From 645954fff5695a4143068406f009503be04a2833 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:26:30 -0400
Subject: [PATCH 01/22] Update iiab-remote-off

---
 roles/openvpn/templates/iiab-remote-off | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index a5e1b46d3..991c50f01 100644
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -7,8 +7,8 @@ if [ $? -ne 0 ]; then
     echo Cannot find the OpenVPN program (openvpn).
     exit 1
 fi
-systemctl disable openvpn@xscenet.service
-systemctl stop openvpn@xscenet.service
+systemctl disable openvpn
+systemctl stop openvpn
 
 sleep 5
 ps -e|grep vpn

From c0405e1a2812868d7923d68b01e7c0dee44c0afa Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:26:58 -0400
Subject: [PATCH 02/22] Update iiab-remote-on.j2

---
 roles/openvpn/templates/iiab-remote-on.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2
index 45c48f228..6f6c8104a 100644
--- a/roles/openvpn/templates/iiab-remote-on.j2
+++ b/roles/openvpn/templates/iiab-remote-on.j2
@@ -7,8 +7,8 @@ if [ $? -ne 0 ]; then
     echo Cannot find the OpenVPN program (openvpn).
     exit 1
 fi
-systemctl enable openvpn@xscenet.service
-systemctl start openvpn@xscenet.service
+systemctl enable openvpn
+systemctl start openvpn
 
 sleep 5
 ping -c 2 {{ openvpn_server_virtual_ip }}    # 10.8.0.1

From 877f54d0615c79145fb87351a1dd8aa812b6062d Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:29:19 -0400
Subject: [PATCH 03/22] Update announcer.j2

---
 roles/openvpn/templates/announcer.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2
index 1e9dda958..87721321c 100755
--- a/roles/openvpn/templates/announcer.j2
+++ b/roles/openvpn/templates/announcer.j2
@@ -13,8 +13,8 @@ if [ -f /etc/iiab/openvpn_handle ]; then
 # /etc/iiab/openvpn_handle "obligatory" (EMPTY STRING "" IS TOLERATED, IN WHICH
 # CASE OPENVPN SERVER TRIES TO USE /etc/iiab/uuid BELOW, IN LIEU OF HANDLE...)
 
-# CLARIF: "systemctl restart openvpn@xscenet" still runs even if the above is
-# defied.  e.g. if an implementer deletes /etc/iiab/openvpn_handle by accident.
+# CLARIF: "systemctl restart openvpn" still runs even if the above is defied.
+# e.g. if an implementer deletes /etc/iiab/openvpn_handle by accident.
 
 #else
 #    # Option #3: Dangerous to invoke hypothetical variables :(

From 82e26e6a4f14849a1a5b9e6582ca707864fb2b1d Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:34:31 -0400
Subject: [PATCH 04/22] Update iiab-handle.j2

---
 roles/openvpn/templates/iiab-handle.j2 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/iiab-handle.j2 b/roles/openvpn/templates/iiab-handle.j2
index f9d8edcac..7eb842b45 100755
--- a/roles/openvpn/templates/iiab-handle.j2
+++ b/roles/openvpn/templates/iiab-handle.j2
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server
+# DEPRECATED interactive script (over)writes /etc/iiab/openvpn_handle file, identifying client to server
 
 echo -e '\nCORRECT METHOD: CHANGE VARIABLE openvpn_handle IN /etc/iiab/local_vars.yml'
 echo -e 'THEN RUN "cd /opt/iiab/iiab" THEN "./runrole openvpn"\n'
@@ -16,3 +16,5 @@ else
     echo $ans > /etc/iiab/openvpn_handle
 fi
 {{ systemctl_program }} restart openvpn@xscenet
+# This would also work: (but would bounce all VPN connections, if others exist, causing unnec disruption if so)
+#{{ systemctl_program }} restart openvpn

From ef507172e3f687613e9afa8b66a88f0add3dbae1 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:48:54 -0400
Subject: [PATCH 05/22] Update 15-openvpn

---
 roles/openvpn/templates/15-openvpn | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn
index 5b3f7a3c4..293e53e49 100755
--- a/roles/openvpn/templates/15-openvpn
+++ b/roles/openvpn/templates/15-openvpn
@@ -1,5 +1,6 @@
 #!/bin/bash
-# Not really used as of August 2018, but perhaps can be revived for CentOS etc
+# Not used as of August 2018: parent service "openvpn" reliably auto-starts child servive "openpn@xscenet" on OS's in common use
+# But could be revived for older CentOS etc?
 
 export LC_ALL=C
 
@@ -15,6 +16,10 @@ if [ "$2" = "up" ]; then
     /sbin/ip route list dev "$1" | grep -q '^default' &&
     # restart the services
     systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up_wan
+    # CONSIDER THIS INSTEAD:
+    # systemctl is-enabled openvpn && pgrep openvpn && systemctl start openvpn@xscenet
+    # OR EQUIVALENTLY:
+    # systemctl is-enabled openvpn && systemctl is-active openvpn && systemctl start openvpn@xscenet
 fi
 
 # we added this to prevent logs from filling with openvpn errors

From 4a3f3dc1e0ec3d2c4fe69d654f7cf2112005331c Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:49:18 -0400
Subject: [PATCH 06/22] Update up_wan

---
 roles/openvpn/templates/up_wan | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan
index ed85d9b47..b2ac1342e 100755
--- a/roles/openvpn/templates/up_wan
+++ b/roles/openvpn/templates/up_wan
@@ -1,5 +1,6 @@
 #!/bin/bash
-# Not really used as of August 2018, but perhaps can be revived for CentOS etc
+# Not used as of August 2018: parent service "openvpn" reliably auto-starts child servive "openpn@xscenet" on OS's in common use
+# But could be revived for older CentOS etc?
 
 # If the wan has recently come up, see if we need to start openvpn
 

From c1f7a4d035c45988df22d62591301777ce9cbd88 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:53:38 -0400
Subject: [PATCH 07/22] Update announcer.j2

---
 roles/openvpn/templates/announcer.j2 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/announcer.j2 b/roles/openvpn/templates/announcer.j2
index 87721321c..f453abf24 100755
--- a/roles/openvpn/templates/announcer.j2
+++ b/roles/openvpn/templates/announcer.j2
@@ -13,8 +13,9 @@ if [ -f /etc/iiab/openvpn_handle ]; then
 # /etc/iiab/openvpn_handle "obligatory" (EMPTY STRING "" IS TOLERATED, IN WHICH
 # CASE OPENVPN SERVER TRIES TO USE /etc/iiab/uuid BELOW, IN LIEU OF HANDLE...)
 
-# CLARIF: "systemctl restart openvpn" still runs even if the above is defied.
-# e.g. if an implementer deletes /etc/iiab/openvpn_handle by accident.
+# CLARIF: "systemctl restart openvpn" still works tolerably even if the above
+# is defied, auto-starting child service openvpn@xscenet per usual
+# (e.g. if /etc/iiab/openvpn_handle is deleted by accident!)
 
 #else
 #    # Option #3: Dangerous to invoke hypothetical variables :(

From d6d4f40d6425172c4b54524346b4b16531a13ddf Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:54:29 -0400
Subject: [PATCH 08/22] Update 15-openvpn

---
 roles/openvpn/templates/15-openvpn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn
index 293e53e49..8aea2a7de 100755
--- a/roles/openvpn/templates/15-openvpn
+++ b/roles/openvpn/templates/15-openvpn
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Not used as of August 2018: parent service "openvpn" reliably auto-starts child servive "openpn@xscenet" on OS's in common use
+# Not used as of August 2018: parent service "openvpn" reliably auto-starts child service "openpn@xscenet" on OS's in common use
 # But could be revived for older CentOS etc?
 
 export LC_ALL=C

From b0ba96f259637b71a0faf3baa931b4777c999952 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 11:54:43 -0400
Subject: [PATCH 09/22] Update up_wan

---
 roles/openvpn/templates/up_wan | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan
index b2ac1342e..dec5a2080 100755
--- a/roles/openvpn/templates/up_wan
+++ b/roles/openvpn/templates/up_wan
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Not used as of August 2018: parent service "openvpn" reliably auto-starts child servive "openpn@xscenet" on OS's in common use
+# Not used as of August 2018: parent service "openvpn" reliably auto-starts child service "openpn@xscenet" on OS's in common use
 # But could be revived for older CentOS etc?
 
 # If the wan has recently come up, see if we need to start openvpn

From 21e1acf5764132a0eb952837d73aafdd6ab1c206 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 12:07:30 -0400
Subject: [PATCH 10/22] Update 15-openvpn

---
 roles/openvpn/templates/15-openvpn | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/openvpn/templates/15-openvpn b/roles/openvpn/templates/15-openvpn
index 8aea2a7de..acab433df 100755
--- a/roles/openvpn/templates/15-openvpn
+++ b/roles/openvpn/templates/15-openvpn
@@ -15,9 +15,9 @@ if [ "$2" = "up" ]; then
     sleep 2
     /sbin/ip route list dev "$1" | grep -q '^default' &&
     # restart the services
-    systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up_wan
-    # CONSIDER THIS INSTEAD:
-    # systemctl is-enabled openvpn && pgrep openvpn && systemctl start openvpn@xscenet
+    #systemctl -q is-enabled openvpn@xscenet.service && /usr/lib/iiab/up_wan
+    # EQUIVALENTLY:
+    systemctl is-enabled openvpn && pgrep openvpn && systemctl start openvpn@xscenet
     # OR EQUIVALENTLY:
     # systemctl is-enabled openvpn && systemctl is-active openvpn && systemctl start openvpn@xscenet
 fi

From 924203fbad378464f1e9b6c7f650e655ff9594d3 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 12:07:50 -0400
Subject: [PATCH 11/22] Rename up_wan to up_wan.deprecated

---
 roles/openvpn/templates/{up_wan => up_wan.deprecated} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename roles/openvpn/templates/{up_wan => up_wan.deprecated} (100%)

diff --git a/roles/openvpn/templates/up_wan b/roles/openvpn/templates/up_wan.deprecated
similarity index 100%
rename from roles/openvpn/templates/up_wan
rename to roles/openvpn/templates/up_wan.deprecated

From 35b104554ee93e7e6350aa54c0ea0dbef93b0abe Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 12:16:02 -0400
Subject: [PATCH 12/22] Update main.yml

---
 roles/openvpn/tasks/main.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 870cea9b9..3fe9b5945 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -54,7 +54,8 @@
   with_items:
     - /etc/openvpn/keys
     - /etc/openvpn/scripts
-    - /usr/lib/iiab    # For executable up_wan.  Comment out in future?  Might still be relevant for CentOS but unused for ~2 years as of August 2018.
+    # Obsolete & unused for ~2 years as of August 2018:
+    #- /usr/lib/iiab
 
 - name: Configure OpenVPN (BACKS UP FILES IF CHANGED)
   template:
@@ -77,8 +78,8 @@
     - { src: 'openvpn_handle.j2', dest: '/etc/iiab/openvpn_handle', mode: '0644' }
     # Comment out in future?  Not recommended as of August 2018:
     - { src: 'iiab-handle.j2', dest: '/usr/bin/iiab-handle', mode: '0755' }
-    # Comment out in future?  Might still be relevant for CentOS but unused for ~2 years as of August 2018:
-    - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' }
+    # Obsolete & unused for ~2 years as of August 2018:
+    # - { src: 'up_wan', dest: '/usr/lib/iiab/up_wan', mode: '0755' }
     # Obsolete & unused for ~2 years as of August 2018:
     #- { src: 'start.j2', dest: '/usr/lib/iiab/start', mode: '0755' }
     # Obsolete & unused for ~2 years as of August 2018:
@@ -97,11 +98,12 @@
 # Comment out in future?  Contained serious bug (15-openvpn called
 # up-wan instead of up_wan in /usr/lib/iiab/ as of August 2018) so
 # evidently unused for ~2 years:
-- name: Put dispatcher up for NM (not debuntu)
+- name: Install NM dispatcher.d (for older OS's only, where OpenVPN doesn't auto-start openvpn@xscenet)
   template:
     src: 15-openvpn
     dest: /etc/NetworkManager/dispatcher.d/
-  when: not is_debuntu    # SHOULD THIS CONDITION ACT ON THE PRESENCE OF NETWORKMANAGER?  e.g. some Ubuntu's use NM, others don't.
+  #when: not is_debuntu    # CONDITION APPEARS TOO BROAD
+  when: False              # ADD/ITEMIZE ANY OS'S HERE, WHERE TRULY NEC (e.g. older CentOS, if running older OpenVPN?)
 
 # Was obsolete/unused for ~2 years as of August 2018: (replaced by /etc/openvpn/xscenet.conf)
 #- name: Check for manually configured OpenVPN tunnel
@@ -158,6 +160,7 @@
 - name: Enable hourly cron job for OpenVPN (starts CHILD service openvpn@xscenet, typically for CentOS only?)
   lineinfile:
     path: /etc/crontab
+    # CONSIDER "restart" not just "start" if something stronger is confirmed needed?
     line: "25 *  *  *  * root (/usr/bin/systemctl start openvpn@xscenet.service) > /dev/null"
   when: openvpn_enabled and openvpn_cron_enabled
 

From 7451e5940061638848bafe57396af51e8d6868dd Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 14:48:48 -0400
Subject: [PATCH 13/22] Update main.yml

---
 roles/openvpn/tasks/main.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 3fe9b5945..3000da823 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -87,6 +87,22 @@
     # Obsolete & unused for ~2 years as of August 2018:
     #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' }
 
+# iiab-remote-on is intended to turn on multiple remote support services like
+# OpenVPN and others, for remote support, so they work even after reboot.
+- name: Create iiab-vpn-on (a symbolic link to iiab-remote-on for now)
+  file:
+    src: /usr/bin/iiab-remote-on
+    path: /usr/bin/iiab-vpn-on
+    state: link
+
+# iiab-remote-off is intended to fully turn off multiple remote support
+# services like OpenVPN and others, to reduce the risk of remote attacks.
+- name: Create iiab-vpn-off (a symbolic link to iiab-remote-off for now)
+  file:
+    src: /usr/bin/iiab-remote-off
+    path: /usr/bin/iiab-vpn-off
+    state: link
+
 # up_wan was being installed twice (also above) and was unused for ~2 years
 # as of August 2018: (see 15-openvpn below)
 #- name: Put up_wan in place (debuntu)

From 6e18a5af152c9de55d38f8931f7ca674fd6c1854 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:13:38 -0400
Subject: [PATCH 14/22] longstanding syntax error (bash wouldn't run this on
 Ubuntu 18.04)

---
 roles/openvpn/templates/iiab-remote-on.j2 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2
index 6f6c8104a..f97bf11e7 100644
--- a/roles/openvpn/templates/iiab-remote-on.j2
+++ b/roles/openvpn/templates/iiab-remote-on.j2
@@ -1,12 +1,15 @@
 #!/bin/bash
-# script to turn on openvpn
 
-# do nothing if it is not installed
+# /usr/bin/iiab-remote-on should turn on multiple remote support services like
+# OpenVPN and others, for remote support, so they work even after reboot.
+
+# Do nothing if OpenVPN not installed
 which openvpn
 if [ $? -ne 0 ]; then
-    echo Cannot find the OpenVPN program (openvpn).
+    echo 'Cannot find the OpenVPN program (openvpn).'
     exit 1
 fi
+
 systemctl enable openvpn
 systemctl start openvpn
 

From 96d1eae568a531e12c030f9e7186b6e852946640 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:13:47 -0400
Subject: [PATCH 15/22] longstanding syntax error (bash wouldn't run this on
 Ubuntu 18.04)

---
 roles/openvpn/templates/iiab-remote-off | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index 991c50f01..953c3d878 100644
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -1,17 +1,20 @@
 #!/bin/bash
-# script to turn on openvpn
 
-# do nothing if it is not installed
+# /usr/bin/iiab-remote-off is intended to fully turn off multiple remote
+# support services like OpenVPN and others, to reduce risk of remote attacks.
+
+# Do nothing if OpenVPN not installed
 which openvpn
 if [ $? -ne 0 ]; then
-    echo Cannot find the OpenVPN program (openvpn).
+    echo 'Cannot find the OpenVPN program (openvpn).'
     exit 1
 fi
+
 systemctl disable openvpn
 systemctl stop openvpn
 
 sleep 5
-ps -e|grep vpn
+ps -e | grep vpn
 if [ $? -eq 0 ]; then
     echo OpenVPN failed to stop.
 else

From f21c0f2fa9f3c41fb09b711a84d8fbd9056464ca Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:33:42 -0400
Subject: [PATCH 16/22] Update iiab-remote-off

---
 roles/openvpn/templates/iiab-remote-off | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index 953c3d878..ca1ff41c2 100644
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# /usr/bin/iiab-remote-off is intended to fully turn off multiple remote
-# support services like OpenVPN and others, to reduce risk of remote attacks.
+# /usr/bin/iiab-remote-off should fully turn off multiple remote support
+# services like OpenVPN and others, to reduce risk of remote attacks.
 
 # Do nothing if OpenVPN not installed
 which openvpn

From 3b2c16d6bf83e4efe210acf3b4ef93d2f2fedd3a Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:53:20 -0400
Subject: [PATCH 17/22] Update main.yml

---
 roles/openvpn/tasks/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 3000da823..4f7b7e463 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -87,7 +87,7 @@
     # Obsolete & unused for ~2 years as of August 2018:
     #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' }
 
-# iiab-remote-on is intended to turn on multiple remote support services like
+# /usr/bin/iiab-remote-on should turn on multiple remote support services like
 # OpenVPN and others, for remote support, so they work even after reboot.
 - name: Create iiab-vpn-on (a symbolic link to iiab-remote-on for now)
   file:
@@ -95,8 +95,8 @@
     path: /usr/bin/iiab-vpn-on
     state: link
 
-# iiab-remote-off is intended to fully turn off multiple remote support
-# services like OpenVPN and others, to reduce the risk of remote attacks.
+# /usr/bin/iiab-remote-off should fully turn off multiple remote support
+# services like OpenVPN and others, to reduce risk of remote attacks.
 - name: Create iiab-vpn-off (a symbolic link to iiab-remote-off for now)
   file:
     src: /usr/bin/iiab-remote-off

From 849be849d09b505ef459e5f4943a15fc86224b4f Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:56:22 -0400
Subject: [PATCH 18/22] Update iiab-remote-on.j2

---
 roles/openvpn/templates/iiab-remote-on.j2 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2
index f97bf11e7..8a0e6284d 100644
--- a/roles/openvpn/templates/iiab-remote-on.j2
+++ b/roles/openvpn/templates/iiab-remote-on.j2
@@ -3,6 +3,16 @@
 # /usr/bin/iiab-remote-on should turn on multiple remote support services like
 # OpenVPN and others, for remote support, so they work even after reboot.
 
+echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
+
+echo -e '1) Set these variables in /etc/local/local_vars.yml'
+echo -e '   openvpn_install: True'
+echo -e '   openvpn_enabled: True\n'
+
+echo -e '2) Run:'
+echo -e '   cd /opt/iiab/iiab'
+echo -e '   sudo ./runrole openvpn\n'
+
 # Do nothing if OpenVPN not installed
 which openvpn
 if [ $? -ne 0 ]; then

From f126aec86d81381ebe228525bd8a5f715e988dbc Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 15:58:50 -0400
Subject: [PATCH 19/22] Update main.yml

