mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Merge pull request #763 from holta/openvpn
Minor refactor of {iiab-vpn, iiab-remote-off, iiab-remote-on} for readability
This commit is contained in:
commit
88c850303c
3 changed files with 69 additions and 70 deletions
|
@ -4,7 +4,7 @@
|
||||||
# do nothing if it is not installed
|
# do nothing if it is not installed
|
||||||
which openvpn
|
which openvpn
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo Cannot find the openvpn program.
|
echo Cannot find the OpenVPN program (openvpn).
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
systemctl disable openvpn@xscenet.service
|
systemctl disable openvpn@xscenet.service
|
||||||
|
@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
|
||||||
sleep 5
|
sleep 5
|
||||||
ps -e|grep vpn
|
ps -e|grep vpn
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
echo Openvpn failed to stop.
|
echo OpenVPN failed to stop.
|
||||||
else
|
else
|
||||||
echo Successfully stopped and disabled Openvpn
|
echo Successfully stopped and disabled OpenVPN.
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# do nothing if it is not installed
|
# do nothing if it is not installed
|
||||||
which openvpn
|
which openvpn
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo Cannot find the openvpn program.
|
echo Cannot find the OpenVPN program (openvpn).
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
systemctl enable openvpn@xscenet.service
|
systemctl enable openvpn@xscenet.service
|
||||||
|
@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
|
||||||
sleep 5
|
sleep 5
|
||||||
ping -c 2 10.8.0.1
|
ping -c 2 10.8.0.1
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
echo Openvpn successfully started.
|
echo OpenVPN successfully started.
|
||||||
else
|
else
|
||||||
echo Openvpn failed to contact remote server.
|
echo OpenVPN failed to contact remote server.
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
# script to manage openvpn
|
# script to manage openvpn
|
||||||
|
|
||||||
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
|
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
|
||||||
VPNCONFIG='party-line.conf'
|
VPNCONFIG='party-line.conf'
|
||||||
VPNIP={{ openvpn_server_virtual_ip }}
|
VPNIP={{ openvpn_server_virtual_ip }}
|
||||||
|
@ -15,25 +16,24 @@ if [ "$(id -u)" != "0" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
"stop" | "no" | "off")
|
"stop" | "no" | "off")
|
||||||
killall openvpn
|
killall openvpn
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
"status")
|
"status")
|
||||||
pid=`ps -e|grep openvpn`
|
pid=`ps -e|grep openvpn`
|
||||||
if [ -z "$pid" ]; then
|
if [ -z "$pid" ]; then
|
||||||
echo "The openvpn process is not running"
|
echo "The OpenVPN process is not running"
|
||||||
else
|
else
|
||||||
echo "Openvpn is running with id $pid"
|
echo "OpenVPN is running with id $pid"
|
||||||
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
|
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
|
||||||
echo "Local vpn tunnel address is $ip"
|
echo "Local vpn tunnel address is $ip"
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# we'd like for passwords authentication to be turned off
|
# we'd like for password authentication to be turned off
|
||||||
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
|
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
|
||||||
PASSWORDS_ENABLED=$?
|
PASSWORDS_ENABLED=$?
|
||||||
|
|
||||||
|
@ -41,8 +41,7 @@ if [ $PASSWORDS_ENABLED -eq 0 ];then
|
||||||
case $1 in
|
case $1 in
|
||||||
"test" | "unsafe") ;;
|
"test" | "unsafe") ;;
|
||||||
*)
|
*)
|
||||||
|
echo "OpenVPN is only safe when public/private keys are used"
|
||||||
echo "Openvpn is only safe when public/private keys are used"
|
|
||||||
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
|
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
|
||||||
exit 1
|
exit 1
|
||||||
esac
|
esac
|
||||||
|
@ -58,8 +57,8 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $cmd in
|
case $cmd in
|
||||||
"test" | "unsafe" )
|
"test" | "unsafe" )
|
||||||
# load TUN/TAP kernel module
|
# load TUN/TAP kernel module
|
||||||
modprobe tun
|
modprobe tun
|
||||||
|
|
||||||
# make sure the wan is functioning
|
# make sure the wan is functioning
|
||||||
|
@ -77,7 +76,7 @@ case $cmd in
|
||||||
echo "Stopping any openvpn instance"
|
echo "Stopping any openvpn instance"
|
||||||
killall openvpn
|
killall openvpn
|
||||||
sleep 10
|
sleep 10
|
||||||
echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
|
echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
|
||||||
openvpn --cd $dir --daemon --config $VPNCONFIG
|
openvpn --cd $dir --daemon --config $VPNCONFIG
|
||||||
fi
|
fi
|
||||||
sleep 10
|
sleep 10
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue