mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 03:32:12 +00:00
f319afa432
* change apache_data to apache_user in all * no libapach2 in centos. just php. no php-magick in centos * remove redundant vars entries * do not create apache user * missed one pound sign * soft code all references to apache_user * centos requires older setuptools * revert ansible_lsb.id in xsce.yml * try getting recent pip * move pip download to 2prep so that kalite success is not dependent on iiab coming first * still need to replace setuptools in kalite * add curl -- needed in debian * massivly substitue iiab for xsce, and rename files * completed runansible * centos fixes,install pip * appliance means no iptables rules * change to earlier version of setuptools for centos * delete file duplicate, hopefully unnecessary. generate the offline docs * wiki docs errors * create the admin group -- deleted earlier * use the --yes option with pip uninstall * base of repo moved from schoolserver to iiab, unleashkids.org->iiab.io * network detection broken due to tupo
93 lines
2 KiB
Bash
Executable file
93 lines
2 KiB
Bash
Executable file
#!/bin/sh
|
|
# script to manage openvpn
|
|
if [ ! -f "/etc/openvpn/iiab-vpn.conf" ]; then
|
|
VPNCONFIG='party-line.conf'
|
|
VPNIP={{ openvpn_server_virtual_ip }}
|
|
else
|
|
# expect the sourced file to set the above variables
|
|
source /etc/openvpn/iiab-vpn.conf
|
|
fi
|
|
|
|
# we'd like the user of this script to have root privilege
|
|
if [ "$(id -u)" != "0" ]; then
|
|
echo "This script must be run as root" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
case $1 in
|
|
"stop" | "no" | "off")
|
|
killall openvpn
|
|
exit 0
|
|
;;
|
|
"status")
|
|
pid=`ps -e|grep openvpn`
|
|
if [ -z "$pid" ]; then
|
|
echo "The openvpn process is not running"
|
|
else
|
|
echo "Openvpn is running with id $pid"
|
|
ip=`ifconfig tun | gawk '(/netmask /) {print( $2);}'`
|
|
echo "Local vpn tunnel address is $ip"
|
|
fi
|
|
exit 0
|
|
;;
|
|
|
|
esac
|
|
|
|
# we'd like for passwords authentication to be turned off
|
|
grep -e^PasswordAuthentication.*[Yy]es /etc/ssh/sshd_config
|
|
PASSWORDS_ENABLED=$?
|
|
|
|
if [ $PASSWORDS_ENABLED -eq 0 ];then
|
|
case $1 in
|
|
"test" | "unsafe") ;;
|
|
*)
|
|
|
|
echo "Openvpn is only safe when public/private keys are used"
|
|
echo " And when passwords are turned off in /etc/ssh/sshd_conf"
|
|
exit 1
|
|
esac
|
|
fi
|
|
|
|
# openvpn config file directory
|
|
dir=/etc/openvpn
|
|
|
|
if [ $# -eq 0 ]; then
|
|
cmd="test"
|
|
else
|
|
cmd=$1
|
|
fi
|
|
|
|
case $cmd in
|
|
"test" | "unsafe" )
|
|
# load TUN/TAP kernel module
|
|
modprobe tun
|
|
|
|
# make sure the wan is functioning
|
|
# 8.8.8.8 is one of google's dns servers
|
|
ping -c 3 -i 3 8.8.8.8
|
|
if [ $? -ne 0 ]; then
|
|
echo "internet is not available, tunnel not possible"
|
|
exit 1
|
|
fi
|
|
|
|
# check the vpn tunnel
|
|
ping -c 5 -i 5 "$VPNIP"
|
|
# a zero return means the tunnel is up
|
|
if [ $? -ne "0" ]; then
|
|
echo "Stopping any openvpn instance"
|
|
killall openvpn
|
|
sleep 10
|
|
echo "Starting openvpn and waiting 10 seconds for daemon to become ready"
|
|
openvpn --cd $dir --daemon --config $VPNCONFIG
|
|
fi
|
|
sleep 10
|
|
echo "Testing VPN connection"
|
|
ping -c 4 -i 4 "$VPNIP"
|
|
if [ $? -eq 0 ]; then
|
|
echo "vpn tunnel established"
|
|
else
|
|
echo "vpn connection failed"
|
|
fi
|
|
|
|
;;
|
|
esac
|