Vpn (#25)

* keep the xscenet url

* leave the amazon vpn called xscenet, and the service that connectes to it

* extra tab character

* the vars/default_vars.yml takes precedence over roles/openvpn/defaults/main.yml

roles/openvpn/defaults/main.yml

@@ -1,4 +1,4 @@
-vpn_presence: iiabnet.net
+vpn_presence: xscenet.net
 openvpn_server_virtual_ip: 10.8.0.1
 openvpn_server_port: 1194
 openvpn_install: True

roles/openvpn/tasks/main.yml

@@ -40,7 +40,7 @@
     - { src: 'announce', dest: '/etc/openvpn/scripts/announce', owner: "root" , mode: '0755' }
     - { src: 'announcer', dest: '/etc/openvpn/scripts/announcer', owner: "root" , mode: '0755' }
     - { src: 'silence', dest: '/etc/openvpn/scripts/silence', owner: "root" , mode: '0755' }
-    - { src: 'iiabnet.conf', dest: '/etc/openvpn/iiabnet.conf', owner: "root" , mode: '0644' }
+    - { src: 'xscenet.conf', dest: '/etc/openvpn/xscenet.conf', owner: "root" , mode: '0644' }
     - { src: 'iiab-vpn.conf.in', dest: '/etc/openvpn/iiab-vpn.conf.in', owner: "root" , mode: '0644' }
     - { src: 'xs-vpn', dest: '/usr/bin/xs-vpn', owner: "root" , mode: '0755' }
     - { src: 'xs-handle', dest: '/usr/bin/xs-handle', owner: "root" , mode: '0755' }
@@ -61,7 +61,7 @@
 
 # note that ansible does not currently handle @ in a service name
 - name:  enable the openvpn tunnel at boot time
-  shell: systemctl enable openvpn@iiabnet.service
+  shell: systemctl enable openvpn@xscenet.service
   when:  openvpn_enabled and not stat.exists is defined and is_debuntu
 
 - name:  enable the openvpn tunnel at boot time for Debian
@@ -69,12 +69,12 @@
   when:  openvpn_enabled and not stat.exists is defined and is_debuntu
 
 - name:  start the openvpn tunnel now
-  shell: systemctl start openvpn@iiabnet.service
+  shell: systemctl start openvpn@xscenet.service
   when:  openvpn_enabled and not stat.exists is defined and not installing
 
 - name: make openvpn connection automatic
   lineinfile: dest=/etc/crontab
-            line="25 *  *  *  * root (/usr/bin/systemctl start openvpn@iiabnet.service) > /dev/null"
+            line="25 *  *  *  * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null"
   when:
             openvpn_enabled and openvpn_cron_enabled and not stat.exists is defined
 
@@ -87,7 +87,7 @@
 
 
 - name:    stop starting the openvpn tunnel at boot time
-  shell:   systemctl disable openvpn@iiabnet.service
+  shell:   systemctl disable openvpn@xscenet.service
   when:    not openvpn_enabled and not is_debuntu
 
 - name:    stop starting the openvpn tunnel at boot time for Debian
@@ -95,7 +95,7 @@
   when:    not openvpn_enabled and is_debuntu
 
 - name:    stop  openvpn tunnel immediately
-  shell:   systemctl stop openvpn@iiabnet.service
+  shell:   systemctl stop openvpn@xscenet.service
   ignore_errors: True
   when:    not openvpn_enabled and not installing
 

roles/openvpn/templates/15-openvpn

@@ -13,7 +13,7 @@ if [ "$2" = "up" ]; then
     sleep 2
     /sbin/ip route list dev "$1" | grep -q '^default' &&
     # restart the services
-    systemctl -q is-enabled openvpn@iiabnet.service && /usr/lib/iiab/up-wan
+    systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up-wan
 fi
 
 # we added this to prevent logs from filling with openvpn errors
@@ -22,7 +22,7 @@ fi
 #    sleep 2
 #    /sbin/ip route list dev "$1" | grep -q '^default' ||
     # stop the services
-#    systemctl -q is-enabled openvpn@iiabnet.service && systemctl stop openvpn@iiabnet.service
+#    systemctl -q is-enabled openvpn@xscenet.service && systemctl stop openvpn@xscenet.service
 #fi
 
 exit 0

roles/openvpn/templates/iiabnet.conf

@@ -1,37 +0,0 @@
-#########################################
-# Sample client-side OpenVPN config file
-# for connecting to multi-client server.
-#
-# Adapted from http://openvpn.sourceforge.net/20notes.html
-#
-# The server can be pinged at {{ openvpn_server_virtual_ip }}
-#
-
-port {{ openvpn_server_port }}
-dev tun
-remote iiabnet.net
-
-# TLS parms
-
-tls-client
-ca keys/ca.crt
-cert keys/client1.crt
-key keys/client1.key
-
-# This parm is required for connecting
-# to a multi-client server.  It tells
-# the client to accept options which
-# the server pushes to us.
-pull
-
-# Scripts can be used to do various
-# things (change nameservers, for
-# example.
-script-security 2
-up scripts/announce
-down scripts/silence
-log /var/log/openvpn.log
-
-verb 3
-comp-lzo yes
-keepalive 5 30

roles/openvpn/templates/start.j2

@@ -22,6 +22,6 @@ if [ "$enabled" = 'True' ]; then
 		killall openvpn
 		sleep 10
 		#echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
-                systemctl start openvpn@iiabnet
+                systemctl start openvpn@xscenet
 	fi
 fi

roles/openvpn/templates/up_wan

@@ -4,6 +4,6 @@ systemctl is-enabled openvpn
 if [ $? -eq 0 ]; then
    pgrep openvpn
    if [ $? -ne 0 ]; then
-      systemctl start openvpn@iiabnet
+      systemctl start openvpn@xscenet
    fi
 fi

roles/openvpn/templates/xs-handle

@@ -10,4 +10,4 @@ if [ "$ans" == "" ]; then
 else
   echo $ans > /etc/iiab/handle 
 fi
-{{ systemctl_program }} restart openvpn@iiabnet
+{{ systemctl_program }} restart openvpn@xscenet

roles/openvpn/templates/xscenet.conf

@@ -9,7 +9,7 @@
 
 port {{ openvpn_server_port }}
 dev tun
-remote xscenet.net
+remote {{ vpn_presence }}
 
 # TLS parms
 

vars/default_vars.yml

@@ -131,7 +131,7 @@ iiab_home_url: /home
 sshd_enabled: True
 
 # openvpn
-vpn_presence: unleashkids.org
+vpn_presence: xscenet.net
 openvpn_server_port: 1194
 openvpn_cron_enabled: False
 openvpn_install: True