bgallet
/
0k-charms
forked from 0k/0k-charms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

new: [vpn] new vpn charm 

Install last version of ``openvpn`` along with ``obfsproxy``.
Set ``/etc/openvpn`` contents to get a client and server connections.
Read ``/var/log/openvpn`` for log files or ``/var/run/openvpn`` for status.
postgres
Valentin Lab 10 years ago
parent
cdae2288e3
commit
eb54ff8b34
4 changed files with 335 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      precise/vpn/deb/openvpn_2.3.6-debian0_amd64.deb
  2. 98
      precise/vpn/hooks/install
  3. 3
      precise/vpn/metadata.yaml
  4. 266
      precise/vpn/src/etc/init.d/openvpn

BIN
precise/vpn/deb/openvpn_2.3.6-debian0_amd64.deb
View File

98
precise/vpn/hooks/install
View File

@ -2,37 +2,71 @@
set -eux
apt-get -y --force-yes install openvpn kal-scripts
mkdir -p /etc/openvpn/clients.d /var/lib/openvpn /var/log/openvpn
## XXXvlab: why is that ? and if we use tap ?
#mkdir /dev/net
#mknod -m a+rw /dev/net/tun c 10 200
#
# snat.sh
#
# iptables -t nat -A POSTROUTING -s 10.64.0.0/24 -o eth0 -j SNAT --to-source "$(dig +short A "$(hostname -s)")"
#
cat <<EOF > /etc/openvpn/snat.sh
#!/bin/bash
## example call:
## <exname> tap0 1500 1574 10.64.0.1 255.255.255.0 init
server_ip="$4"
device="$1"
iptables -t nat -A POSTROUTING -s "$(ifnet "$device")" \
-o eth0 -j SNAT --to-source "$(ifip eth0)" 2>&1 | logger -t iptables
EOF
chmod +x /etc/openvpn/snat.sh
apt-get install -y --force-yes wget git kal-scripts python
if test -z "${RELEASE:-}"; then
if type -p lsb_release; then
RELEASE=$(lsb_release -c -s)
else
RELEASE=$(cat apt/sources.list | grep ^deb | head -n 1 | awk '{print $3;}')
fi
export RELEASE
fi
# ## Get latest OpenVPN version (they don't have a lot of recent packets)
# wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
# echo "deb http://swupdate.openvpn.net/apt $RELEASE main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list
# ## Update only this repo:
# apt-get update -o Dir::Etc::sourcelist="sources.list.d/swupdate.openvpn.net.list" \
# -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"
# apt-get -y --force-yes install openvpn
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
dpkg -i deb/openvpn_*.deb || true
apt-get -o Dpkg::Options::="--force-confnew" install -f -y --force-yes
mkdir -p /var/run/openvpn /var/log/openvpn
##
## if using ``tun`` we will need this.
##
[ -d /dev/net ] ||
mkdir -p /dev/net
[ -c /dev/net/tun ] ||
mknod -m a+rw /dev/net/tun c 10 200
##
## installing obfsproxy latest version
##
mkdir -p /opt/apps
(
apt-get install -y --force-yes python-setuptools python-twisted python-crypto python-yaml python-pyptlib
cd /opt/apps &&
git clone https://git.torproject.org/pluggable-transports/obfsproxy.git &&
python setup.py install
)
## obfs4proxy does not work with OpenVPN for now.
# (
# apt-get install --force-yes -y golang &&
# cd /opt/apps &&
# mkdir obfs4 &&
# cd obfs4 &&
# GOPATH=$PWD go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy
# ln -sf /opt/apps/obfs4/
# )
##
## Make sure the init script in good
##
(
cp src/etc/init.d/openvpn /etc/init.d/openvpn
)

3
precise/vpn/metadata.yaml
View File

@ -6,3 +6,6 @@ description: |
Installs a VPN master server.
config-resources:
- /etc/openvpn
data-resources:
- /var/lib/openvpn
- /var/log/openvpn

266
precise/vpn/src/etc/init.d/openvpn
View File

@ -0,0 +1,266 @@
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: openvpn
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $network $remote_fs $syslog
# Should-Start: network-manager
# Should-Stop: network-manager
# X-Start-Before: $x-display-manager gdm kdm xdm wdm ldm sdm nodm
# X-Interactive: true
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Openvpn VPN service
### END INIT INFO
# Original version by Robert Leslie
# <rob@mars.org>, edited by iwj and cs
# Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org>
# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net>
. /lib/lsb/init-functions
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DAEMON=/usr/sbin/openvpn
DESC="virtual private network daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi
if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /var/run/openvpn/$NAME.status $STATUSREFRESH"
fi
log_progress_msg "$NAME"
STATUS=0
mkdir -p /var/run/openvpn
mkdir -p /var/log/openvpn
start-stop-daemon --start --quiet --oknodo \
--pidfile /var/run/openvpn.$NAME.pid \
--exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf \
--log-append /var/log/openvpn/$NAME.log || STATUS=1
}
stop_vpn () {
kill `cat $PIDFILE` || true
rm -f $PIDFILE
rm -f /var/run/openvpn/$NAME.status 2> /dev/null
}
case "$1" in
start)
log_daemon_msg "Starting $DESC"
# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
log_warning_msg " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
log_failure_msg "No such VPN: $NAME"
STATUS=1
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
log_failure_msg " No such VPN: $1"
STATUS=1
fi
done
fi
log_end_msg ${STATUS:-0}
;;
stop)
log_daemon_msg "Stopping $DESC"
if test -z "$2" ; then
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /var/run/openvpn.$1.pid ; then
PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
else
log_failure_msg " (failure: No such VPN is running: $1)"
fi
done
fi
log_end_msg 0
;;
# Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'.
reload|force-reload)
log_daemon_msg "Reloading $DESC"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
# If openvpn if running under a different user than root we'll need to restart
if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
sleep 1
start_vpn
log_progress_msg "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
log_progress_msg "$NAME"
fi
done
log_end_msg 0
;;
# Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'.
soft-restart)
log_daemon_msg "$DESC sending SIGUSR1"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
kill -USR1 `cat $PIDFILE` || true
log_progress_msg "$NAME"
done
log_end_msg 0
;;
restart)
shift
$0 stop ${@}
sleep 1
$0 start ${@}
;;
cond-restart)
log_daemon_msg "Restarting $DESC."
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
sleep 1
start_vpn
done
log_end_msg 0
;;
status)
GLOBAL_STATUS=0
if test -z "$2" ; then
# We want status for all defined VPNs.
# Returns success if all autostarted VPNs are defined and running
if test "x$AUTOSTART" = "xnone" ; then
# Consider it a failure if AUTOSTART=none
log_warning_msg "No VPN autostarted"
GLOBAL_STATUS=1
else
if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# Consider it a failure if one of the autostarted VPN is not defined
for VPN in $AUTOSTART ; do
if ! test -f $CONFIG_DIR/$VPN.conf ; then
log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined"
GLOBAL_STATUS=1
fi
done
fi
fi
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
# Is it an autostarted VPN ?
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
AUTOVPN=1
else
if test "x$AUTOSTART" = "xnone" ; then
AUTOVPN=0
else
AUTOVPN=0
for VPN in $AUTOSTART; do
if test "x$VPN" = "x$NAME" ; then
AUTOVPN=1
fi
done
fi
fi
if test "x$AUTOVPN" = "x1" ; then
# If it is autostarted, then it contributes to global status
status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
else
status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true
fi
done
else
# We just want status for specified VPNs.
# Returns success if all specified VPNs are defined and running
while shift ; do
[ -z "$1" ] && break
NAME=$1
if test -e $CONFIG_DIR/$NAME.conf ; then
# Config exists
status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1
else
# Config does not exist
log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !"
GLOBAL_STATUS=1
fi
done
fi
exit $GLOBAL_STATUS
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart|soft-restart|status}" >&2
exit 1
;;
esac
exit 0
# vim:set ai sts=2 sw=2 tw=0:
Write Preview
Loading…
Cancel
Save