Re: Freeze break requeest: add script to make OpenVPN always fix its routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+1 thanks.

On 22 October 2015 at 15:11, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> Can I get any +1s?
> This will guarantee that the routes will have been created when the OpenVPN link is up.
>
>
> commit e8f63323b4e236629f438a082422d61a37cc95af
> Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date:   Thu Oct 22 21:06:38 2015 +0000
>
>     Add script to OpenVPN for VPN route fixing
>
>     This will make sure that always after a start/restart the
>     VPN routes are created
>
>     Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
>
> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
> index abb5d03..704becb 100644
> --- a/roles/openvpn/client/files/client.conf
> +++ b/roles/openvpn/client/files/client.conf
> @@ -14,6 +14,9 @@ nobind
>
>  persist-key
>
> +up /etc/openvpn/fix-routes.sh
> +up-restart
> +
>  ca ca.crt
>  cert client.crt
>  key client.key
> diff --git a/roles/openvpn/client/files/fix-routes.sh b/roles/openvpn/client/files/fix-routes.sh
> new file mode 100644
> index 0000000..a08e519
> --- /dev/null
> +++ b/roles/openvpn/client/files/fix-routes.sh
> @@ -0,0 +1,12 @@
> +#!/bin/sh
> +# First check if this server is actually an OpenVPN client
> +if [ -f /etc/openvpn/client.crt ];
> +then
> +       # Now the magic line
> +       # This first checks whether there is a route, and if there isn't it will:
> +       # 1. Get the local machine's VPN IP (up to and including awk)
> +       # 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs on)
> +       # 3. Print "Fixed VPN" and exit with code 2 to indicate that it changed
> +       # Note: I've been told that the grep and awk can be in one command, and I believe that, but I find this clearer.
> +       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) && echo "Fixed VPN" && exit 2);
> +fi
> diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
> index 76817a2..67e44b1 100644
> --- a/roles/openvpn/client/tasks/main.yml
> +++ b/roles/openvpn/client/tasks/main.yml
> @@ -17,6 +17,9 @@
>    - { file: client.conf,
>        dest: /etc/openvpn/openvpn.conf,
>        mode: '0644' }
> +  - { file: fix-routes.sh,
> +      dest: /etc/openvpn/fix-routes.sh,
> +      mode: '0755' }
>    - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
>        dest: "/etc/openvpn/client.crt",
>        mode: '0600' }
>
>
>
> With kind regards,
> Patrick Uiterwijk
> Fedora Infra
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx



-- 
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux