Initial commit
This commit is contained in:
commit
8809349e6d
|
|
@ -0,0 +1,3 @@
|
|||
*.log
|
||||
*.pwd
|
||||
*.pyc
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst stoppen wir Openvpn
|
||||
/bin/pkill openvpn
|
||||
|
||||
# Dann stoppen wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-stop.sh
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst stoppen wir Openvpn
|
||||
pkill openvpn
|
||||
|
||||
# Dann unmounten wir den CIFS-Share
|
||||
#/bin/umount /opt/openvpn/status
|
||||
/bin/systemctl stop opt-openvpn-status.mount
|
||||
#/bin/sleep 15
|
||||
|
||||
# Dann stoppen wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-stop.sh
|
||||
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst stoppen wir Openvpn
|
||||
/bin/pkill openvpn
|
||||
|
||||
# Dann unmounten wir den CIFS-Share
|
||||
#/bin/umount /opt/openvpn/status
|
||||
/bin/systemctl stop opt-openvpn-status.mount
|
||||
#/bin/sleep 15
|
||||
|
||||
# Dann stoppen wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-stop.sh
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst stoppen wir Openvpn
|
||||
/bin/pkill openvpn
|
||||
|
||||
# Dann stoppen wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-stop.sh
|
||||
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst starten wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-start.sh
|
||||
|
||||
# Dann starten wir Openvpn
|
||||
/sbin/openvpn /opt/openvpn/config/server.conf
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst starten wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-start.sh
|
||||
|
||||
# Dann mounten wir den CIFS-Share
|
||||
# (wird fuer Status-File gebraucht)
|
||||
#/bin/mount /opt/openvpn/status
|
||||
/bin/systemctl start opt-openvpn-status.mount
|
||||
#
|
||||
# Dann starten wir Openvpn
|
||||
/sbin/openvpn /opt/openvpn/config/server.conf
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst starten wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-start.sh
|
||||
|
||||
# Pause...
|
||||
sleep 10
|
||||
|
||||
# Dann mounten wir den CIFS-Share
|
||||
# (wird fuer Status-File gebraucht)
|
||||
#/bin/mount /opt/openvpn/status
|
||||
/bin/systemctl start opt-openvpn-status.mount
|
||||
#
|
||||
# Dann starten wir Openvpn
|
||||
/sbin/openvpn /opt/openvpn/config/server.conf
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Zuerst starten wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-start.sh
|
||||
|
||||
# Dann mounten wir den CIFS-Share
|
||||
# (wird fuer Status-File gebraucht)
|
||||
#/bin/mount /opt/openvpn/status
|
||||
/bin/systemctl start opt-openvpn-status.mount
|
||||
#
|
||||
# Dann starten wir Openvpn
|
||||
/sbin/openvpn /opt/openvpn/config/server.conf
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
IP_OF_CIFS_SERVER=10.3.5.2
|
||||
|
||||
# Zuerst starten wir die Bridge mit TAP-Device
|
||||
/opt/openvpn/scripts/bridge-start.sh
|
||||
|
||||
# Wir warten, bis ein ping erfolgreich ist...
|
||||
((count = 20)) # Maximum number to try.
|
||||
while [[ $count -ne 0 ]] ; do
|
||||
ping -q -c 1 -W 1 $IP_OF_CIFS_SERVER >/dev/null # Try once.
|
||||
rc=$?
|
||||
if [[ $rc -eq 0 ]] ; then
|
||||
((count = 1)) # If okay, flag to exit loop.
|
||||
fi
|
||||
((count = count - 1)) # So we don't go forever.
|
||||
done
|
||||
|
||||
# Dann mounten wir den CIFS-Share
|
||||
# (wird fuer Status-File gebraucht)
|
||||
#/bin/mount /opt/openvpn/status
|
||||
/bin/systemctl start opt-openvpn-status.mount
|
||||
#
|
||||
# Dann starten wir Openvpn
|
||||
/sbin/openvpn /opt/openvpn/config/server.conf
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDhDCCAmygAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDSDET
|
||||
MBEGA1UEChMKUnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQTAeFw0x
|
||||
MzA5MDEwMDAwMDBaFw0zMjAzMDcwNDU3MjBaMDoxCzAJBgNVBAYTAkNIMRMwEQYD
|
||||
VQQKEwpSeWNoaWdlckFHMRYwFAYDVQQDEw1SeWNoaWdlckFHIENBMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+1MWXKP2LnbZILvFiBaHcMV8HLkrEg3
|
||||
9H3R4ssXQIrTAYyDxHIgq/Yd0WAIMN6pTioQR2/oYFGy0VHkl6GgqkE3YB843kug
|
||||
BTd4yrSS/FPu8hyjDp9nXytPj/EeujBVWNj/Q5qEzLzRVDKokoecaEpmG3Pu2DNe
|
||||
BINH9bfKWL1XSk9CPJ8B2TdLF/ijlz3fRQRxfTiLPuLVmh9q7truwrJfcee/hG9C
|
||||
4/2LDkLKDE6qtSD9PsC5vfrWf8cLm3Aa7e+6iQtbvJTRBSj5JA/nVN5F0jnj7OFk
|
||||
uewRGzE37ao0uRi8DDNP31MMhtdlYY9BmHD6i6ahdvHAoagFvFfljwIDAQABo4GU
|
||||
MIGRMB0GA1UdDgQWBBQmLa9T936sM1P1pvOTiRAjTvXr0jBiBgNVHSMEWzBZgBQm
|
||||
La9T936sM1P1pvOTiRAjTvXr0qE+pDwwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoT
|
||||
ClJ5Y2hpZ2VyQUcxFjAUBgNVBAMTDVJ5Y2hpZ2VyQUcgQ0GCAQEwDAYDVR0TBAUw
|
||||
AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAqQjj8sNPFfSLnj9VHJFQ2VQDApOOH+e0
|
||||
yKGEtiua+tU/g1gm6ZUigE3vfg71nyttjfCOYnvz8IEBBXHwjQai8J/0Hncuk5X/
|
||||
bYMhqS13i0Bhf36hWQ+DbYAsVJI/WVimAIoUie4yppxiGqG6WkgIfv7jGOlZchkJ
|
||||
vIdIPTMTQtfJtpOtHi49XZFJKyaXzOxdJZ0Bvs2Tp86IQHhN79p5oY6OGy0EbqOU
|
||||
JQkSRlOWrV5mnu8e3yLK4xMNZp4WWFPZX/clMGI5bSqBvR/wv/K1ZFVHYy+BYR7b
|
||||
C12Df38lY1e4vhsKTpzQ6HzDz2Wc03GPi14xQAmULA3QRV2kmcZ9gw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.12 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.1 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.2 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.3 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.4 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.5 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.6 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.7 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.8 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.9 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.10 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.11 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.13 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.14 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.15 255.255.0.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
ifconfig-push 10.3.6.16 255.255.0.0
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRTCCAi2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADA6MQswCQYDVQQGEwJDSDET
|
||||
MBEGA1UEChMKUnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQTAeFw0x
|
||||
MzA5MDEwMDAwMDBaFw0zMjAzMDcwNDU3MjFaMDoxCzAJBgNVBAYTAkNIMRMwEQYD
|
||||
VQQKEwpSeWNoaWdlckFHMRYwFAYDVQQDEw0xOTIuMTY4LjIuMTcxMIGfMA0GCSqG
|
||||
SIb3DQEBAQUAA4GNADCBiQKBgQCXKZ7MskpNXJfILLE8eFp9wvTChhaeGdbEFpgz
|
||||
acy9fiH4oKq5clTAh9r2BvgzwF2qbxcgLN6ybCrCg/w4yKpeVoXjQmGNgWcYm7ea
|
||||
eKMNGfpTvTRcEkJK8GDvFW2TiXTqu8VWOXpAfbxLPRCA0Yc4Bvdv4bDMWDKR1uM5
|
||||
9TQ/wwIDAQABo4HZMIHWMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMG
|
||||
CWCGSAGG+EIBDQQmFiRPcGVuU1NMIFNlcnZlciBHZW5lcmF0ZWQgQ2VydGlmaWNh
|
||||
dGUwHQYDVR0OBBYEFOBfur9RxlwjRARe7o6QJv9Qqyi0MGIGA1UdIwRbMFmAFCYt
|
||||
r1P3fqwzU/Wm85OJECNO9evSoT6kPDA6MQswCQYDVQQGEwJDSDETMBEGA1UEChMK
|
||||
UnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQYIBATANBgkqhkiG9w0B
|
||||
AQQFAAOCAQEAltlPrZ6pfiL6+MZkqP5URWG5Aj84SmkkNvbTuST6SyYgmqINqGC8
|
||||
354Dky2STZsN0nowNOgfhi3lfNUxMtju22SZ5LwJ+Ku4InOHp3/TAMvBv2gS+6ua
|
||||
RLmf3KiSUcnKLh701wL1czVXL5/RGmhYHj64iTP2OTdoZcnwMYnfIetoTo57MW+e
|
||||
oq2KMBpn87+5Png7ybWayUVrYEoILU+5wqz2Mp/iZCic3ehgPrd//nPaSRUsIAwl
|
||||
qAAbg1xx76c/3DoCK7vmEkG2Cyj9XPt6YIam/pnOYc1CvHh81uMvjrjCQPiY+nOl
|
||||
K2uGxZgmKwO6zCOLQPiMleTx6VhZW6lF7A==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
mode server
|
||||
daemon
|
||||
tls-server
|
||||
proto udp
|
||||
port 1194
|
||||
local 192.168.99.11
|
||||
client-config-dir /opt/openvpn/ccd
|
||||
script-security 3
|
||||
writepid /var/run/openvpn/myopenvpn.pid
|
||||
|
||||
; tunnel configuration
|
||||
dev tap0
|
||||
server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
|
||||
passtos
|
||||
comp-lzo
|
||||
persist-key
|
||||
persist-tun
|
||||
persist-local-ip
|
||||
persist-remote-ip
|
||||
|
||||
; loggin and status
|
||||
ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
|
||||
status-version 2
|
||||
status /opt/openvpn/status/openvpnserver-status.log 5;
|
||||
verb 3
|
||||
client-connect /opt/openvpn/scripts/logon.sh
|
||||
client-disconnect /opt/openvpn/scripts/logoff.sh
|
||||
|
||||
; routing
|
||||
;push "route 10.3.0.0 255.255.0.0"
|
||||
|
||||
; management
|
||||
management localhost 6666
|
||||
|
||||
; certificates and authentication
|
||||
dh /opt/openvpn/private/dh1024.pem
|
||||
ca /opt/openvpn/ca/cacert.pem
|
||||
cert /opt/openvpn/certs/hostcert.pem
|
||||
key /opt/openvpn/private/hostkey.pem
|
||||
client-cert-not-required
|
||||
username-as-common-name
|
||||
auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
|
||||
;client-to-client
|
||||
keepalive 10 60
|
||||
max-clients 50
|
||||
|
||||
; explicit exit
|
||||
push "explicit-exit-notify"
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
mode server
|
||||
daemon
|
||||
tls-server
|
||||
proto udp
|
||||
port 1194
|
||||
local 192.168.99.11
|
||||
client-config-dir /opt/openvpn/ccd
|
||||
script-security 3
|
||||
writepid /var/run/openvpn/myopenvpn.pid
|
||||
|
||||
; tunnel configuration
|
||||
dev tap0
|
||||
server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
|
||||
passtos
|
||||
comp-lzo
|
||||
persist-key
|
||||
persist-tun
|
||||
persist-local-ip
|
||||
persist-remote-ip
|
||||
|
||||
; loggin and status
|
||||
ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
|
||||
status-version 2
|
||||
status /opt/openvpn/status/openvpnserver-status.log 30;
|
||||
verb 3
|
||||
client-connect /opt/openvpn/scripts/logon.sh
|
||||
client-disconnect /opt/openvpn/scripts/logoff.sh
|
||||
|
||||
; routing
|
||||
;push "route 10.3.0.0 255.255.0.0"
|
||||
|
||||
; management
|
||||
management localhost 6666
|
||||
|
||||
; certificates and authentication
|
||||
dh /opt/openvpn/private/dh1024.pem
|
||||
ca /opt/openvpn/ca/cacert.pem
|
||||
cert /opt/openvpn/certs/hostcert.pem
|
||||
key /opt/openvpn/private/hostkey.pem
|
||||
client-cert-not-required
|
||||
username-as-common-name
|
||||
auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
|
||||
;client-to-client
|
||||
keepalive 10 60
|
||||
max-clients 50
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
mode server
|
||||
daemon
|
||||
tls-server
|
||||
proto udp
|
||||
port 1194
|
||||
local 192.168.99.11
|
||||
client-config-dir /opt/openvpn/ccd
|
||||
script-security 3
|
||||
writepid /var/run/openvpn/myopenvpn.pid
|
||||
|
||||
; tunnel configuration
|
||||
dev tap0
|
||||
server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
|
||||
passtos
|
||||
comp-lzo
|
||||
persist-key
|
||||
persist-tun
|
||||
persist-local-ip
|
||||
persist-remote-ip
|
||||
|
||||
; loggin and status
|
||||
ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
|
||||
status-version 2
|
||||
status /opt/openvpn/status/openvpnserver-status.log 5;
|
||||
verb 3
|
||||
client-connect /opt/openvpn/scripts/logon.sh
|
||||
client-disconnect /opt/openvpn/scripts/logoff.sh
|
||||
|
||||
; routing
|
||||
;push "route 10.3.0.0 255.255.0.0"
|
||||
|
||||
; management
|
||||
management localhost 6666
|
||||
|
||||
; certificates and authentication
|
||||
dh /opt/openvpn/private/dh1024.pem
|
||||
ca /opt/openvpn/ca/cacert.pem
|
||||
cert /opt/openvpn/certs/hostcert.pem
|
||||
key /opt/openvpn/private/hostkey.pem
|
||||
client-cert-not-required
|
||||
username-as-common-name
|
||||
auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
|
||||
;client-to-client
|
||||
keepalive 10 60
|
||||
max-clients 50
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
mode server
|
||||
daemon
|
||||
tls-server
|
||||
proto udp
|
||||
port 1194
|
||||
local 192.168.99.11
|
||||
client-config-dir /opt/openvpn/ccd
|
||||
script-security 3
|
||||
|
||||
; tunnel configuration
|
||||
dev tap0
|
||||
server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
|
||||
passtos
|
||||
comp-lzo
|
||||
persist-key
|
||||
persist-tun
|
||||
persist-local-ip
|
||||
persist-remote-ip
|
||||
|
||||
; loggin and status
|
||||
ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
|
||||
status-version 2
|
||||
status /opt/openvpn/status/openvpnserver-status.log 30;
|
||||
verb 3
|
||||
client-connect /opt/openvpn/scripts/logon.sh
|
||||
client-disconnect /opt/openvpn/scripts/logoff.sh
|
||||
|
||||
; routing
|
||||
;push "route 10.3.0.0 255.255.0.0"
|
||||
|
||||
; management
|
||||
management localhost 6666
|
||||
|
||||
; certificates and authentication
|
||||
dh /opt/openvpn/private/dh1024.pem
|
||||
ca /opt/openvpn/ca/cacert.pem
|
||||
cert /opt/openvpn/certs/hostcert.pem
|
||||
key /opt/openvpn/private/hostkey.pem
|
||||
client-cert-not-required
|
||||
username-as-common-name
|
||||
auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.sh via-env
|
||||
;client-to-client
|
||||
keepalive 10 60
|
||||
max-clients 50
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAIPEsURCfpqVznQaOYeWUrTyvMBD2N+6V96Saz3VPJ9WfEoPWM/3CkWH
|
||||
G/wOFuSYCV8pGok9Y+d2N0V45x56CmhJp6CJdD0L9JwHNhXqRdDOxT1emOb43/Kk
|
||||
CAXggVkAWnA+XFYXol8lYDP9W5XrU7svRfUe33Q/ijHsaY23myqDAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXAIBAAKBgQCXKZ7MskpNXJfILLE8eFp9wvTChhaeGdbEFpgzacy9fiH4oKq5
|
||||
clTAh9r2BvgzwF2qbxcgLN6ybCrCg/w4yKpeVoXjQmGNgWcYm7eaeKMNGfpTvTRc
|
||||
EkJK8GDvFW2TiXTqu8VWOXpAfbxLPRCA0Yc4Bvdv4bDMWDKR1uM59TQ/wwIDAQAB
|
||||
AoGAZgnLTyP+8g/RyWcZ0NbxRrlmXTUEaX7JsZ4K6ZG+ih9tsRZLiFk8CqbqUG9N
|
||||
9ikhUR4iPy7quQg5KQrNJEuYbIJfXyEGjiq8khp1U91rAeklgq19jWRN/QdwVLIK
|
||||
kXlcPjH7SGfSRPUnRnBdeADFf+oDN+3ZgDBvJu4IFqlyMJECQQDH+/XesmSNJnFa
|
||||
67t+azipOiPYzLCk4I0xOMgk2fVj0LQ2bULosfclfwrcL2Mc5dPrjWa1yPvmsk8k
|
||||
5wJPSL6ZAkEAwYDcwwLbwFvG2T1wm7QvaEDbQVVBwxZPGgG4titgyOYb+E/6QKaa
|
||||
ZbEuBmL/W8WhJga9yAYUJhGarQmWJ3r2uwJBAJal5lSJPBfcYr3kIIyeBsPsST6z
|
||||
C0pY4eO3a4XfLuyvNmJdsm6KSaxUZIDzrY0CUL77+Oht69yga+BXqTTCjtkCQCT6
|
||||
ZzWtGimMYFerchWPPXAC1OOLU2HgpYUmxxGpAHnj33x4bC5mqCK+1TjLOlljTwRh
|
||||
TWsoHjmYK6LdriAlU3kCQGVnfQhlOcw5b0igA7DWo/cJsMfZplkilrW6JA16HxaT
|
||||
xBmbi6l71pbcSlR9RlzU7Y4kTLaVPAy5oKbWOSzbfHw=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
|
||||
br="br0"
|
||||
tap="tap0"
|
||||
eth="enp0s10f0"
|
||||
br_ip="10.3.5.1"
|
||||
br_netmask="255.255.0.0"
|
||||
br_broadcast="10.3.255.255"
|
||||
# Create the tap adapter
|
||||
openvpn --mktun --dev $tap
|
||||
# Create the bridge and add interfaces
|
||||
brctl addbr $br
|
||||
brctl addif $br $eth
|
||||
brctl addif $br $tap
|
||||
# Configure the bridge
|
||||
ifconfig $tap 0.0.0.0 promisc up
|
||||
ifconfig $eth 0.0.0.0 promisc up
|
||||
ifconfig $br $br_ip netmask $br_netmask broadcast $br_broadcast
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
ifconfig br0 down
|
||||
brctl delif br0 enp0s10f0
|
||||
brctl delif br0 tap0
|
||||
brctl delbr br0
|
||||
openvpn --rmtun --dev tap0
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
echo logoff ${common_name} ${trusted_ip} $(date) ${bytes_sent} ${bytes_received} >> /opt/openvpn/log/logon.log
|
||||
echo logoff ${common_name} ${trusted_ip} $(date) ${bytes_sent} ${bytes_received} >> /opt/openvpn/log/${common_name}.log
|
||||
# ARP Eintrag loeschen
|
||||
#/sbin/arp -i br0 -d ${ifconfig_pool_remote_ip}
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
echo logon ${common_name} ${trusted_ip} $(date) >> /opt/openvpn/log/logon.log
|
||||
echo logon ${common_name} ${trusted_ip} $(date) >> /opt/openvpn/log/${common_name}.log
|
||||
# noch einen ARP Eintrag erstellen
|
||||
#/sbin/arp -i br0 -Ds ${ifconfig_pool_remote_ip} br0 pub
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/python
|
||||
import bcrypt, os, sys
|
||||
|
||||
username = os.environ.get('username')
|
||||
if not username:
|
||||
sys.exit(1)
|
||||
|
||||
password = os.environ.get('password')
|
||||
if not password:
|
||||
sys.exit(1)
|
||||
|
||||
file = open('/opt/openvpn/users/'+username+'.pwd', 'r')
|
||||
hashed=file.read().rstrip()
|
||||
if bcrypt.hashpw(password, hashed) == hashed:
|
||||
sys.exit(0)
|
||||
else:
|
||||
sys.exit(1)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
if grep "^${username} ${password};$" /opt/openvpn/users/users.txt >/dev/null ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
exit 1
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
DEST="10.3.5.2"
|
||||
|
||||
ping -c4 ${DEST} > /dev/null
|
||||
|
||||
if [ $? != 0 ]
|
||||
then
|
||||
echo "$(date): cannot ping ${DEST}, rebooting now..." >> /opt/openvpn/scripts/reboot-if-ping-fails.log
|
||||
/sbin/shutdown -r now
|
||||
fi
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/python
|
||||
#
|
||||
# Input: String via Environment-Variable "string_to_hash"
|
||||
# Output: STDOUT: Passwort Hash (bcrypt)
|
||||
#
|
||||
# 2. Juli 2016
|
||||
# Joerg Lehmann, nbit Informatik GmbH
|
||||
#
|
||||
import bcrypt, os, sys
|
||||
|
||||
password = os.environ.get('string_to_hash')
|
||||
if not password:
|
||||
sys.exit()
|
||||
|
||||
# Hash a password for the first time, with a randomly-generated salt
|
||||
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
|
||||
|
||||
print "%s" % (hashed)
|
||||
|
|
@ -0,0 +1,178 @@
|
|||
#!/bin/bash
|
||||
|
||||
ReadToContinue() {
|
||||
echo "Return Taste zum fortfahren..."
|
||||
read
|
||||
}
|
||||
|
||||
AddUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
echo -n "IP Adresse : "
|
||||
read ip
|
||||
echo -n "Passwort : "
|
||||
read pwd
|
||||
export string_to_hash="${pwd}"
|
||||
hash="$(/opt/openvpn/sysoper/hashme.py)"
|
||||
echo "${hash}" > /opt/openvpn/users/${username}.pwd
|
||||
echo "ifconfig-push ${ip} 255.255.0.0" > /opt/openvpn/ccd/${username}
|
||||
echo "User ${username} wurde erzeugt"
|
||||
ReadToContinue
|
||||
}
|
||||
|
||||
ChangePassword() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
echo -n "Passwort : "
|
||||
read pwd
|
||||
export string_to_hash="${pwd}"
|
||||
hash="$(/opt/openvpn/sysoper/hashme.py)"
|
||||
echo "${hash}" > /opt/openvpn/users/${username}.pwd
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
DeleteUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
rm /opt/openvpn/users/${username}.pwd
|
||||
echo "User ${username} wurde geloescht"
|
||||
# Das CCD-File loeschen wir auch, falls vorhanden
|
||||
if [ -f /opt/openvpn/ccd/${username} ]; then
|
||||
rm /opt/openvpn/ccd/${username}
|
||||
fi
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
ShowUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
ip=""
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
if [ -f /opt/openvpn/ccd/${username} ]; then
|
||||
ip="$(cat /opt/openvpn/ccd/${username} |awk '{print $2}')"
|
||||
fi
|
||||
echo "User ${username} existiert und hat die IP Adresse ${ip}"
|
||||
echo
|
||||
echo "Folgendes sind die letzten 20 Logeintraege fuer diesen User:"
|
||||
echo
|
||||
if [ -f /opt/openvpn/log/${username}.log ]; then
|
||||
tail -20 /opt/openvpn/log/${username}.log
|
||||
else
|
||||
echo "Es existieren keine Logeintraege"
|
||||
fi
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
ListUsers() {
|
||||
echo
|
||||
echo "Username IP Adresse"
|
||||
echo "=================================="
|
||||
for userfile in $(ls -1 /opt/openvpn/users/*.pwd 2>/dev/null) ; do
|
||||
user="${userfile##*/}"
|
||||
user="${user%.pwd}"
|
||||
ip="N/A"
|
||||
if [ -f /opt/openvpn/ccd/${user} ]; then
|
||||
ip="$(cat /opt/openvpn/ccd/${user} |awk '{print $2}')"
|
||||
fi
|
||||
printf "%-20s %-15s\n" "$user" "$ip"
|
||||
done
|
||||
echo
|
||||
ReadToContinue
|
||||
}
|
||||
|
||||
ShowLogfile() {
|
||||
echo "Hinweis: mit Taste G zum Ende des Logs gehen..., Space fuer Seitenweises vorwaertsgehen..."
|
||||
echo
|
||||
ReadToContinue
|
||||
/bin/less /opt/openvpn/log/logon.log
|
||||
}
|
||||
|
||||
AdvancedMenu() {
|
||||
acharacter=0
|
||||
while [ "${acharacter}" != "9" ]; do
|
||||
clear
|
||||
echo "Advanced Functions"
|
||||
echo "=================="
|
||||
echo "1 - OpenVPN Dienst stoppen"
|
||||
echo "2 - OpenVPN Dienst starten"
|
||||
echo "3 - OpenVPN Dienst Statusabfrage"
|
||||
echo "4 - Passwort von sysoper aendern"
|
||||
echo
|
||||
echo "9 - Zurueck zum Hauptmenu"
|
||||
echo
|
||||
echo -n "Bitte Option waehlen > "
|
||||
read acharacter
|
||||
case ${acharacter} in
|
||||
1) /bin/sudo /bin/systemctl stop myopenvpn
|
||||
ReadToContinue
|
||||
;;
|
||||
2) /bin/sudo /bin/systemctl start myopenvpn
|
||||
ReadToContinue
|
||||
;;
|
||||
3) /bin/sudo /bin/systemctl status myopenvpn
|
||||
ReadToContinue
|
||||
;;
|
||||
4) /bin/passwd sysoper
|
||||
;;
|
||||
9) echo Zurueck...
|
||||
;;
|
||||
*) echo "Ungueltige Option..."
|
||||
read
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
character=0
|
||||
while [ "${character}" != "9" ]; do
|
||||
clear
|
||||
echo "Userverwaltung OpenVPN"
|
||||
echo "======================"
|
||||
echo "1 - OpenVPN Benutzer hinzufuegen"
|
||||
echo "2 - OpenVPN Benutzer Passwort setzen"
|
||||
echo "3 - OpenVPN Benutzer entfernen"
|
||||
echo "4 - OpenVPN Benutzer anzeigen"
|
||||
echo "5 - OpenVPN Benutzer auflisten"
|
||||
echo
|
||||
echo "7 - Logfile anzeigen"
|
||||
echo "8 - Advanced Functions"
|
||||
echo
|
||||
echo "9 - Exit"
|
||||
echo
|
||||
echo -n "Bitte Option waehlen > "
|
||||
read character
|
||||
case ${character} in
|
||||
1) AddUser
|
||||
;;
|
||||
2) ChangePassword
|
||||
;;
|
||||
3) DeleteUser
|
||||
;;
|
||||
4) ShowUser
|
||||
;;
|
||||
5) ListUsers
|
||||
;;
|
||||
7) ShowLogfile
|
||||
;;
|
||||
8) AdvancedMenu
|
||||
;;
|
||||
9) echo Exit...
|
||||
;;
|
||||
*) echo "Ungueltige Option..."
|
||||
read
|
||||
esac
|
||||
done
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,143 @@
|
|||
#!/bin/bash
|
||||
|
||||
ReadToContinue() {
|
||||
echo "Return Taste zum fortfahren..."
|
||||
read
|
||||
}
|
||||
|
||||
AddUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
echo -n "IP Adresse : "
|
||||
read ip
|
||||
echo -n "Passwort : "
|
||||
read pwd
|
||||
export string_to_hash="${pwd}"
|
||||
hash="$(/opt/openvpn/sysoper/hashme.py)"
|
||||
echo "${hash}" > /opt/openvpn/users/${username}.pwd
|
||||
echo "ifconfig-push ${ip} 255.255.0.0" > /opt/openvpn/ccd/${username}
|
||||
echo "User ${username} wurde erzeugt"
|
||||
ReadToContinue
|
||||
}
|
||||
|
||||
ChangePassword() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
echo -n "Passwort : "
|
||||
read pwd
|
||||
export string_to_hash="${pwd}"
|
||||
hash="$(/opt/openvpn/sysoper/hashme.py)"
|
||||
echo "${hash}" > /opt/openvpn/users/${username}.pwd
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
DeleteUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
rm /opt/openvpn/users/${username}.pwd
|
||||
echo "User ${username} wurde geloescht"
|
||||
# Das CCD-File loeschen wir auch, falls vorhanden
|
||||
if [ -f /opt/openvpn/ccd/${username} ]; then
|
||||
rm /opt/openvpn/ccd/${username}
|
||||
fi
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
ShowUser() {
|
||||
echo -n "Benutzername : "
|
||||
read username
|
||||
ip=""
|
||||
if [ -f /opt/openvpn/users/${username}.pwd ]; then
|
||||
if [ -f /opt/openvpn/ccd/${username} ]; then
|
||||
ip="$(cat /opt/openvpn/ccd/${username} |awk '{print $2}')"
|
||||
fi
|
||||
echo "User ${username} existiert und hat die IP Adresse ${ip}"
|
||||
echo
|
||||
echo "Folgendes sind die letzten 20 Logeintraege fuer diesen User:"
|
||||
echo
|
||||
if [ -f /opt/openvpn/log/${username}.log ]; then
|
||||
tail -20 /opt/openvpn/log/${username}.log
|
||||
else
|
||||
echo "Es existieren keine Logeintraege"
|
||||
fi
|
||||
ReadToContinue
|
||||
else
|
||||
echo "User ${username} existiert nicht"
|
||||
ReadToContinue
|
||||
fi
|
||||
}
|
||||
|
||||
ListUsers() {
|
||||
echo
|
||||
echo "Username IP Adresse"
|
||||
echo "=================================="
|
||||
for userfile in $(ls -1 /opt/openvpn/users/*.pwd 2>/dev/null) ; do
|
||||
user="${userfile##*/}"
|
||||
user="${user%.pwd}"
|
||||
ip="N/A"
|
||||
if [ -f /opt/openvpn/ccd/${user} ]; then
|
||||
ip="$(cat /opt/openvpn/ccd/${user} |awk '{print $2}')"
|
||||
fi
|
||||
printf "%-20s %-15s\n" "$user" "$ip"
|
||||
done
|
||||
echo
|
||||
ReadToContinue
|
||||
}
|
||||
|
||||
ShowLogfile() {
|
||||
echo "Hinweis: mit Taste G zum Ende des Logs gehen..., Space fuer Seitenweises vorwaertsgehen..."
|
||||
echo
|
||||
ReadToContinue
|
||||
/bin/less /opt/openvpn/log/logon.log
|
||||
}
|
||||
|
||||
character=0
|
||||
while [ "${character}" != "9" ]; do
|
||||
clear
|
||||
echo "Userverwaltung OpenVPN"
|
||||
echo "======================"
|
||||
echo "1 - OpenVPN Benutzer hinzufuegen"
|
||||
echo "2 - OpenVPN Benutzer Passwort setzen"
|
||||
echo "3 - OpenVPN Benutzer entfernen"
|
||||
echo "4 - OpenVPN Benutzer anzeigen"
|
||||
echo "5 - OpenVPN Benutzer auflisten"
|
||||
echo
|
||||
echo "7 - Logfile anzeigen"
|
||||
echo "8 - Passwort von sysoper aendern"
|
||||
echo
|
||||
echo "9 - Exit"
|
||||
echo
|
||||
echo -n "Bitte Option waehlen > "
|
||||
read character
|
||||
case ${character} in
|
||||
1) AddUser
|
||||
;;
|
||||
2) ChangePassword
|
||||
;;
|
||||
3) DeleteUser
|
||||
;;
|
||||
4) ShowUser
|
||||
;;
|
||||
5) ListUsers
|
||||
;;
|
||||
7) ShowLogfile
|
||||
;;
|
||||
8) passwd sysoper
|
||||
;;
|
||||
9) echo Exit...
|
||||
;;
|
||||
*) echo "Ungueltige Option..."
|
||||
read
|
||||
esac
|
||||
done
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Systemd Unit fuer myopenvpn
|
||||
|
||||
ist nach /etc/systemd/system zu kopieren und anschliessend:
|
||||
# systemctl daemon-reload
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=My OpenVPN Service
|
||||
After=network-online.target network.target remote-fs.target nss-lookup.target
|
||||
Requires=network-online.target
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
ExecStart=/opt/openvpn/bin/startup.sh
|
||||
ExecStop=/opt/openvpn/bin/shutdown.sh
|
||||
PIDFile=/var/run/openvpn/myopenvpn.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
[Unit]
|
||||
Description=My OpenVPN Service
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
ExecStart=/opt/openvpn/bin/startup.sh
|
||||
ExecStop=/opt/openvpn/bin/shutdown.sh
|
||||
PIDFile=/var/run/openvpn/myopenvpn.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
[Unit]
|
||||
Description=My OpenVPN Service
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=forking
|
||||
ExecStart=/opt/openvpn/bin/startup.sh
|
||||
ExecStop=/opt/openvpn/bin/shutdown.sh
|
||||
PIDFile=/var/run/openvpn/myopenvpn.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in New Issue