external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #763 from holta/openvpn

Browse source 
Minor refactor of {iiab-vpn, iiab-remote-off, iiab-remote-on} for readability
This commit is contained in:
A Holt 2018-04-29 02:59:45 -04:00 committed by GitHub
commit 88c850303c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

6
roles/openvpn/templates/iiab-remote-off
View file

@ -4,7 +4,7 @@
# do nothing if it is not installed # do nothing if it is not installed
which openvpn which openvpn
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo Cannot find the openvpn program. echo Cannot find the OpenVPN program (openvpn).
exit 1 exit 1
fi fi
systemctl disable openvpn@xscenet.service systemctl disable openvpn@xscenet.service
@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
sleep 5 sleep 5
ps -e|grep vpn ps -e|grep vpn
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo Openvpn failed to stop. echo OpenVPN failed to stop.
else else
echo Successfully stopped and disabled Openvpn echo Successfully stopped and disabled OpenVPN.
fi fi

6
roles/openvpn/templates/iiab-remote-on
View file

@ -4,7 +4,7 @@
# do nothing if it is not installed # do nothing if it is not installed
which openvpn which openvpn
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo Cannot find the openvpn program. echo Cannot find the OpenVPN program (openvpn).
exit 1 exit 1
fi fi
systemctl enable openvpn@xscenet.service systemctl enable openvpn@xscenet.service
@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
sleep 5 sleep 5
ping -c 2 10.8.0.1 ping -c 2 10.8.0.1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo Openvpn successfully started. echo OpenVPN successfully started.
else else
echo Openvpn failed to contact remote server. echo OpenVPN failed to contact remote server.
fi fi

15
roles/openvpn/templates/iiab-vpn
View file

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/bash
# script to manage openvpn # script to manage openvpn
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
VPNCONFIG='party-line.conf' VPNCONFIG='party-line.conf'
VPNIP={{ openvpn_server_virtual_ip }} VPNIP={{ openvpn_server_virtual_ip }}
@ -22,18 +23,17 @@ case $1 in
"status") "status")
pid=`ps -e|grep openvpn` pid=`ps -e|grep openvpn`
if [ -z "$pid" ]; then if [ -z "$pid" ]; then
echo "The openvpn process is not running" echo "The OpenVPN process is not running"
else else
echo "Openvpn is running with id $pid" echo "OpenVPN is running with id $pid"
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'` ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
echo "Local vpn tunnel address is $ip" echo "Local vpn tunnel address is $ip"
fi fi
exit 0 exit 0
;; ;;
esac esac
# we'd like for passwords authentication to be turned off # we'd like for password authentication to be turned off
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
PASSWORDS_ENABLED=$? PASSWORDS_ENABLED=$?
@ -41,8 +41,7 @@ if [ $PASSWORDS_ENABLED -eq 0 ];then
case $1 in case $1 in
"test" | "unsafe") ;; "test" | "unsafe") ;;
*) *)
echo "OpenVPN is only safe when public/private keys are used"
echo "Openvpn is only safe when public/private keys are used"
echo " And when passwords are turned off in /etc/ssh/sshd_conf" echo " And when passwords are turned off in /etc/ssh/sshd_conf"
exit 1 exit 1
esac esac
@ -77,7 +76,7 @@ case $cmd in
echo "Stopping any openvpn instance" echo "Stopping any openvpn instance"
killall openvpn killall openvpn
sleep 10 sleep 10
echo "Starting openvpn and waiting 10 seconds for daemon to become ready" echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
openvpn --cd $dir --daemon --config $VPNCONFIG openvpn --cd $dir --daemon --config $VPNCONFIG
fi fi
sleep 10 sleep 10