Merge pull request #763 from holta/openvpn

Minor refactor of {iiab-vpn, iiab-remote-off, iiab-remote-on} for readability

roles/openvpn/templates/iiab-remote-off

@@ -4,8 +4,8 @@
 # do nothing if it is not installed
 which openvpn
 if [ $? -ne 0 ]; then
-   echo Cannot find the openvpn program.
+    echo Cannot find the OpenVPN program (openvpn).
-   exit 1
+    exit 1
 fi
 systemctl disable openvpn@xscenet.service
 systemctl stop openvpn@xscenet.service
@@ -13,7 +13,7 @@ systemctl stop openvpn@xscenet.service
 sleep 5
 ps -e|grep vpn
 if [ $? -eq 0 ]; then
-  echo Openvpn failed to stop.
+    echo OpenVPN failed to stop.
 else
-  echo Successfully stopped and disabled Openvpn
+    echo Successfully stopped and disabled OpenVPN.
 fi

roles/openvpn/templates/iiab-remote-on

@@ -4,8 +4,8 @@
 # do nothing if it is not installed
 which openvpn
 if [ $? -ne 0 ]; then
-   echo Cannot find the openvpn program.
+    echo Cannot find the OpenVPN program (openvpn).
-   exit 1
+    exit 1
 fi
 systemctl enable openvpn@xscenet.service
 systemctl start openvpn@xscenet.service
@@ -13,7 +13,7 @@ systemctl start openvpn@xscenet.service
 sleep 5
 ping -c 2 10.8.0.1
 if [ $? -eq 0 ]; then
-  echo Openvpn successfully started.
+    echo OpenVPN successfully started.
 else
-  echo Openvpn failed to contact remote server.
+    echo OpenVPN failed to contact remote server.
 fi

roles/openvpn/templates/iiab-vpn

@@ -1,11 +1,12 @@
-#!/bin/sh
+#!/bin/bash
 # script to manage openvpn
+
 if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
-  VPNCONFIG='party-line.conf'
+    VPNCONFIG='party-line.conf'
-  VPNIP={{ openvpn_server_virtual_ip }}
+    VPNIP={{ openvpn_server_virtual_ip }}
 else
-  # expect the sourced file to set the above variables
+    # expect the sourced file to set the above variables
-  source /etc/openvpn/iiab-vpn.conf
+    source /etc/openvpn/iiab-vpn.conf
 fi
 
 # we'd like the user of this script to have root privilege
@@ -15,79 +16,77 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 case $1 in
-"stop" | "no" | "off")
+    "stop" | "no" | "off")
-    killall openvpn
+        killall openvpn
-    exit 0
+        exit 0
-    ;;
+        ;;
-"status")
+    "status")
-    pid=`ps -e|grep openvpn`
+        pid=`ps -e|grep openvpn`
-    if [ -z "$pid" ]; then
+        if [ -z "$pid" ]; then
-        echo "The openvpn process is not running"
+            echo "The OpenVPN process is not running"
-    else
+        else
-        echo "Openvpn is running with id $pid"
+            echo "OpenVPN is running with id $pid"
-        ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
+            ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
-        echo "Local vpn tunnel address is $ip"
+            echo "Local vpn tunnel address is $ip"
-    fi
+        fi
-    exit 0
+        exit 0
-    ;;
+        ;;
-    
 esac
 
-# we'd like for passwords authentication to be turned off
+# we'd like for password authentication to be turned off
 grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
 PASSWORDS_ENABLED=$?
 
 if [ $PASSWORDS_ENABLED -eq 0 ];then
-	case $1 in
+    case $1 in
-    "test" | "unsafe") ;;
+        "test" | "unsafe") ;;
-    *)
+        *)
-
+            echo "OpenVPN is only safe when public/private keys are used"
-		echo "Openvpn is only safe when public/private keys are used"
+            echo " And when passwords are turned off in /etc/ssh/sshd_conf"
-		echo " And when passwords are turned off in /etc/ssh/sshd_conf"
+            exit 1
-		exit 1
+    esac
-  esac
 fi
 
 # openvpn config file directory
 dir=/etc/openvpn
 
 if [ $# -eq 0 ]; then
-  cmd="test"
+    cmd="test"
 else
-  cmd=$1
+    cmd=$1
 fi
 
 case $cmd in
-"test" | "unsafe" )
+    "test" | "unsafe" )
-# load TUN/TAP kernel module
+        # load TUN/TAP kernel module
-    modprobe tun
+        modprobe tun
 
-	# make sure the wan is functioning
+        # make sure the wan is functioning
-	# 8.8.8.8 is one of google's dns servers
+        # 8.8.8.8 is one of google's dns servers
-	ping -c 3 -i 3 8.8.8.8
+        ping -c 3 -i 3 8.8.8.8
-	if [ $? -ne 0 ]; then
+        if [ $? -ne 0 ]; then
-		echo "internet is not available, tunnel not possible"
+            echo "internet is not available, tunnel not possible"
-		exit 1
+            exit 1
-	fi
+        fi
-	
-	# check the vpn tunnel
-	ping -c 5 -i 5 "$VPNIP"
-	# a zero return means the tunnel is up
-	if [ $? -ne "0" ]; then
-		echo "Stopping any openvpn instance"
-		killall openvpn
-		sleep 10
-		echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
-    		openvpn --cd $dir --daemon --config $VPNCONFIG
-	fi
-	sleep 10 
-	echo "Testing VPN connection"
-	ping -c 4 -i 4 "$VPNIP"
-	if [ $? -eq 0 ]; then
-		echo "vpn tunnel established"
-	else
-		echo "vpn connection failed"
-	fi
 
-    ;;
+        # check the vpn tunnel
+        ping -c 5 -i 5 "$VPNIP"
+        # a zero return means the tunnel is up
+        if [ $? -ne "0" ]; then
+            echo "Stopping any openvpn instance"
+            killall openvpn
+            sleep 10
+            echo "Starting OpenVPN and waiting 10 seconds for daemon to become ready"
+            openvpn --cd $dir --daemon --config $VPNCONFIG
+        fi
+        sleep 10
+        echo "Testing VPN connection"
+        ping -c 4 -i 4 "$VPNIP"
+        if [ $? -eq 0 ]; then
+            echo "vpn tunnel established"
+        else
+            echo "vpn connection failed"
+        fi
+
+        ;;
 esac