---
 roles/openvpn/tasks/main.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 4f7b7e463..6efc9cb9b 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -87,17 +87,13 @@
     # Obsolete & unused for ~2 years as of August 2018:
     #- { src: 'iiab-vpn.j2', dest: '/usr/bin/iiab-vpn', mode: '0755' }
 
-# /usr/bin/iiab-remote-on should turn on multiple remote support services like
-# OpenVPN and others, for remote support, so they work even after reboot.
-- name: Create iiab-vpn-on (a symbolic link to iiab-remote-on for now)
+- name: Create iiab-vpn-on (symlink to iiab-remote-on for now)
   file:
     src: /usr/bin/iiab-remote-on
     path: /usr/bin/iiab-vpn-on
     state: link
 
-# /usr/bin/iiab-remote-off should fully turn off multiple remote support
-# services like OpenVPN and others, to reduce risk of remote attacks.
-- name: Create iiab-vpn-off (a symbolic link to iiab-remote-off for now)
+- name: Create iiab-vpn-off (symlink to iiab-remote-off for now)
   file:
     src: /usr/bin/iiab-remote-off
     path: /usr/bin/iiab-vpn-off

From 224ea76e5a6353d59b233af4c8039f4853122903 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 16:14:23 -0400
Subject: [PATCH 20/22] Update iiab-remote-on.j2

---
 roles/openvpn/templates/iiab-remote-on.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/iiab-remote-on.j2 b/roles/openvpn/templates/iiab-remote-on.j2
index 8a0e6284d..8771cb94f 100644
--- a/roles/openvpn/templates/iiab-remote-on.j2
+++ b/roles/openvpn/templates/iiab-remote-on.j2
@@ -3,7 +3,7 @@
 # /usr/bin/iiab-remote-on should turn on multiple remote support services like
 # OpenVPN and others, for remote support, so they work even after reboot.
 
-echo -e 'WARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
+echo -e '\nWARNING: To enable OpenVPN long-term, it'"'"'s recommended you:\n'
 
 echo -e '1) Set these variables in /etc/local/local_vars.yml'
 echo -e '   openvpn_install: True'

From 725283decfbb75ed655cf0cafdcb9ed6478055f4 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 16:17:02 -0400
Subject: [PATCH 21/22] Update iiab-remote-off

---
 roles/openvpn/templates/iiab-remote-off | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index ca1ff41c2..b7ffc9da2 100644
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -3,6 +3,15 @@
 # /usr/bin/iiab-remote-off should fully turn off multiple remote support
 # services like OpenVPN and others, to reduce risk of remote attacks.
 
+echo -e '\nWARNING: To disable OpenVPN long-term, it'"'"'s recommended you:\n'
+
+echo -e '1) Set this variable in /etc/local/local_vars.yml'
+echo -e '   openvpn_enabled: False\n'
+
+echo -e '2) Run:'
+echo -e '   cd /opt/iiab/iiab'
+echo -e '   sudo ./runrole openvpn\n'
+
 # Do nothing if OpenVPN not installed
 which openvpn
 if [ $? -ne 0 ]; then

From 1fcece61716e802075d0e4d60ac054d104d65057 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 5 Sep 2018 16:39:34 -0400
Subject: [PATCH 22/22] Update iiab-remote-off

---
 roles/openvpn/templates/iiab-remote-off | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openvpn/templates/iiab-remote-off b/roles/openvpn/templates/iiab-remote-off
index b7ffc9da2..f80377a64 100644
--- a/roles/openvpn/templates/iiab-remote-off
+++ b/roles/openvpn/templates/iiab-remote-off
@@ -23,7 +23,7 @@ systemctl disable openvpn
 systemctl stop openvpn
 
 sleep 5
-ps -e | grep vpn
+ps -e | grep openvpn    # 2018-09-05: "ps -e | grep vpn" no longer works (nor would "pgrep vpn") when invoked from iiab-vpn-off (as filename itself causes [multiple] "vpn" instances to appear in process list!)
 if [ $? -eq 0 ]; then
     echo OpenVPN failed to stop.
 else