WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

The service is now based on yunohost settings, allowing to update the setup though the web interface with yunohost app setting commands

Browse Source
This commit is contained in:
Julien VAUBOURG
2014-11-09 00:40:01 +01:00
parent 2fed2981cd
commit b6392cc949
5 changed files with 182 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
conf/init_ynh-vpnclient
View File

@@ -9,79 +9,200 @@
# Description: Start VPN client. # Description: Start VPN client.
### END INIT INFO ### END INIT INFO
# Functions
## State functions
has_nativeip6() { has_nativeip6() {
ip -6 r | grep -q default\ via ip -6 route | grep -q default\ via
}
has_hotspot_app() {
yunohost app list -f hotspot --json | grep -q '"installed": true'
} }
is_ip6addr_set() { is_ip6addr_set() {
yunohost app list -f hotspot --json | grep -q '"installed": true'\ ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
|| ip a s dev tun0 2> /dev/null | grep -q <TPL:IP6_ADDR>/128
} }
is_serverip6route_set() { is_serverip6route_set() {
ip -6 r | grep -q <TPL:SERVER_IP6>/ server_ip6=$1
ip -6 route | grep -q "${server_ip6}/"
} }
is_openvpn_running() { is_openvpn_running() {
# service openvpn status seems to be a joke # service openvpn status seems to be a joke
ip l sh dev tun0 &> /dev/null ip link show dev tun0 &> /dev/null
} }
is_running() { is_running() {
((has_nativeip6 && is_serverip6route_set) || ! has_nativeip6) && is_openvpn_running ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
&& ((! has_hotspot_app && is_ip6addr_set) || has_hotspot_app)\
&& is_openvpn_running
} }
gw6=$(ip -6 r | grep default\ via | awk '{ print $3 }') ## Setters
set_ip6addr() {
ip address add "${ynh_ip6_addr}/128" dev tun0
}
set_serverip6route() {
server_ip6=$1
ip6_gw=$2
wired_device=$3
ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
start_openvpn() {
ip6_gw=$1
server_ip6=$2
proto=udp
[ ! -z "${ip6_gw}" -a ! -z "${server_ip6}" ] && proto=udp6
cp /etc/openvpn/client.conf{.tpl,}
sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/openvpn/client.conf
sed "s|<TPL:PROTO>|${proto}|" -i /etc/openvpn/client.conf
sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
service openvpn start client
}
## Unsetters
unset_ip6addr() {
ip address delete "${ynh_ip6_addr}/128" dev tun0
}
unset_serverip6route() {
server_ip6=$1
ip6_gw=$2
wired_device=$3
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
}
stop_openvpn() {
service openvpn stop
}
## Tools
moulinette_get() {
var=$1
value=$(yunohost app setting vpnclient "${var}")
if [[ "${value}" =~ "An instance is already running" ]]; then
echo "${value}" >&2
exit 1
fi
echo "${value}"
}
moulinette_set() {
var=$1
value=$2
msg=$(yunohost app setting vpnclient "${var}" -v "${value}")
if [ ! $? -eq 0 ]; then
echo "${msg}" >&2
exit 1
fi
}
# Variables
echo -n "Retrieving Yunohost settings... "
ynh_server_name=$(moulinette_get server_name)
ynh_ip6_addr=$(moulinette_get ip6_addr)
old_ip6_gw=$(moulinette_get ip6_gw)
old_wired_device=$(moulinette_get wired_device)
old_server_ip6=$(moulinette_get server_ip6)
new_ip6_gw=$(ip -6 route | grep default\ via | awk '{ print $3 }')
new_wired_device=$(ip route | awk '/default via/ { print $NF; }')
new_server_ip6=$(host "${ynh_server_name}" | awk '/IPv6/ { print $NF; }')
if [ -z "${new_server_ip6}" ]; then
new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 | awk '/IPv6/ { print $NF; }')
fi
echo "OK"
# Script
case "$1" in case "$1" in
start) start)
if is_running; then if is_running; then
echo "Already correctly set" echo "Already started"
else else
echo "Starting..."
# Run openvpn
if ! is_openvpn_running; then if ! is_openvpn_running; then
echo "Run openvpn" echo "Run openvpn"
proto=udp start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
[ ! -z "${gw6}" ] && proto=udp6
sed "s|<TPL:PROTO>|${proto}|" /etc/openvpn/client.conf.tpl > /etc/openvpn/client.conf
sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
service openvpn start client
i=0
false || while [ $? -ne 0 ]; do false || while [ $? -ne 0 ]; do
(( i++ ))
[ $i -gt 15 ] && exit 1
sleep 1 sleep 1
ip l sh dev tun0 &> /dev/null ip link show dev tun0 &> /dev/null
done done && sleep 2
sleep 2
fi fi
if has_nativeip6 && ! is_serverip6route_set; then # Check old state of the server ipv6 route
if [ ! -z "${old_server_ip6}" -a ! -z "${new_ip6_gw}" -a ! -z "${old_wired_device}"\
-a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
-o "${new_wired_device}" != "${old_wired_device}" \) ]\
&& is_serverip6route_set "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"; then
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi
# Set the new server ipv6 route
if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then
echo "Set IPv6 server route" echo "Set IPv6 server route"
ip r a <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE>
set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
fi fi
if ! is_ip6addr_set; then # Set the ipv6 address
if ! has_hotspot_app && ! is_ip6addr_set; then
echo "Set IPv6 address" echo "Set IPv6 address"
ip a a <TPL:IP6_ADDR>/128 dev tun0 set_ip6addr
fi fi
fi fi
moulinette_set server_ip6 "${new_server_ip6}"
moulinette_set ip6_gw "${new_ip6_gw}"
moulinette_set wired_device "${new_wired_device}"
;; ;;
stop) stop)
if is_ip6addr_set; then echo "Stopping..."
if ! has_hotspot_app && is_ip6addr_set; then
echo "Unset IPv6 address" echo "Unset IPv6 address"
# Not useful if hotspot is installed unset_ip6addr
ip a d <TPL:IP6_ADDR>/128 dev tun0 2> /dev/null
fi fi
if is_serverip6route_set; then if is_serverip6route_set "${old_server_ip6}"; then
echo "Unset IPv6 server route" echo "Unset IPv6 server route"
ip r d <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE> unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
fi fi
if is_openvpn_running; then if is_openvpn_running; then
echo "Stop openvpn" echo "Stop openvpn"
service openvpn stop stop_openvpn
fi fi
;; ;;
restart) restart)
@@ -91,15 +212,19 @@ case "$1" in
status) status)
exitcode=0 exitcode=0
if is_ip6addr_set; then if ! has_hotspot_app; then
echo "IPv6 address is correctly set" if is_ip6addr_set; then
echo "IPv6 address is correctly set"
else
echo "IPv6 address is NOT set"
exitcode=1
fi
else else
echo "IPv6 address is NOT set" echo "Hotspot app detected"
exitcode=1
fi fi
if has_nativeip6; then if has_nativeip6; then
if is_serverip6route_set; then if is_serverip6route_set "${new_server_ip6}"; then
echo "IPv6 server route is correctly set" echo "IPv6 server route is correctly set"
else else
echo "IPv6 server route is NOT set" echo "IPv6 server route is NOT set"

58
scripts/install
View File

@@ -14,7 +14,7 @@ ip6_net=$7
# Check domain/path availability # Check domain/path availability
sudo yunohost app checkurl ${domain}${url_path} -a vpnclient sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
if [[ ! $? -eq 0 ]]; then if [ ! $? -eq 0 ]; then
exit 1 exit 1
fi fi
@@ -25,27 +25,19 @@ sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
sudo apt-get --assume-yes --force-yes install sipcalc sudo apt-get --assume-yes --force-yes install sipcalc
# Compute extra arguments # Compute extra arguments
wired_device=$(ip r | awk '/default via/ { print $NF; }') ip6_expanded_net=$(sipcalc "${ip6_net}" | grep Expanded | awk '{ print $NF; }')
ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }') ip6_net=$(sipcalc "${ip6_net}" | grep Compressed | awk '{ print $NF; }')
ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }') ip6_addr=$(echo "$(echo "${ip6_expanded_net}" | cut -d: -f1-7):1")
ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1") ip6_addr=$(sipcalc "${ip6_addr}" | grep Compressed | awk '{ print $NF; }')
ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
if [ -z "${server_ip6}" ]; then
server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
fi
# Save arguments for future upgrades # Save arguments for future upgrades
sudo yunohost app setting vpnclient wired_device -v ${wired_device} sudo yunohost app setting vpnclient server_name -v "${server_name}"
sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr} sudo yunohost app setting vpnclient ip6_addr -v "${ip6_addr}"
sudo yunohost app setting vpnclient ip6_net -v ${ip6_net} sudo yunohost app setting vpnclient ip6_net -v "${ip6_net}"
sudo yunohost app setting vpnclient server_name -v ${server_name}
sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
# Copy confs # Copy confs
sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
# Copy web sources # Copy web sources
@@ -61,23 +53,20 @@ sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
sudo mkdir -pm 0700 /etc/openvpn/keys/ sudo mkdir -pm 0700 /etc/openvpn/keys/
sudo chown root: /etc/openvpn/keys/ sudo chown root: /etc/openvpn/keys/
sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt sudo install -b -o root -g root -m 0600 "${crt_client_path}" /etc/openvpn/keys/user.crt
sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key sudo install -b -o root -g root -m 0600 "${crt_client_key_path}" /etc/openvpn/keys/user.key
sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt sudo install -b -o root -g root -m 0600 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path} sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
# Create user for the web admin # Create user for the web admin
sudo useradd -MUr vpnadmin sudo useradd -MUr vpnadmin
# Fix confs # Fix confs
## openvpn
sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl
## nginx ## nginx
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
## php-fpm ## php-fpm
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
@@ -91,11 +80,9 @@ sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
# Copy init script # Copy init script
sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
# Fix init script # Allow vpnadmin web interface to manage rights
## ynh-vpnclient sudo chmod 0470 /etc/yunohost/apps/vpnclient/settings.yml
sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient sudo chown root:vpnadmin /etc/yunohost/apps/vpnclient/settings.yml
sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
# Set default inits # Set default inits
# The openvpn configuration is modified before the start, so the service is disabled by default # The openvpn configuration is modified before the start, so the service is disabled by default
@@ -112,7 +99,8 @@ sudo yunohost service start php5-fpm
sudo yunohost service add ynh-vpnclient sudo yunohost service add ynh-vpnclient
sudo yunohost service enable ynh-vpnclient sudo yunohost service enable ynh-vpnclient
sudo yunohost service start ynh-vpnclient #sudo yunohost service start ynh-vpnclient
sudo service ynh-vpnclient start
sudo service nginx reload sudo service nginx reload
@@ -120,9 +108,9 @@ sudo service nginx reload
sudo yunohost app ssowatconf sudo yunohost app ssowatconf
# Restart hotspot service if installed to change NAT configuration (now on tun0) # Restart hotspot service if installed to change NAT configuration (now on tun0)
# A new start will fix the interface without unsetting all stuff
sudo yunohost app list -f hotspot --json | grep -q '"installed": true' sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ "$?" -eq 0 ]; then if [ $? -eq 0 ]; then
sudo yunohost service stop ynh-hotspot
sudo yunohost service start ynh-hotspot sudo yunohost service start ynh-hotspot
fi fi

3
scripts/remove
View File

@@ -28,10 +28,9 @@ sudo rm -rf /var/www/vpnadmin/
sudo userdel -f vpnadmin sudo userdel -f vpnadmin
# Restart hotspot service if installed to change NAT configuration # Restart hotspot service if installed to change NAT configuration
# A new start will fix the interface without unsetting all stuff
sudo yunohost app list -f hotspot --json | grep -q '"installed": true' sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ "$?" -eq 0 ]; then if [ "$?" -eq 0 ]; then
sleep 2
sudo yunohost service stop ynh-hotspot
sudo yunohost service start ynh-hotspot sudo yunohost service start ynh-hotspot
fi fi

BIN
sources/views/.layout.html.php.swp
View File

Binary file not shown.

BIN
sources/views/.settings.html.php.swp
View File

Binary file not shown.