Initial commit

2016-12-17 15:44:44 +01:00 · 2016-12-17 15:44:44 +01:00 · 8809349e6d
commit 8809349e6d
49 changed files with 828 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 *.log
 *.pwd
 *.pyc
--- a/bin/shutdown.sh
+++ b/bin/shutdown.sh
@ -0,0 +1,8 @@
 #!/bin/bash
 # Zuerst stoppen wir Openvpn
 /bin/pkill openvpn
 # Dann stoppen wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-stop.sh
--- a/bin/shutdown.sh.05jul2016
+++ b/bin/shutdown.sh.05jul2016
@ -0,0 +1,13 @@
 #!/bin/bash
 # Zuerst stoppen wir Openvpn
 pkill openvpn
 # Dann unmounten wir den CIFS-Share
 #/bin/umount /opt/openvpn/status
 /bin/systemctl stop opt-openvpn-status.mount
 #/bin/sleep 15
 # Dann stoppen wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-stop.sh
--- a/bin/shutdown.sh.13oct2016
+++ b/bin/shutdown.sh.13oct2016
@ -0,0 +1,13 @@
 #!/bin/bash
 # Zuerst stoppen wir Openvpn
 /bin/pkill openvpn
 # Dann unmounten wir den CIFS-Share
 #/bin/umount /opt/openvpn/status
 /bin/systemctl stop opt-openvpn-status.mount
 #/bin/sleep 15
 # Dann stoppen wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-stop.sh
--- a/bin/shutdown.sh.new
+++ b/bin/shutdown.sh.new
@ -0,0 +1,8 @@
 #!/bin/bash
 # Zuerst stoppen wir Openvpn
 /bin/pkill openvpn
 # Dann stoppen wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-stop.sh
--- a/bin/startup.sh
+++ b/bin/startup.sh
@ -0,0 +1,7 @@
 #!/bin/bash
 # Zuerst starten wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-start.sh
 # Dann starten wir Openvpn
 /sbin/openvpn /opt/openvpn/config/server.conf
--- a/bin/startup.sh.05jul2016
+++ b/bin/startup.sh.05jul2016
@ -0,0 +1,12 @@
 #!/bin/bash
 # Zuerst starten wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-start.sh
 # Dann mounten wir den CIFS-Share
 # (wird fuer Status-File gebraucht)
 #/bin/mount /opt/openvpn/status
 /bin/systemctl start opt-openvpn-status.mount
 #
 # Dann starten wir Openvpn
 /sbin/openvpn /opt/openvpn/config/server.conf
--- a/bin/startup.sh.13oct2016
+++ b/bin/startup.sh.13oct2016
@ -0,0 +1,15 @@
 #!/bin/bash
 # Zuerst starten wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-start.sh
 # Pause...
 sleep 10
 # Dann mounten wir den CIFS-Share
 # (wird fuer Status-File gebraucht)
 #/bin/mount /opt/openvpn/status
 /bin/systemctl start opt-openvpn-status.mount
 #
 # Dann starten wir Openvpn
 /sbin/openvpn /opt/openvpn/config/server.conf
--- a/bin/startup.sh.31aug2016
+++ b/bin/startup.sh.31aug2016
@ -0,0 +1,12 @@
 #!/bin/bash
 # Zuerst starten wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-start.sh
 # Dann mounten wir den CIFS-Share
 # (wird fuer Status-File gebraucht)
 #/bin/mount /opt/openvpn/status
 /bin/systemctl start opt-openvpn-status.mount
 #
 # Dann starten wir Openvpn
 /sbin/openvpn /opt/openvpn/config/server.conf
--- a/bin/startup.sh.31aug2016-with-loop
+++ b/bin/startup.sh.31aug2016-with-loop
@ -0,0 +1,25 @@
 #!/bin/bash
 IP_OF_CIFS_SERVER=10.3.5.2
 # Zuerst starten wir die Bridge mit TAP-Device
 /opt/openvpn/scripts/bridge-start.sh
 # Wir warten, bis ein ping erfolgreich ist...
 ((count = 20))                            # Maximum number to try.
 while [[ $count -ne 0 ]] ; do
    ping -q -c 1 -W 1 $IP_OF_CIFS_SERVER >/dev/null # Try once.
    rc=$?
    if [[ $rc -eq 0 ]] ; then
        ((count = 1))                      # If okay, flag to exit loop.
    fi
    ((count = count - 1))                  # So we don't go forever.
 done
 # Dann mounten wir den CIFS-Share
 # (wird fuer Status-File gebraucht)
 #/bin/mount /opt/openvpn/status
 /bin/systemctl start opt-openvpn-status.mount
 #
 # Dann starten wir Openvpn
 /sbin/openvpn /opt/openvpn/config/server.conf
--- a/ca/cacert.pem
+++ b/ca/cacert.pem
@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDhDCCAmygAwIBAgIBATANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJDSDET
 MBEGA1UEChMKUnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQTAeFw0x
 MzA5MDEwMDAwMDBaFw0zMjAzMDcwNDU3MjBaMDoxCzAJBgNVBAYTAkNIMRMwEQYD
 VQQKEwpSeWNoaWdlckFHMRYwFAYDVQQDEw1SeWNoaWdlckFHIENBMIIBIjANBgkq
 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+1MWXKP2LnbZILvFiBaHcMV8HLkrEg3
 9H3R4ssXQIrTAYyDxHIgq/Yd0WAIMN6pTioQR2/oYFGy0VHkl6GgqkE3YB843kug
 BTd4yrSS/FPu8hyjDp9nXytPj/EeujBVWNj/Q5qEzLzRVDKokoecaEpmG3Pu2DNe
 BINH9bfKWL1XSk9CPJ8B2TdLF/ijlz3fRQRxfTiLPuLVmh9q7truwrJfcee/hG9C
 4/2LDkLKDE6qtSD9PsC5vfrWf8cLm3Aa7e+6iQtbvJTRBSj5JA/nVN5F0jnj7OFk
 uewRGzE37ao0uRi8DDNP31MMhtdlYY9BmHD6i6ahdvHAoagFvFfljwIDAQABo4GU
 MIGRMB0GA1UdDgQWBBQmLa9T936sM1P1pvOTiRAjTvXr0jBiBgNVHSMEWzBZgBQm
 La9T936sM1P1pvOTiRAjTvXr0qE+pDwwOjELMAkGA1UEBhMCQ0gxEzARBgNVBAoT
 ClJ5Y2hpZ2VyQUcxFjAUBgNVBAMTDVJ5Y2hpZ2VyQUcgQ0GCAQEwDAYDVR0TBAUw
 AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAqQjj8sNPFfSLnj9VHJFQ2VQDApOOH+e0
 yKGEtiua+tU/g1gm6ZUigE3vfg71nyttjfCOYnvz8IEBBXHwjQai8J/0Hncuk5X/
 bYMhqS13i0Bhf36hWQ+DbYAsVJI/WVimAIoUie4yppxiGqG6WkgIfv7jGOlZchkJ
 vIdIPTMTQtfJtpOtHi49XZFJKyaXzOxdJZ0Bvs2Tp86IQHhN79p5oY6OGy0EbqOU
 JQkSRlOWrV5mnu8e3yLK4xMNZp4WWFPZX/clMGI5bSqBvR/wv/K1ZFVHYy+BYR7b
 C12Df38lY1e4vhsKTpzQ6HzDz2Wc03GPi14xQAmULA3QRV2kmcZ9gw==
 -----END CERTIFICATE-----
--- a/ccd/010002005012
+++ b/ccd/010002005012
@ -0,0 +1 @@
 ifconfig-push 10.3.6.12 255.255.0.0
--- a/ccd/010003006001
+++ b/ccd/010003006001
@ -0,0 +1 @@
 ifconfig-push 10.3.6.1 255.255.0.0
--- a/ccd/010003006002
+++ b/ccd/010003006002
@ -0,0 +1 @@
 ifconfig-push 10.3.6.2 255.255.0.0
--- a/ccd/010003006003
+++ b/ccd/010003006003
@ -0,0 +1 @@
 ifconfig-push 10.3.6.3 255.255.0.0
--- a/ccd/010003006004
+++ b/ccd/010003006004
@ -0,0 +1 @@
 ifconfig-push 10.3.6.4 255.255.0.0
--- a/ccd/010003006005
+++ b/ccd/010003006005
@ -0,0 +1 @@
 ifconfig-push 10.3.6.5 255.255.0.0
--- a/ccd/010003006006
+++ b/ccd/010003006006
@ -0,0 +1 @@
 ifconfig-push 10.3.6.6 255.255.0.0
--- a/ccd/010003006007
+++ b/ccd/010003006007
@ -0,0 +1 @@
 ifconfig-push 10.3.6.7 255.255.0.0
--- a/ccd/010003006008
+++ b/ccd/010003006008
@ -0,0 +1 @@
 ifconfig-push 10.3.6.8 255.255.0.0
--- a/ccd/010003006009
+++ b/ccd/010003006009
@ -0,0 +1 @@
 ifconfig-push 10.3.6.9 255.255.0.0
--- a/ccd/010003006010
+++ b/ccd/010003006010
@ -0,0 +1 @@
 ifconfig-push 10.3.6.10 255.255.0.0
--- a/ccd/010003006011
+++ b/ccd/010003006011
@ -0,0 +1 @@
 ifconfig-push 10.3.6.11 255.255.0.0
--- a/ccd/010003006013
+++ b/ccd/010003006013
@ -0,0 +1 @@
 ifconfig-push 10.3.6.13 255.255.0.0
--- a/ccd/010003006014
+++ b/ccd/010003006014
@ -0,0 +1 @@
 ifconfig-push 10.3.6.14 255.255.0.0
--- a/ccd/010003006015
+++ b/ccd/010003006015
@ -0,0 +1 @@
 ifconfig-push 10.3.6.15 255.255.0.0
--- a/ccd/010003006016
+++ b/ccd/010003006016
@ -0,0 +1 @@
 ifconfig-push 10.3.6.16 255.255.0.0
--- a/certs/hostcert.pem
+++ b/certs/hostcert.pem
@ -0,0 +1,20 @@
 -----BEGIN CERTIFICATE-----
 MIIDRTCCAi2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADA6MQswCQYDVQQGEwJDSDET
 MBEGA1UEChMKUnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQTAeFw0x
 MzA5MDEwMDAwMDBaFw0zMjAzMDcwNDU3MjFaMDoxCzAJBgNVBAYTAkNIMRMwEQYD
 VQQKEwpSeWNoaWdlckFHMRYwFAYDVQQDEw0xOTIuMTY4LjIuMTcxMIGfMA0GCSqG
 SIb3DQEBAQUAA4GNADCBiQKBgQCXKZ7MskpNXJfILLE8eFp9wvTChhaeGdbEFpgz
 acy9fiH4oKq5clTAh9r2BvgzwF2qbxcgLN6ybCrCg/w4yKpeVoXjQmGNgWcYm7ea
 eKMNGfpTvTRcEkJK8GDvFW2TiXTqu8VWOXpAfbxLPRCA0Yc4Bvdv4bDMWDKR1uM5
 9TQ/wwIDAQABo4HZMIHWMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMG
 CWCGSAGG+EIBDQQmFiRPcGVuU1NMIFNlcnZlciBHZW5lcmF0ZWQgQ2VydGlmaWNh
 dGUwHQYDVR0OBBYEFOBfur9RxlwjRARe7o6QJv9Qqyi0MGIGA1UdIwRbMFmAFCYt
 r1P3fqwzU/Wm85OJECNO9evSoT6kPDA6MQswCQYDVQQGEwJDSDETMBEGA1UEChMK
 UnljaGlnZXJBRzEWMBQGA1UEAxMNUnljaGlnZXJBRyBDQYIBATANBgkqhkiG9w0B
 AQQFAAOCAQEAltlPrZ6pfiL6+MZkqP5URWG5Aj84SmkkNvbTuST6SyYgmqINqGC8
 354Dky2STZsN0nowNOgfhi3lfNUxMtju22SZ5LwJ+Ku4InOHp3/TAMvBv2gS+6ua
 RLmf3KiSUcnKLh701wL1czVXL5/RGmhYHj64iTP2OTdoZcnwMYnfIetoTo57MW+e
 oq2KMBpn87+5Png7ybWayUVrYEoILU+5wqz2Mp/iZCic3ehgPrd//nPaSRUsIAwl
 qAAbg1xx76c/3DoCK7vmEkG2Cyj9XPt6YIam/pnOYc1CvHh81uMvjrjCQPiY+nOl
 K2uGxZgmKwO6zCOLQPiMleTx6VhZW6lF7A==
 -----END CERTIFICATE-----
--- a/config/server.conf
+++ b/config/server.conf
@ -0,0 +1,48 @@
 mode server
 daemon
 tls-server
 proto udp
 port  1194
 local 192.168.99.11
 client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn/myopenvpn.pid
 ; tunnel configuration
 dev tap0
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
 passtos
 comp-lzo
 persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
 ; loggin and status
 ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
 status-version 2
 status /opt/openvpn/status/openvpnserver-status.log 5;
 verb 3
 client-connect     /opt/openvpn/scripts/logon.sh
 client-disconnect  /opt/openvpn/scripts/logoff.sh
 ; routing
 ;push "route 10.3.0.0 255.255.0.0"
 ; management 
 management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
 cert /opt/openvpn/certs/hostcert.pem
 key  /opt/openvpn/private/hostkey.pem
 client-cert-not-required
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
 ;client-to-client
 keepalive 10 60
 max-clients 50
 ; explicit exit
 push "explicit-exit-notify"
--- a/config/server.conf.15sep2016
+++ b/config/server.conf.15sep2016
@ -0,0 +1,45 @@
 mode server
 daemon
 tls-server
 proto udp
 port  1194
 local 192.168.99.11
 client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn/myopenvpn.pid
 ; tunnel configuration
 dev tap0
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
 passtos
 comp-lzo
 persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
 ; loggin and status
 ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
 status-version 2
 status /opt/openvpn/status/openvpnserver-status.log 30;
 verb 3
 client-connect     /opt/openvpn/scripts/logon.sh
 client-disconnect  /opt/openvpn/scripts/logoff.sh
 ; routing
 ;push "route 10.3.0.0 255.255.0.0"
 ; management 
 management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
 cert /opt/openvpn/certs/hostcert.pem
 key  /opt/openvpn/private/hostkey.pem
 client-cert-not-required
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
 ;client-to-client
 keepalive 10 60
 max-clients 50
--- a/config/server.conf.19sep2016
+++ b/config/server.conf.19sep2016
@ -0,0 +1,45 @@
 mode server
 daemon
 tls-server
 proto udp
 port  1194
 local 192.168.99.11
 client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn/myopenvpn.pid
 ; tunnel configuration
 dev tap0
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
 passtos
 comp-lzo
 persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
 ; loggin and status
 ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
 status-version 2
 status /opt/openvpn/status/openvpnserver-status.log 5;
 verb 3
 client-connect     /opt/openvpn/scripts/logon.sh
 client-disconnect  /opt/openvpn/scripts/logoff.sh
 ; routing
 ;push "route 10.3.0.0 255.255.0.0"
 ; management 
 management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
 cert /opt/openvpn/certs/hostcert.pem
 key  /opt/openvpn/private/hostkey.pem
 client-cert-not-required
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
 ;client-to-client
 keepalive 10 60
 max-clients 50
--- a/config/server.conf.2jul2016
+++ b/config/server.conf.2jul2016
@ -0,0 +1,44 @@
 mode server
 daemon
 tls-server
 proto udp
 port  1194
 local 192.168.99.11
 client-config-dir /opt/openvpn/ccd
 script-security 3
 ; tunnel configuration
 dev tap0
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
 passtos
 comp-lzo
 persist-key
 persist-tun
 persist-local-ip
 persist-remote-ip
 ; loggin and status
 ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
 status-version 2
 status /opt/openvpn/status/openvpnserver-status.log 30;
 verb 3
 client-connect     /opt/openvpn/scripts/logon.sh
 client-disconnect  /opt/openvpn/scripts/logoff.sh
 ; routing
 ;push "route 10.3.0.0 255.255.0.0"
 ; management 
 management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh1024.pem
 ca   /opt/openvpn/ca/cacert.pem
 cert /opt/openvpn/certs/hostcert.pem
 key  /opt/openvpn/private/hostkey.pem
 client-cert-not-required
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.sh via-env
 ;client-to-client
 keepalive 10 60
 max-clients 50
--- a/leases/openvpn.leases
+++ b/leases/openvpn.leases
--- a/private/dh1024.pem
+++ b/private/dh1024.pem
@ -0,0 +1,5 @@
 -----BEGIN DH PARAMETERS-----
 MIGHAoGBAIPEsURCfpqVznQaOYeWUrTyvMBD2N+6V96Saz3VPJ9WfEoPWM/3CkWH
 G/wOFuSYCV8pGok9Y+d2N0V45x56CmhJp6CJdD0L9JwHNhXqRdDOxT1emOb43/Kk
 CAXggVkAWnA+XFYXol8lYDP9W5XrU7svRfUe33Q/ijHsaY23myqDAgEC
 -----END DH PARAMETERS-----
--- a/private/hostkey.pem
+++ b/private/hostkey.pem
@ -0,0 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCXKZ7MskpNXJfILLE8eFp9wvTChhaeGdbEFpgzacy9fiH4oKq5
 clTAh9r2BvgzwF2qbxcgLN6ybCrCg/w4yKpeVoXjQmGNgWcYm7eaeKMNGfpTvTRc
 EkJK8GDvFW2TiXTqu8VWOXpAfbxLPRCA0Yc4Bvdv4bDMWDKR1uM59TQ/wwIDAQAB
 AoGAZgnLTyP+8g/RyWcZ0NbxRrlmXTUEaX7JsZ4K6ZG+ih9tsRZLiFk8CqbqUG9N
 9ikhUR4iPy7quQg5KQrNJEuYbIJfXyEGjiq8khp1U91rAeklgq19jWRN/QdwVLIK
 kXlcPjH7SGfSRPUnRnBdeADFf+oDN+3ZgDBvJu4IFqlyMJECQQDH+/XesmSNJnFa
 67t+azipOiPYzLCk4I0xOMgk2fVj0LQ2bULosfclfwrcL2Mc5dPrjWa1yPvmsk8k
 5wJPSL6ZAkEAwYDcwwLbwFvG2T1wm7QvaEDbQVVBwxZPGgG4titgyOYb+E/6QKaa
 ZbEuBmL/W8WhJga9yAYUJhGarQmWJ3r2uwJBAJal5lSJPBfcYr3kIIyeBsPsST6z
 C0pY4eO3a4XfLuyvNmJdsm6KSaxUZIDzrY0CUL77+Oht69yga+BXqTTCjtkCQCT6
 ZzWtGimMYFerchWPPXAC1OOLU2HgpYUmxxGpAHnj33x4bC5mqCK+1TjLOlljTwRh
 TWsoHjmYK6LdriAlU3kCQGVnfQhlOcw5b0igA7DWo/cJsMfZplkilrW6JA16HxaT
 xBmbi6l71pbcSlR9RlzU7Y4kTLaVPAy5oKbWOSzbfHw=
 -----END RSA PRIVATE KEY-----
--- a/scripts/bridge-start.sh
+++ b/scripts/bridge-start.sh
@ -0,0 +1,18 @@
 #!/bin/bash
 br="br0"
 tap="tap0"
 eth="enp0s10f0"
 br_ip="10.3.5.1"
 br_netmask="255.255.0.0"
 br_broadcast="10.3.255.255"
 # Create the tap adapter
 openvpn --mktun --dev $tap
 # Create the bridge and add interfaces
 brctl addbr $br
 brctl addif $br $eth
 brctl addif $br $tap
 # Configure the bridge
 ifconfig $tap 0.0.0.0 promisc up
 ifconfig $eth 0.0.0.0 promisc up
 ifconfig $br $br_ip netmask $br_netmask broadcast $br_broadcast
--- a/scripts/bridge-stop.sh
+++ b/scripts/bridge-stop.sh
@ -0,0 +1,7 @@
 #!/bin/bash
 ifconfig br0 down
 brctl delif br0 enp0s10f0
 brctl delif br0 tap0
 brctl delbr br0
 openvpn --rmtun --dev tap0
--- a/scripts/logoff.sh
+++ b/scripts/logoff.sh
@ -0,0 +1,6 @@
 #!/bin/bash
 echo logoff ${common_name} ${trusted_ip} $(date) ${bytes_sent} ${bytes_received} >> /opt/openvpn/log/logon.log
 echo logoff ${common_name} ${trusted_ip} $(date) ${bytes_sent} ${bytes_received} >> /opt/openvpn/log/${common_name}.log
 # ARP Eintrag loeschen
 #/sbin/arp -i br0 -d ${ifconfig_pool_remote_ip}
 exit 0
--- a/scripts/logon.sh
+++ b/scripts/logon.sh
@ -0,0 +1,6 @@
 #!/bin/bash
 echo logon ${common_name} ${trusted_ip} $(date) >> /opt/openvpn/log/logon.log
 echo logon ${common_name} ${trusted_ip} $(date) >> /opt/openvpn/log/${common_name}.log
 # noch einen ARP Eintrag erstellen
 #/sbin/arp -i br0 -Ds ${ifconfig_pool_remote_ip} br0 pub 
 exit 0
--- a/scripts/openvpn-auth.py
+++ b/scripts/openvpn-auth.py
@ -0,0 +1,17 @@
 #!/usr/bin/python
 import bcrypt, os, sys
 username = os.environ.get('username')
 if not username:
    sys.exit(1)
 password = os.environ.get('password')
 if not password:
    sys.exit(1)
 file = open('/opt/openvpn/users/'+username+'.pwd', 'r')
 hashed=file.read().rstrip()
 if bcrypt.hashpw(password, hashed) == hashed:
    sys.exit(0)
 else:
    sys.exit(1)
--- a/scripts/openvpn-auth.sh
+++ b/scripts/openvpn-auth.sh
@ -0,0 +1,6 @@
 #!/bin/bash
 if grep "^${username} ${password};$" /opt/openvpn/users/users.txt >/dev/null ; then
 exit 0
 fi
 exit 1
--- a/scripts/reboot-if-ping-fails.sh
+++ b/scripts/reboot-if-ping-fails.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 DEST="10.3.5.2"
 ping -c4 ${DEST} > /dev/null
 if [ $? != 0 ] 
 then
  echo "$(date): cannot ping ${DEST}, rebooting now..." >> /opt/openvpn/scripts/reboot-if-ping-fails.log
  /sbin/shutdown -r now 
 fi
--- a/sysoper/hashme.py
+++ b/sysoper/hashme.py
@ -0,0 +1,18 @@
 #!/usr/bin/python
 #
 # Input: String via Environment-Variable "string_to_hash"
 # Output: STDOUT: Passwort Hash (bcrypt)
 #
 # 2. Juli 2016
 # Joerg Lehmann, nbit Informatik GmbH
 #
 import bcrypt, os, sys
 password = os.environ.get('string_to_hash')
 if not password:
    sys.exit()
 # Hash a password for the first time, with a randomly-generated salt
 hashed = bcrypt.hashpw(password, bcrypt.gensalt())
 print "%s" % (hashed)
--- a/sysoper/sysoper_shell
+++ b/sysoper/sysoper_shell
@ -0,0 +1,178 @@
 #!/bin/bash
 ReadToContinue() {
  echo "Return Taste zum fortfahren..."
