1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
* keep the xscenet url

* leave the amazon vpn called xscenet, and the service that connectes to it

* extra tab character

* the vars/default_vars.yml takes precedence over roles/openvpn/defaults/main.yml
This commit is contained in:
georgejhunt 2017-06-12 11:05:39 -07:00 committed by GitHub
parent c1c1cac01c
commit a4fb89ba35
9 changed files with 14 additions and 51 deletions

View file

@ -1,4 +1,4 @@
vpn_presence: iiabnet.net vpn_presence: xscenet.net
openvpn_server_virtual_ip: 10.8.0.1 openvpn_server_virtual_ip: 10.8.0.1
openvpn_server_port: 1194 openvpn_server_port: 1194
openvpn_install: True openvpn_install: True

View file

@ -40,7 +40,7 @@
- { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' } - { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' }
- { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' } - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' }
- { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' } - { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' }
- { src: 'iiabnet.conf', dest: '/etc/openvpn/iiabnet.conf', owner: "root" , mode: '0644' } - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root" , mode: '0644' }
- { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' } - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' }
- { src: 'xs-vpn', dest: '/usr/bin/xs-vpn', owner: "root" , mode: '0755' } - { src: 'xs-vpn', dest: '/usr/bin/xs-vpn', owner: "root" , mode: '0755' }
- { src: 'xs-handle', dest: '/usr/bin/xs-handle', owner: "root" , mode: '0755' } - { src: 'xs-handle', dest: '/usr/bin/xs-handle', owner: "root" , mode: '0755' }
@ -61,7 +61,7 @@
# note that ansible does not currently handle @ in a service name # note that ansible does not currently handle @ in a service name
- name: enable the openvpn tunnel at boot time - name: enable the openvpn tunnel at boot time
shell: systemctl enable openvpn@iiabnet.service shell: systemctl enable openvpn@xscenet.service
when: openvpn_enabled and not stat.exists is defined and is_debuntu when: openvpn_enabled and not stat.exists is defined and is_debuntu
- name: enable the openvpn tunnel at boot time for Debian - name: enable the openvpn tunnel at boot time for Debian
@ -69,12 +69,12 @@
when: openvpn_enabled and not stat.exists is defined and is_debuntu when: openvpn_enabled and not stat.exists is defined and is_debuntu
- name: start the openvpn tunnel now - name: start the openvpn tunnel now
shell: systemctl start openvpn@iiabnet.service shell: systemctl start openvpn@xscenet.service
when: openvpn_enabled and not stat.exists is defined and not installing when: openvpn_enabled and not stat.exists is defined and not installing
- name: make openvpn connection automatic - name: make openvpn connection automatic
lineinfile: dest=/etc/crontab lineinfile: dest=/etc/crontab
line="25 * * * * root (/usr/bin/systemctl start openvpn@iiabnet.service) > /dev/null" line="25 * * * * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null"
when: when:
openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined
@ -87,7 +87,7 @@
- name: stop starting the openvpn tunnel at boot time - name: stop starting the openvpn tunnel at boot time
shell: systemctl disable openvpn@iiabnet.service shell: systemctl disable openvpn@xscenet.service
when: not openvpn_enabled and not is_debuntu when: not openvpn_enabled and not is_debuntu
- name: stop starting the openvpn tunnel at boot time for Debian - name: stop starting the openvpn tunnel at boot time for Debian
@ -95,7 +95,7 @@
when: not openvpn_enabled and is_debuntu when: not openvpn_enabled and is_debuntu
- name: stop openvpn tunnel immediately - name: stop openvpn tunnel immediately
shell: systemctl stop openvpn@iiabnet.service shell: systemctl stop openvpn@xscenet.service
ignore_errors: True ignore_errors: True
when: not openvpn_enabled and not installing when: not openvpn_enabled and not installing

View file

@ -13,7 +13,7 @@ if [ "$2" = "up" ]; then
sleep 2 sleep 2
/sbin/ip route list dev "$1" | grep -q '^default' && /sbin/ip route list dev "$1" | grep -q '^default' &&
# restart the services # restart the services
systemctl -q is-enabled openvpn@iiabnet.service && /usr/lib/iiab/up-wan systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up-wan
fi fi
# we added this to prevent logs from filling with openvpn errors # we added this to prevent logs from filling with openvpn errors
@ -22,7 +22,7 @@ fi
# sleep 2 # sleep 2
# /sbin/ip route list dev "$1" | grep -q '^default' || # /sbin/ip route list dev "$1" | grep -q '^default' ||
# stop the services # stop the services
# systemctl -q is-enabled openvpn@iiabnet.service && systemctl stop openvpn@iiabnet.service # systemctl -q is-enabled openvpn@xscenet.service && systemctl stop openvpn@xscenet.service
#fi #fi
exit 0 exit 0

View file

@ -1,37 +0,0 @@
#########################################
# Sample client-side OpenVPN config file
# for connecting to multi-client server.
#
# Adapted from http://openvpn.sourceforge.net/20notes.html
#
# The server can be pinged at {{ openvpn_server_virtual_ip }}
#
port {{ openvpn_server_port }}
dev tun
remote iiabnet.net
# TLS parms
tls-client
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
# This parm is required for connecting
# to a multi-client server. It tells
# the client to accept options which
# the server pushes to us.
pull
# Scripts can be used to do various
# things (change nameservers, for
# example.
script-security 2
up scripts/announce
down scripts/silence
log /var/log/openvpn.log
verb 3
comp-lzo yes
keepalive 5 30

View file

@ -22,6 +22,6 @@ if [ "$enabled" = 'True' ]; then
killall openvpn killall openvpn
sleep 10 sleep 10
#echo "Starting openvpn and waiting 10 seconds for daemon to become ready" #echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
systemctl start openvpn@iiabnet systemctl start openvpn@xscenet
fi fi
fi fi

View file

@ -4,6 +4,6 @@ systemctl is-enabled openvpn
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
pgrep openvpn pgrep openvpn
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
systemctl start openvpn@iiabnet systemctl start openvpn@xscenet
fi fi
fi fi

View file

@ -10,4 +10,4 @@ if [ "$ans" == "" ]; then
else else
echo $ans > /etc/iiab/handle echo $ans > /etc/iiab/handle
fi fi
{{ systemctl_program }} restart openvpn@iiabnet {{ systemctl_program }} restart openvpn@xscenet

View file

@ -9,7 +9,7 @@
port {{ openvpn_server_port }} port {{ openvpn_server_port }}
dev tun dev tun
remote xscenet.net remote {{ vpn_presence }}
# TLS parms # TLS parms

View file

@ -131,7 +131,7 @@ iiab_home_url: /home
sshd_enabled: True sshd_enabled: True
# openvpn # openvpn
vpn_presence: unleashkids.org vpn_presence: xscenet.net
openvpn_server_port: 1194 openvpn_server_port: 1194
openvpn_cron_enabled: False openvpn_cron_enabled: False
openvpn_install: True openvpn_install: True