Freeze break requeest: add script to make OpenVPN always fix its routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Can I get any +1s?
This will guarantee that the routes will have been created when the OpenVPN link is up.


commit e8f63323b4e236629f438a082422d61a37cc95af
Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date:   Thu Oct 22 21:06:38 2015 +0000

    Add script to OpenVPN for VPN route fixing
    
    This will make sure that always after a start/restart the
    VPN routes are created
    
    Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>

diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index abb5d03..704becb 100644
--- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -14,6 +14,9 @@ nobind
 
 persist-key
 
+up /etc/openvpn/fix-routes.sh
+up-restart
+
 ca ca.crt
 cert client.crt
 key client.key
diff --git a/roles/openvpn/client/files/fix-routes.sh b/roles/openvpn/client/files/fix-routes.sh
new file mode 100644
index 0000000..a08e519
--- /dev/null
+++ b/roles/openvpn/client/files/fix-routes.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# First check if this server is actually an OpenVPN client
+if [ -f /etc/openvpn/client.crt ];
+then
+       # Now the magic line
+       # This first checks whether there is a route, and if there isn't it will:
+       # 1. Get the local machine's VPN IP (up to and including awk)
+       # 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs on)
+       # 3. Print "Fixed VPN" and exit with code 2 to indicate that it changed
+       # Note: I've been told that the grep and awk can be in one command, and I believe that, but I find this clearer.
+       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) && echo "Fixed VPN" && exit 2);
+fi
diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
index 76817a2..67e44b1 100644
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@@ -17,6 +17,9 @@
   - { file: client.conf,
       dest: /etc/openvpn/openvpn.conf,
       mode: '0644' }
+  - { file: fix-routes.sh,
+      dest: /etc/openvpn/fix-routes.sh,
+      mode: '0755' }
   - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
       dest: "/etc/openvpn/client.crt",
       mode: '0600' }



With kind regards,
Patrick Uiterwijk
Fedora Infra
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux