WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Merge pull request #16 from labriqueinternet/jessie

Browse Source 
Debian jessie support
This commit is contained in:
Julien Vaubourg
2015-06-19 11:07:15 +02:00
parent 67cf007622 6ffe098dcc
commit 84d6b3c9aa
6 changed files with 84 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -24,10 +24,5 @@ This YunoHost app is a part of the "[La Brique Internet](http://labriqueinter.ne
## Prerequisites ## Prerequisites
This app works with a non-stable version of YunoHost. * Debian Jessie
* YunoHost >= 2.2.0
Until this version is available (coming soon!) as an official stable release, you need to execute some commands before installing this app:
# service bind9 stop
# update-rc.d bind9 remove
# apt-get install dnsmasq

97
conf/init_ynh-vpnclient → conf/ynh-vpnclient
View File

@@ -1,30 +1,19 @@
#!/bin/bash #!/bin/bash
### BEGIN INIT INFO
# Provides: ynh-vpnclient
# Required-Start: $network $remote_fs $syslog yunohost-api
# Required-Stop: $network $remote_fs $syslog
# Should-Start: ynh-hotspot
# Should-Stop: ynh-hotspot
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start VPN client.
# Description: Start VPN client.
### END INIT INFO
# VPN Client app for YunoHost # VPN Client app for YunoHost
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com> # Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/jvaubourg/vpnclient_ynh # Contribute at https://github.com/jvaubourg/vpnclient_ynh
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by # it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or # the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version. # (at your option) any later version.
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details. # GNU Affero General Public License for more details.
# #
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
@@ -44,12 +33,17 @@ has_hotspot_app() {
} }
is_hotspot_knowme() { is_hotspot_knowme() {
value=$(yunohost app setting hotspot vpnclient) gotcha=0
if [[ "${value}" =~ "An instance is already running" ]]; then while [ "${gotcha}" -eq 0 ]; do
echo "${value}" >&2 value=$(yunohost app setting hotspot vpnclient)
exit 1
fi if [[ "${value}" =~ "An instance is already running" ]]; then
sleep $(($((RANDOM%5)) + 1))
else
gotcha=1
fi
done
[ "${value}" == yes ] [ "${value}" == yes ]
} }
@@ -69,7 +63,7 @@ is_serverip6route_set() {
} }
is_openvpn_running() { is_openvpn_running() {
service openvpn status client &> /dev/null systemctl is-active openvpn@client.service &> /dev/null
} }
is_running() { is_running() {
@@ -128,7 +122,7 @@ start_openvpn() {
sed 's|^<TPL:LOGIN_COMMENT>||' -i /etc/openvpn/client.conf sed 's|^<TPL:LOGIN_COMMENT>||' -i /etc/openvpn/client.conf
fi fi
service openvpn start client systemctl start openvpn@client.service
} }
## Unsetters ## Unsetters
@@ -146,23 +140,27 @@ unset_serverip6route() {
} }
stop_openvpn() { stop_openvpn() {
service openvpn stop systemctl stop openvpn.service
} }
## Tools ## Tools
moulinette_get() { moulinette_get() {
var=${1} var=${1}
gotcha=0
value=$(yunohost app setting vpnclient "${var}") while [ "${gotcha}" -eq 0 ]; do
value=$(yunohost app setting vpnclient "${var}")
if [[ "${value}" =~ "An instance is already running" ]]; then if [[ "${value}" =~ "An instance is already running" ]]; then
echo "${value}" >&2 sleep $(($((RANDOM%5)) + 1))
exit 1 else
fi gotcha=1
fi
done
echo "${value}" echo "${value}"
} }
moulinette_set() { moulinette_set() {
var=${1} var=${1}
@@ -181,51 +179,51 @@ if [ "$1" != restart ]; then
# Restart php5-fpm at the first start (it needs to be restarted after the slapd start) # Restart php5-fpm at the first start (it needs to be restarted after the slapd start)
if [ ! -e /tmp/.ynh-vpnclient-boot ]; then if [ ! -e /tmp/.ynh-vpnclient-boot ]; then
touch /tmp/.ynh-vpnclient-boot touch /tmp/.ynh-vpnclient-boot
service php5-fpm restart systemctl restart php5-fpm
fi fi
# Check configuration consistency # Check configuration consistency
if [[ ! "${1}" =~ stop ]]; then if [[ ! "${1}" =~ stop ]]; then
exitcode=0 exitcode=0
if [ ! -e /etc/openvpn/keys/ca-server.crt ]; then if [ ! -e /etc/openvpn/keys/ca-server.crt ]; then
echo "[WARN] You need a CA server (you can add it through the web admin)" echo "[WARN] You need a CA server (you can add it through the web admin)"
exitcode=1 exitcode=1
fi fi
empty=$(find /etc/openvpn/keys/ -empty -name credentials &> /dev/null | wc -l) empty=$(find /etc/openvpn/keys/ -empty -name credentials &> /dev/null | wc -l)
if [ "${empty}" -gt 0 -a ! -e /etc/openvpn/keys/user.key ]; then if [ "${empty}" -gt 0 -a ! -e /etc/openvpn/keys/user.key ]; then
echo "[WARN] You need either a client certificate, either a username, or both (you can add one through the web admin)" echo "[WARN] You need either a client certificate, either a username, or both (you can add one through the web admin)"
exitcode=1 exitcode=1
fi fi
[ "${exitcode}" -ne 0 ] && exit ${exitcode} [ "${exitcode}" -ne 0 ] && exit ${exitcode}
fi fi
# Variables # Variables
echo -n "Retrieving Yunohost settings... " echo -n "Retrieving Yunohost settings... "
ynh_service_enabled=$(moulinette_get service_enabled) ynh_service_enabled=$(moulinette_get service_enabled)
ynh_server_name=$(moulinette_get server_name) ynh_server_name=$(moulinette_get server_name)
ynh_server_port=$(moulinette_get server_port) ynh_server_port=$(moulinette_get server_port)
ynh_server_proto=$(moulinette_get server_proto) ynh_server_proto=$(moulinette_get server_proto)
ynh_ip6_addr=$(moulinette_get ip6_addr) ynh_ip6_addr=$(moulinette_get ip6_addr)
ynh_login_user=$(moulinette_get login_user) ynh_login_user=$(moulinette_get login_user)
old_ip6_gw=$(moulinette_get ip6_gw) old_ip6_gw=$(moulinette_get ip6_gw)
old_wired_device=$(moulinette_get wired_device) old_wired_device=$(moulinette_get wired_device)
old_server_ip6=$(moulinette_get server_ip6) old_server_ip6=$(moulinette_get server_ip6)
new_ip6_gw=$(ip -6 route | grep default\ via | awk '{ print $3 }') new_ip6_gw=$(ip -6 route | grep default\ via | awk '{ print $3 }')
new_wired_device=$(ip route | awk '/default via/ { print $NF; }') new_wired_device=$(ip route | awk '/default via/ { print $NF; }')
new_server_ip6=$(host "${ynh_server_name}" | awk '/IPv6/ { print $NF; }') new_server_ip6=$(host "${ynh_server_name}" | awk '/IPv6/ { print $NF; }')
if [ -z "${new_server_ip6}" ]; then if [ -z "${new_server_ip6}" ]; then
new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 | awk '/IPv6/ { print $NF; }') new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 | awk '/IPv6/ { print $NF; }')
fi fi
echo "OK" echo "OK"
fi fi
@@ -286,13 +284,9 @@ case "${1}" in
moulinette_set ip6_gw "${new_ip6_gw}" moulinette_set ip6_gw "${new_ip6_gw}"
moulinette_set wired_device "${new_wired_device}" moulinette_set wired_device "${new_wired_device}"
# Restart dhcpd # Fix configuration
service bind9 stop &> /dev/null
service dnsmasq restart
# Restart hotspot if needed
if has_hotspot_app && ! is_hotspot_knowme; then if has_hotspot_app && ! is_hotspot_knowme; then
service ynh-hotspot start ynh-hotspot start
fi fi
fi fi
;; ;;
@@ -309,7 +303,7 @@ case "${1}" in
echo "Unset IPv6 server route" echo "Unset IPv6 server route"
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}" unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi fi
if is_openvpn_running; then if is_openvpn_running; then
echo "Stop openvpn" echo "Stop openvpn"
stop_openvpn stop_openvpn
@@ -321,11 +315,10 @@ case "${1}" in
done done
fi fi
# Fix configuration
if has_hotspot_app && is_hotspot_knowme; then if has_hotspot_app && is_hotspot_knowme; then
service ynh-hotspot start ynh-hotspot start
fi fi
service dnsmasq restart
;; ;;
restart) restart)
$0 stop $0 stop

15
conf/ynh-vpnclient.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=YunoHost VPN Client.
Requires=network.target
After=network.target
Wants=ynh-hotspot.service
Before=ynh-hotspot.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/ynh-vpnclient start
ExecStop=/usr/local/bin/ynh-vpnclient stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

29
scripts/install
View File

@@ -162,32 +162,31 @@ sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/v
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
# Copy init script # Copy init script
sudo install -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
# Set default inits # Set default inits
# The openvpn configuration is modified before the start, so the service is disabled by default # The boot order of these services are important, so they are disabled by default
# and the ynh-vpnclient service handles it. # and the ynh-vpnclient service handles them.
sudo yunohost service add openvpn sudo systemctl disable openvpn
sudo yunohost service stop openvpn sudo systemctl stop openvpn
sudo yunohost service disable openvpn
sudo yunohost service add php5-fpm sudo systemctl enable php5-fpm
sudo yunohost service enable php5-fpm sudo systemctl restart php5-fpm
sudo yunohost service add ynh-vpnclient sudo systemctl reload nginx
sudo yunohost service enable ynh-vpnclient
sudo service ynh-vpnclient start
sudo service nginx reload sudo systemctl enable ynh-vpnclient
sudo systemctl start ynh-vpnclient
# Update SSO for vpnadmin # Update SSO for vpnadmin
sudo yunohost app ssowatconf sudo yunohost app ssowatconf
# Restart hotspot service if installed (and started) to change NAT configuration (now on tun0) # Restart hotspot service if installed (and started) to change NAT configuration (now on tun0)
# A new start will fix the interface without unsetting all stuff # A new start will fix the interface without unsetting all stuff
if [ -e /tmp/.ynh-hotspot-started ]; then #if [ -e /tmp/.ynh-hotspot-started ]; then
sudo service ynh-hotspot start # sudo ynh-hotspot start
fi #fi
# Check configuration consistency # Check configuration consistency

11
scripts/remove
View File

@@ -21,9 +21,9 @@
domain=$(sudo yunohost app setting vpnclient domain) domain=$(sudo yunohost app setting vpnclient domain)
# The End # The End
sudo service ynh-vpnclient stop sudo systemctl stop ynh-vpnclient
sudo yunohost service remove ynh-vpnclient sudo systemctl disable ynh-vpnclient
sudo rm -f /etc/init.d/ynh-vpnclient sudo rm -f /etc/systemd/system/ynh-vpnclient.service /usr/local/bin/ynh-vpnclient
sudo rm -f /tmp/.ynh-vpnclient-* sudo rm -f /tmp/.ynh-vpnclient-*
# Remove confs # Remove confs
@@ -35,9 +35,8 @@ sudo rm -f /etc/php5/fpm/pool.d/vpnadmin.conf
sudo rm -rf /etc/openvpn/keys/ sudo rm -rf /etc/openvpn/keys/
# Restart services # Restart services
sudo yunohost service stop php5-fpm sudo systemctl restart php5-fpm
sudo yunohost service start php5-fpm sudo systemctl reload nginx
sudo service nginx reload
# Remove sources # Remove sources
sudo rm -rf /var/www/vpnadmin/ sudo rm -rf /var/www/vpnadmin/

6
sources/controller.php
View File

@@ -27,17 +27,17 @@ function moulinette_set($var, $value) {
} }
function stop_service() { function stop_service() {
exec('sudo service ynh-vpnclient stop'); exec('sudo systemctl stop ynh-vpnclient');
} }
function start_service() { function start_service() {
exec('sudo service ynh-vpnclient start', $output, $retcode); exec('sudo systemctl start ynh-vpnclient', $output, $retcode);
return $retcode; return $retcode;
} }
function service_status() { function service_status() {
exec('sudo service ynh-vpnclient status', $output); exec('sudo ynh-vpnclient status', $output);
return $output; return $output;
} }