Can I get any +1s? This will guarantee that the routes will have been created when the OpenVPN link is up. commit e8f63323b4e236629f438a082422d61a37cc95af Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> Date: Thu Oct 22 21:06:38 2015 +0000 Add script to OpenVPN for VPN route fixing This will make sure that always after a start/restart the VPN routes are created Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf index abb5d03..704becb 100644 --- a/roles/openvpn/client/files/client.conf +++ b/roles/openvpn/client/files/client.conf @@ -14,6 +14,9 @@ nobind persist-key +up /etc/openvpn/fix-routes.sh +up-restart + ca ca.crt cert client.crt key client.key diff --git a/roles/openvpn/client/files/fix-routes.sh b/roles/openvpn/client/files/fix-routes.sh new file mode 100644 index 0000000..a08e519 --- /dev/null +++ b/roles/openvpn/client/files/fix-routes.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# First check if this server is actually an OpenVPN client +if [ -f /etc/openvpn/client.crt ]; +then + # Now the magic line + # This first checks whether there is a route, and if there isn't it will: + # 1. Get the local machine's VPN IP (up to and including awk) + # 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs on) + # 3. Print "Fixed VPN" and exit with code 2 to indicate that it changed + # Note: I've been told that the grep and awk can be in one command, and I believe that, but I find this clearer. + (ip route show | grep '192.168.0.0/16') || ((ip route show | grep '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) && echo "Fixed VPN" && exit 2); +fi diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml index 76817a2..67e44b1 100644 --- a/roles/openvpn/client/tasks/main.yml +++ b/roles/openvpn/client/tasks/main.yml @@ -17,6 +17,9 @@ - { file: client.conf, dest: /etc/openvpn/openvpn.conf, mode: '0644' } + - { file: fix-routes.sh, + dest: /etc/openvpn/fix-routes.sh, + mode: '0755' } - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt", dest: "/etc/openvpn/client.crt", mode: '0600' } With kind regards, Patrick Uiterwijk Fedora Infra _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx