mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Vpn (#25)
* keep the xscenet url * leave the amazon vpn called xscenet, and the service that connectes to it * extra tab character * the vars/default_vars.yml takes precedence over roles/openvpn/defaults/main.yml
This commit is contained in:
parent
c1c1cac01c
commit
a4fb89ba35
9 changed files with 14 additions and 51 deletions
|
@ -1,4 +1,4 @@
|
||||||
vpn_presence: iiabnet.net
|
vpn_presence: xscenet.net
|
||||||
openvpn_server_virtual_ip: 10.8.0.1
|
openvpn_server_virtual_ip: 10.8.0.1
|
||||||
openvpn_server_port: 1194
|
openvpn_server_port: 1194
|
||||||
openvpn_install: True
|
openvpn_install: True
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
- { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' }
|
- { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' }
|
||||||
- { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' }
|
- { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' }
|
||||||
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' }
|
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' }
|
||||||
- { src: 'iiabnet.conf', dest: '/etc/openvpn/iiabnet.conf', owner: "root" , mode: '0644' }
|
- { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root" , mode: '0644' }
|
||||||
- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' }
|
- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' }
|
||||||
- { src: 'xs-vpn', dest: '/usr/bin/xs-vpn', owner: "root" , mode: '0755' }
|
- { src: 'xs-vpn', dest: '/usr/bin/xs-vpn', owner: "root" , mode: '0755' }
|
||||||
- { src: 'xs-handle', dest: '/usr/bin/xs-handle', owner: "root" , mode: '0755' }
|
- { src: 'xs-handle', dest: '/usr/bin/xs-handle', owner: "root" , mode: '0755' }
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
|
|
||||||
# note that ansible does not currently handle @ in a service name
|
# note that ansible does not currently handle @ in a service name
|
||||||
- name: enable the openvpn tunnel at boot time
|
- name: enable the openvpn tunnel at boot time
|
||||||
shell: systemctl enable openvpn@iiabnet.service
|
shell: systemctl enable openvpn@xscenet.service
|
||||||
when: openvpn_enabled and not stat.exists is defined and is_debuntu
|
when: openvpn_enabled and not stat.exists is defined and is_debuntu
|
||||||
|
|
||||||
- name: enable the openvpn tunnel at boot time for Debian
|
- name: enable the openvpn tunnel at boot time for Debian
|
||||||
|
@ -69,12 +69,12 @@
|
||||||
when: openvpn_enabled and not stat.exists is defined and is_debuntu
|
when: openvpn_enabled and not stat.exists is defined and is_debuntu
|
||||||
|
|
||||||
- name: start the openvpn tunnel now
|
- name: start the openvpn tunnel now
|
||||||
shell: systemctl start openvpn@iiabnet.service
|
shell: systemctl start openvpn@xscenet.service
|
||||||
when: openvpn_enabled and not stat.exists is defined and not installing
|
when: openvpn_enabled and not stat.exists is defined and not installing
|
||||||
|
|
||||||
- name: make openvpn connection automatic
|
- name: make openvpn connection automatic
|
||||||
lineinfile: dest=/etc/crontab
|
lineinfile: dest=/etc/crontab
|
||||||
line="25 * * * * root (/usr/bin/systemctl start openvpn@iiabnet.service) > /dev/null"
|
line="25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null"
|
||||||
when:
|
when:
|
||||||
openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined
|
openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined
|
||||||
|
|
||||||
|
@ -87,7 +87,7 @@
|
||||||
|
|
||||||
|
|
||||||
- name: stop starting the openvpn tunnel at boot time
|
- name: stop starting the openvpn tunnel at boot time
|
||||||
shell: systemctl disable openvpn@iiabnet.service
|
shell: systemctl disable openvpn@xscenet.service
|
||||||
when: not openvpn_enabled and not is_debuntu
|
when: not openvpn_enabled and not is_debuntu
|
||||||
|
|
||||||
- name: stop starting the openvpn tunnel at boot time for Debian
|
- name: stop starting the openvpn tunnel at boot time for Debian
|
||||||
|
@ -95,7 +95,7 @@
|
||||||
when: not openvpn_enabled and is_debuntu
|
when: not openvpn_enabled and is_debuntu
|
||||||
|
|
||||||
- name: stop openvpn tunnel immediately
|
- name: stop openvpn tunnel immediately
|
||||||
shell: systemctl stop openvpn@iiabnet.service
|
shell: systemctl stop openvpn@xscenet.service
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
when: not openvpn_enabled and not installing
|
when: not openvpn_enabled and not installing
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ if [ "$2" = "up" ]; then
|
||||||
sleep 2
|
sleep 2
|
||||||
/sbin/ip route list dev "$1" | grep -q '^default' &&
|
/sbin/ip route list dev "$1" | grep -q '^default' &&
|
||||||
# restart the services
|
# restart the services
|
||||||
systemctl -q is-enabled openvpn@iiabnet.service && /usr/lib/iiab/up-wan
|
systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up-wan
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# we added this to prevent logs from filling with openvpn errors
|
# we added this to prevent logs from filling with openvpn errors
|
||||||
|
@ -22,7 +22,7 @@ fi
|
||||||
# sleep 2
|
# sleep 2
|
||||||
# /sbin/ip route list dev "$1" | grep -q '^default' ||
|
# /sbin/ip route list dev "$1" | grep -q '^default' ||
|
||||||
# stop the services
|
# stop the services
|
||||||
# systemctl -q is-enabled openvpn@iiabnet.service && systemctl stop openvpn@iiabnet.service
|
# systemctl -q is-enabled openvpn@xscenet.service && systemctl stop openvpn@xscenet.service
|
||||||
#fi
|
#fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -1,37 +0,0 @@
|
||||||
#########################################
|
|
||||||
# Sample client-side OpenVPN config file
|
|
||||||
# for connecting to multi-client server.
|
|
||||||
#
|
|
||||||
# Adapted from http://openvpn.sourceforge.net/20notes.html
|
|
||||||
#
|
|
||||||
# The server can be pinged at {{ openvpn_server_virtual_ip }}
|
|
||||||
#
|
|
||||||
|
|
||||||
port {{ openvpn_server_port }}
|
|
||||||
dev tun
|
|
||||||
remote iiabnet.net
|
|
||||||
|
|
||||||
# TLS parms
|
|
||||||
|
|
||||||
tls-client
|
|
||||||
ca keys/ca.crt
|
|
||||||
cert keys/client1.crt
|
|
||||||
key keys/client1.key
|
|
||||||
|
|
||||||
# This parm is required for connecting
|
|
||||||
# to a multi-client server. It tells
|
|
||||||
# the client to accept options which
|
|
||||||
# the server pushes to us.
|
|
||||||
pull
|
|
||||||
|
|
||||||
# Scripts can be used to do various
|
|
||||||
# things (change nameservers, for
|
|
||||||
# example.
|
|
||||||
script-security 2
|
|
||||||
up scripts/announce
|
|
||||||
down scripts/silence
|
|
||||||
log /var/log/openvpn.log
|
|
||||||
|
|
||||||
verb 3
|
|
||||||
comp-lzo yes
|
|
||||||
keepalive 5 30
|
|
|
@ -22,6 +22,6 @@ if [ "$enabled" = 'True' ]; then
|
||||||
killall openvpn
|
killall openvpn
|
||||||
sleep 10
|
sleep 10
|
||||||
#echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
|
#echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
|
||||||
systemctl start openvpn@iiabnet
|
systemctl start openvpn@xscenet
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -4,6 +4,6 @@ systemctl is-enabled openvpn
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
pgrep openvpn
|
pgrep openvpn
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
systemctl start openvpn@iiabnet
|
systemctl start openvpn@xscenet
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -10,4 +10,4 @@ if [ "$ans" == "" ]; then
|
||||||
else
|
else
|
||||||
echo $ans > /etc/iiab/handle
|
echo $ans > /etc/iiab/handle
|
||||||
fi
|
fi
|
||||||
{{ systemctl_program }} restart openvpn@iiabnet
|
{{ systemctl_program }} restart openvpn@xscenet
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
port {{ openvpn_server_port }}
|
port {{ openvpn_server_port }}
|
||||||
dev tun
|
dev tun
|
||||||
remote xscenet.net
|
remote {{ vpn_presence }}
|
||||||
|
|
||||||
# TLS parms
|
# TLS parms
|
||||||
|
|
||||||
|
|
|
@ -131,7 +131,7 @@ iiab_home_url: /home
|
||||||
sshd_enabled: True
|
sshd_enabled: True
|
||||||
|
|
||||||
# openvpn
|
# openvpn
|
||||||
vpn_presence: unleashkids.org
|
vpn_presence: xscenet.net
|
||||||
openvpn_server_port: 1194
|
openvpn_server_port: 1194
|
||||||
openvpn_cron_enabled: False
|
openvpn_cron_enabled: False
|
||||||
openvpn_install: True
|
openvpn_install: True
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue