WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Fixing a lot of stuff

Browse Source
This commit is contained in:
Julien VAUBOURG
2014-11-05 23:42:24 +01:00
parent de2ae1d5f7
commit 2de9bf3b2c
5 changed files with 56 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
conf/client.conf.tpl
View File

@@ -11,8 +11,6 @@ keepalive 10 30
comp-lzo adaptive comp-lzo adaptive
# UDP only # UDP only
<TPL:UDP_COMMENT>mssfix
<TPL:UDP_COMMENT>fragment 1300
<TPL:UDP_COMMENT>explicit-exit-notify <TPL:UDP_COMMENT>explicit-exit-notify
# TLS # TLS

34
conf/ynh-vpnclient
View File

@@ -15,19 +15,20 @@ has_nativeip6() {
is_ip6addr_set() { is_ip6addr_set() {
yunohost app list -f hotspot --json | grep -q '"installed": true'\ yunohost app list -f hotspot --json | grep -q '"installed": true'\
|| ip a s dev tun0 | grep -q <TPL:IP6_ADDR>/128 || ip a s dev tun0 2> /dev/null | grep -q <TPL:IP6_ADDR>/128
} }
is_ip6interco_set() { is_serverip6route_set() {
ip -6 r | grep -q <TPL:IP6_INTERCO>/ ip -6 r | grep -q <TPL:SERVER_IP6>/
} }
is_openvpn_running() { is_openvpn_running() {
service openvpn status &> /dev/null # service openvpn status seems to be a joke
ip l sh dev tun0 &> /dev/null
} }
is_running() { is_running() {
((has_nativeip6 && is_ip6interco_set) || ! has_nativeip6) && is_openvpn_running ((has_nativeip6 && is_serverip6route_set) || ! has_nativeip6) && is_openvpn_running
} }
gw6=$(ip -6 r | grep default\ via | awk '{ print $3 }') gw6=$(ip -6 r | grep default\ via | awk '{ print $3 }')
@@ -45,7 +46,7 @@ case "$1" in
sed "s|<TPL:PROTO>|${proto}|" /etc/openvpn/client.conf.tpl > /etc/openvpn/client.conf sed "s|<TPL:PROTO>|${proto}|" /etc/openvpn/client.conf.tpl > /etc/openvpn/client.conf
sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
service openvpn start service openvpn start client
false || while [ $? -ne 0 ]; do false || while [ $? -ne 0 ]; do
sleep 1 sleep 1
@@ -55,9 +56,9 @@ case "$1" in
sleep 2 sleep 2
fi fi
if has_nativeip6 && ! is_ip6interco_set; then if has_nativeip6 && ! is_serverip6route_set; then
echo "Set IPv6 interco route" echo "Set IPv6 server route"
ip r a <TPL:IP6_INTERCO>/128 via ${gw6} dev <TPL:WIRED_DEVICE> ip r a <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE>
fi fi
if ! is_ip6addr_set; then if ! is_ip6addr_set; then
@@ -69,12 +70,13 @@ case "$1" in
stop) stop)
if is_ip6addr_set; then if is_ip6addr_set; then
echo "Unset IPv6 address" echo "Unset IPv6 address"
ip a d <TPL:IP6_ADDR>/128 dev tun0 # Not useful if hotspot is installed
ip a d <TPL:IP6_ADDR>/128 dev tun0 2> /dev/null
fi fi
if is_ip6interco_set; then if is_serverip6route_set; then
echo "Unset IPv6 interco route" echo "Unset IPv6 server route"
ip r d <TPL:IP6_INTERCO>/128 via ${gw6} dev <TPL:WIRED_DEVICE> ip r d <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE>
fi fi
if is_openvpn_running; then if is_openvpn_running; then
@@ -97,10 +99,10 @@ case "$1" in
fi fi
if has_nativeip6; then if has_nativeip6; then
if is_ip6interco_set; then if is_serverip6route_set; then
echo "IPv6 interco route is correctly set" echo "IPv6 server route is correctly set"
else else
echo "IPv6 interco route is NOT set" echo "IPv6 server route is NOT set"
exitcode=1 exitcode=1
fi fi
else else

23
manifest.json
View File

@@ -25,23 +25,26 @@
{ {
"name": "Client certificate", "name": "Client certificate",
"ask": { "ask": {
"en": "Select your client certificate" "en": "Select the path of your client certificate (will be moved)"
}, },
"example": "-----BEGIN CERTIFICATE-----" "example": "/tmp/user.crt",
"default": "/tmp/user.crt"
}, },
{ {
"name": "Client certificate key", "name": "Client certificate key",
"ask": { "ask": {
"en": "Select your client certificate key" "en": "Select the path of your client certificate key (will be moved)"
}, },
"example": "-----BEGIN PRIVATE KEY-----" "example": "/tmp/user.key",
"default": "/tmp/user.key"
}, },
{ {
"name": "Server CA", "name": "Server CA",
"ask": { "ask": {
"en": "Select your server certificate authority" "en": "Select the path of your server certificate authority (will be moved)"
}, },
"example": "-----BEGIN CERTIFICATE-----" "example": "/tmp/ca-server.crt",
"default": "/tmp/ca-server.crt"
}, },
{ {
"name": "IPv6 network", "name": "IPv6 network",
@@ -49,14 +52,6 @@
"en": "Select your IPv6 delegated network (netmask number must be <= 64)" "en": "Select your IPv6 delegated network (netmask number must be <= 64)"
}, },
"example": "2001:db8:42::/48" "example": "2001:db8:42::/48"
},
{
"name": "IPv6 interco",
"ask": {
"en": "Select your IPv6 interco (server side)"
},
"example": "2001:db8:1337::42",
"default": "2001:db8:1337::42"
} }
] ]
} }

44
scripts/install
View File

@@ -2,11 +2,10 @@
# Retrieve arguments # Retrieve arguments
server_name=$1 server_name=$1
crt_client=$2 crt_client_path=$2
crt_client_key=$3 crt_client_key_path=$3
crt_server_ca=$4 crt_server_ca_path=$4
ip6_net=$5 ip6_net=$5
ip6_interco=$6
# Check arguments # Check arguments
# TODO # TODO
@@ -19,39 +18,31 @@ sudo apt-get --assume-yes --force-yes install sipcalc
# Compute extra arguments # Compute extra arguments
wired_device=$(ip r | awk '/default via/ { print $NF; }') wired_device=$(ip r | awk '/default via/ { print $NF; }')
ip6_interco=$(sipcalc ${ip6_interco} | grep Compressed | awk '{ print $NF; }')
ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }') ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }') ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):42") ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }') ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
# Save arguments for future upgrades # Save arguments for future upgrades
sudo yunohost app setting vpnclient wired_device -v ${wired_device} sudo yunohost app setting vpnclient wired_device -v ${wired_device}
sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr} sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
sudo yunohost app setting vpnclient ip6_net -v ${ip6_net} sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
sudo yunohost app setting vpnclient ip6_interco -v ${ip6_interco} sudo yunohost app setting vpnclient server_name -v ${server_name}
sudo yunohost app setting vpnclient crt_client -v ${crt_client} sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
sudo yunohost app setting vpnclient crt_client_key -v ${crt_client_key}
sudo yunohost app setting vpnclient crt_server_ca -v ${crt_server_ca}
# Copy confs # Copy confs
sudo install -b -o root -g root -m 0644 ../conf/client.conf.tpl /etc/openvpn/ sudo install -b -o root -g root -m 0644 ../conf/client.conf.tpl /etc/openvpn/
# Create certificates # Copy certificates
sudo mkdir -pm 0700 /etc/openvpn/keys/ sudo mkdir -pm 0700 /etc/openvpn/keys/
sudo chown root: /etc/openvpn/keys/
sudo cat << EOF > /etc/openvpn/keys/user.crt sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
${crt_client} sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
EOF sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt
sudo cat << EOF > /etc/openvpn/keys/user.key
${crt_client_key}
EOF
sudo cat << EOF > /etc/openvpn/keys/ca-server.crt
${crt_server_ca}
EOF
sudo chown -R root: /etc/openvpn/keys/ sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}
sudo chmod 0600 /etc/openvpn/keys/*
# Fix confs # Fix confs
## openvpn ## openvpn
@@ -63,7 +54,7 @@ sudo install -b -o root -g root -m 0755 ../conf/ynh-vpnclient /etc/init.d/
# Fix init script # Fix init script
## ynh-vpnclient ## ynh-vpnclient
sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
sudo sed "s|<TPL:IP6_INTERCO>|${ip6_interco}|g" -i /etc/init.d/ynh-vpnclient sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
# Set default inits # Set default inits
@@ -79,4 +70,11 @@ sudo yunohost service add ynh-vpnclient
sudo yunohost service enable ynh-vpnclient sudo yunohost service enable ynh-vpnclient
sudo yunohost service start ynh-vpnclient sudo yunohost service start ynh-vpnclient
# Restart hotspot service if installed to change NAT configuration (now on tun0)
sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ "$?" -eq 0 ]; then
sudo yunohost service stop ynh-hotspot
sudo yunohost service start ynh-hotspot
fi
exit 0 exit 0

8
scripts/remove
View File

@@ -11,6 +11,14 @@ sudo rm -f /etc/openvpn/client.conf*
# Remove certificates # Remove certificates
sudo rm -rf /etc/openvpn/keys/ sudo rm -rf /etc/openvpn/keys/
# Restart hotspot service if installed to change NAT configuration
sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ "$?" -eq 0 ]; then
sleep 2
sudo yunohost service stop ynh-hotspot
sudo yunohost service start ynh-hotspot
fi
# Remove packets # Remove packets
# The yunohost policy is currently to not uninstall packets (dependency problems) # The yunohost policy is currently to not uninstall packets (dependency problems)
## sudo apt-get --assume-yes --force-yes remove openvpn ## sudo apt-get --assume-yes --force-yes remove openvpn