From c74857a2ddac91062dadbb58726d4ceee1be9ddc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:19:30 -0400 Subject: [PATCH 1/6] Update xscenet.conf.j2 --- roles/openvpn/templates/xscenet.conf.j2 | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/roles/openvpn/templates/xscenet.conf.j2 b/roles/openvpn/templates/xscenet.conf.j2 index cf83779de..1dc3779f1 100644 --- a/roles/openvpn/templates/xscenet.conf.j2 +++ b/roles/openvpn/templates/xscenet.conf.j2 @@ -1,32 +1,24 @@ -######################################### -# Sample client-side OpenVPN config file -# for connecting to multi-client server. +# Sample client-side OpenVPN config file for connecting to multi-client server. # # Adapted from http://openvpn.sourceforge.net/20notes.html # # The server can be pinged at {{ openvpn_server_virtual_ip }} -# port {{ openvpn_server_port }} dev tun remote {{ openvpn_server }} -# TLS parms - +# TLS parameters tls-client ca keys/ca.crt cert keys/client1.crt key keys/client1.key -# This parm is required for connecting -# to a multi-client server. It tells -# the client to accept options which -# the server pushes to us. +# This parameter is required for connecting to a multi-client server. +# It tells the client to accept options which the server pushes to us. pull -# Scripts can be used to do various -# things (change nameservers, for -# example. +# Scripts can be used to do various things (change nameservers, for example). script-security 2 up scripts/announce down scripts/silence From cd6fbfcbb7c00f147ac4b30d320517044b8b9da0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:25:22 -0400 Subject: [PATCH 2/6] Update main.yml --- roles/openvpn/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 31f9d9c8f..2df0b8f8f 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -70,8 +70,8 @@ # backup: yes # when: openvpn_handle is defined -# Comment out in future? up_wan was being installed twice (also above) and -# was unused for ~2 years as of August 2018: (see 15-openvpn below) +# up_wan was being installed twice (also above) and was unused for ~2 years +# as of August 2018: (see 15-openvpn below) #- name: Put up_wan in place (debuntu) # template: # src: up_wan @@ -174,7 +174,7 @@ value: "OpenVPN is a means of connecting to other machines anywhere on the internet, via a middleman server, using Virtual Private Network techniques to create secure connections." - option: enabled value: "{{ openvpn_enabled }}" -# Uncommented as openvpn_handle variable is now mandatory: (if set to "", /etc/iiab/uuid will be used instead) +# openvpn_handle variable is mandatory as of August 2018 (if set to "", /etc/iiab/uuid will be used instead) - option: handle value: "{{ openvpn_handle }}" - option: cron_enabled From 50f98aa9a7621f25f1b8cec4eb0edb449dc7f3f3 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:30:28 -0400 Subject: [PATCH 3/6] Update 15-openvpn --- roles/openvpn/templates/15-openvpn | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn index 77e11591b..5b3f7a3c4 100755 --- a/roles/openvpn/templates/15-openvpn +++ b/roles/openvpn/templates/15-openvpn @@ -1,4 +1,5 @@ #!/bin/bash +# Not really used as of August 2018, but perhaps can be revived for CentOS etc export LC_ALL=C From 9621cf6c4e02a5fd73d9fc88bfd2355106c76699 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:30:36 -0400 Subject: [PATCH 4/6] Update up_wan --- roles/openvpn/templates/up_wan | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan index bf344146e..ed85d9b47 100755 --- a/roles/openvpn/templates/up_wan +++ b/roles/openvpn/templates/up_wan @@ -1,5 +1,8 @@ #!/bin/bash -# if the wan has recently come up, see if we need to start openvpn +# Not really used as of August 2018, but perhaps can be revived for CentOS etc + +# If the wan has recently come up, see if we need to start openvpn + systemctl is-enabled openvpn if [ $? -eq 0 ]; then pgrep openvpn From d83eb88567181956e86abddf00f257a0a6d55bf8 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:32:56 -0400 Subject: [PATCH 5/6] Update main.yml --- roles/openvpn/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 2df0b8f8f..b3b89cf34 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -79,8 +79,8 @@ # when: is_debuntu # Comment out in future? Contained serious bug (15-openvpn called -# up-wan instead of up_wan in /usr/lib/iiab/) so evidently unused -# for ~2 years, as of Aug 2018: +# up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so +# evidently unused for ~2 years: - name: Put dispatcher up for NM (not debuntu) template: src: 15-openvpn From dead709ccf826027f5b416f41d89018fae241900 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 15 Aug 2018 21:41:24 -0400 Subject: [PATCH 6/6] Update announce --- roles/openvpn/templates/announce | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/openvpn/templates/announce b/roles/openvpn/templates/announce index c09e865ab..6325ff80d 100755 --- a/roles/openvpn/templates/announce +++ b/roles/openvpn/templates/announce @@ -1,4 +1,5 @@ #!/bin/bash -# disconnect our worker from everything +# Disconnect our worker from everything + DIR=$(dirname $0) nohup $DIR/announcer 0<&- &>/dev/null &