "test" | "unsafe") ;; *) - echo "Openvpn is only safe when public/private keys are used" + echo "OpenVPN is only safe when public/private keys are used" echo " And when passwords are turned off in /etc/ssh/sshd_conf" exit 1 esac @@ -76,8 +76,7 @@ case $cmd in echo "Stopping any openvpn instance" killall openvpn sleep 10 - echo "Starting openvpn and waiting 10 seconds for daemon to become r -eady" + echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready" openvpn --cd $dir --daemon --config $VPNCONFIG fi sleep 10 @@ -88,5 +87,6 @@ eady" else echo "vpn connection failed" fi + ;; esac From 0f21da54771ababff78bdd80fcd74ab8c928607d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:37:19 -0400 Subject: [PATCH 5/8] Update iiab-remote-off --- roles/openvpn/templates/iiab-remote-off | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off index 8663c11b5..a5e1b46d3 100644 --- a/roles/openvpn/templates/iiab-remote-off +++ b/roles/openvpn/templates/iiab-remote-off @@ -4,7 +4,7 @@ # do nothing if it is not installed which openvpn if [ $? -ne 0 ]; then - echo Cannot find the openvpn program. + echo Cannot find the OpenVPN program (openvpn). exit 1 fi systemctl disable openvpn@xscenet.service @@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service sleep 5 ps -e|grep vpn if [ $? -eq 0 ]; then - echo Openvpn failed to stop. + echo OpenVPN failed to stop. else - echo Successfully stopped and disabled Openvpn + echo Successfully stopped and disabled OpenVPN. fi From dd98f06a7aae34d46d172a50fae3050df8214f5d Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:38:00 -0400 Subject: [PATCH 6/8] Update iiab-remote-on --- roles/openvpn/templates/iiab-remote-on | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/templates/iiab-remote-on b/roles/openvpn/templates/iiab-remote-on index ae8110732..0c1215077 100644 --- a/roles/openvpn/templates/iiab-remote-on +++ b/roles/openvpn/templates/iiab-remote-on @@ -4,7 +4,7 @@ # do nothing if it is not installed which openvpn if [ $? -ne 0 ]; then - echo Cannot find the openvpn program. + echo Cannot find the OpenVPN program (openvpn). exit 1 fi systemctl enable openvpn@xscenet.service @@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service sleep 5 ping -c 2 10.8.0.1 if [ $? -eq 0 ]; then - echo Openvpn successfully started. + echo OpenVPN successfully started. else - echo Openvpn failed to contact remote server. + echo OpenVPN failed to contact remote server. fi From 79a362ace33cd5fe54384c38eca6c2da48a69cf8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sun, 29 Apr 2018 02:40:33 -0400 Subject: [PATCH 8/8] Update iiab-vpn --- roles/openvpn/templates/iiab-vpn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/openvpn/templates/iiab-vpn b/roles/openvpn/templates/iiab-vpn index c3aab24eb..306902c1e 100755 --- a/roles/openvpn/templates/iiab-vpn +++ b/roles/openvpn/templates/iiab-vpn @@ -33,7 +33,7 @@ case $1 in ;; esac -# we'd like for passwords authentication to be turned off +# we'd like for password authentication to be turned off grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config PASSWORDS_ENABLED=$?