diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 31f9d9c8f..b3b89cf34 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -70,8 +70,8 @@ # backup: yes # when: openvpn_handle is defined -# Comment out in future? up_wan was being installed twice (also above) and -# was unused for ~2 years as of August 2018: (see 15-openvpn below) +# up_wan was being installed twice (also above) and was unused for ~2 years +# as of August 2018: (see 15-openvpn below) #- name: Put up_wan in place (debuntu) # template: # src: up_wan @@ -79,8 +79,8 @@ # when: is_debuntu # Comment out in future? Contained serious bug (15-openvpn called -# up-wan instead of up_wan in /usr/lib/iiab/) so evidently unused -# for ~2 years, as of Aug 2018: +# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so +# evidently unused for ~2 years: - name: Put dispatcher up for NM (not debuntu) template: src: 15-openvpn @@ -174,7 +174,7 @@ value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" -# Uncommented as openvpn_handle variable is now mandatory: (if set to "", /etc/iiab/uuid will be used instead) +# openvpn_handle variable is mandatory as of August 2018 (if set to "", /etc/iiab/uuid will be used instead) - option: handle value: "{{ openvpn_handle }}" - option: cron_enabled diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn index 77e11591b..5b3f7a3c4 100755 --- a/roles/openvpn/templates/15-openvpn +++ b/roles/openvpn/templates/15-openvpn @@ -1,4 +1,5 @@ #!/bin/bash +# Not really used as of August 2018, but perhaps can be revived for CentOS etc export LC_ALL=C diff --git a/roles/openvpn/templates/announce b/roles/openvpn/templates/announce index c09e865ab..6325ff80d 100755 --- a/roles/openvpn/templates/announce +++ b/roles/openvpn/templates/announce @@ -1,4 +1,5 @@ #!/bin/bash -# disconnect our worker from everything +# Disconnect our worker from everything + DIR=$(dirname $0) nohup $DIR/announcer 0<&- &>/dev/null & diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan index bf344146e..ed85d9b47 100755 --- a/roles/openvpn/templates/up_wan +++ b/roles/openvpn/templates/up_wan @@ -1,5 +1,8 @@ #!/bin/bash -# if the wan has recently come up, see if we need to start openvpn +# Not really used as of August 2018, but perhaps can be revived for CentOS etc + +# If the wan has recently come up, see if we need to start openvpn + systemctl is-enabled openvpn if [ $? -eq 0 ]; then pgrep openvpn diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/openvpn/templates/xscenet.conf.j2 index cf83779de..1dc3779f1 100644 --- a/roles/openvpn/templates/xscenet.conf.j2 +++ b/roles/openvpn/templates/xscenet.conf.j2 @@ -1,32 +1,24 @@ -######################################### -# Sample client-side OpenVPN config file -# for connecting to multi-client server. +# Sample client-side OpenVPN config file for connecting to multi-client server. # # Adapted from http://openvpn.sourceforge.net/20notes.html # # The server can be pinged at {{ openvpn_server_virtual_ip }} -# port {{ openvpn_server_port }} dev tun remote {{ openvpn_server }} -# TLS parms - +# TLS parameters tls-client ca keys/ca.crt cert keys/client1.crt key keys/client1.key -# This parm is required for connecting -# to a multi-client server. It tells -# the client to accept options which -# the server pushes to us. +# This parameter is required for connecting to a multi-client server. +# It tells the client to accept options which the server pushes to us. pull -# Scripts can be used to do various -# things (change nameservers, for -# example. +# Scripts can be used to do various things (change nameservers, for example). script-security 2 up scripts/announce down scripts/silence