  read
 }
 AddUser() {
  echo -n "Benutzername : "
  read username
  echo -n "IP Adresse   : "
  read ip
  echo -n "Passwort     : "
  read pwd
  export string_to_hash="${pwd}"
  hash="$(/opt/openvpn/sysoper/hashme.py)"
  echo "${hash}"                           > /opt/openvpn/users/${username}.pwd
  echo "ifconfig-push ${ip} 255.255.0.0"   > /opt/openvpn/ccd/${username}
  echo "User ${username} wurde erzeugt"
  ReadToContinue
 }
 ChangePassword() {
  echo -n "Benutzername : "
  read username
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    echo -n "Passwort     : "
    read pwd
    export string_to_hash="${pwd}"
    hash="$(/opt/openvpn/sysoper/hashme.py)"
    echo "${hash}"                           > /opt/openvpn/users/${username}.pwd
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 DeleteUser() {
  echo -n "Benutzername : "
  read username
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    rm /opt/openvpn/users/${username}.pwd 
    echo "User ${username} wurde geloescht"
    # Das CCD-File loeschen wir auch, falls vorhanden
    if [ -f /opt/openvpn/ccd/${username} ]; then
      rm /opt/openvpn/ccd/${username}
    fi
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 ShowUser() {
  echo -n "Benutzername : "
  read username
  ip=""
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    if [ -f /opt/openvpn/ccd/${username} ]; then
      ip="$(cat /opt/openvpn/ccd/${username} |awk '{print $2}')"
    fi   
    echo "User ${username} existiert und hat die IP Adresse ${ip}"
    echo
    echo "Folgendes sind die letzten 20 Logeintraege fuer diesen User:"
    echo
    if [ -f /opt/openvpn/log/${username}.log ]; then
       tail -20 /opt/openvpn/log/${username}.log 
    else
       echo "Es existieren keine Logeintraege"
    fi
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 ListUsers() {
  echo
  echo "Username              IP Adresse"
  echo "=================================="
  for userfile in $(ls -1 /opt/openvpn/users/*.pwd 2>/dev/null) ; do
    user="${userfile##*/}"
    user="${user%.pwd}"
    ip="N/A"
    if [ -f /opt/openvpn/ccd/${user} ]; then
      ip="$(cat /opt/openvpn/ccd/${user} |awk '{print $2}')"
    fi
    printf "%-20s  %-15s\n" "$user" "$ip"
  done
  echo
  ReadToContinue
 }
 ShowLogfile() {
  echo "Hinweis: mit Taste G zum Ende des Logs gehen..., Space fuer Seitenweises vorwaertsgehen..."
  echo
  ReadToContinue
  /bin/less /opt/openvpn/log/logon.log
 }
 AdvancedMenu() {
  acharacter=0
  while [ "${acharacter}" != "9" ]; do
    clear
    echo "Advanced Functions"
    echo "=================="
    echo "1 - OpenVPN Dienst stoppen"
    echo "2 - OpenVPN Dienst starten"
    echo "3 - OpenVPN Dienst Statusabfrage"
    echo "4 - Passwort von sysoper aendern"
    echo 
    echo "9 - Zurueck zum Hauptmenu"
    echo
    echo -n "Bitte Option waehlen > "
    read  acharacter
    case ${acharacter} in 
      1) /bin/sudo /bin/systemctl stop myopenvpn
         ReadToContinue
         ;;
      2) /bin/sudo /bin/systemctl start myopenvpn
         ReadToContinue
         ;;
      3) /bin/sudo /bin/systemctl status myopenvpn
         ReadToContinue
         ;;
      4) /bin/passwd sysoper
         ;;
      9) echo Zurueck...
         ;;
      *) echo "Ungueltige Option..."
         read
    esac
  done
 }
 character=0
 while [ "${character}" != "9" ]; do
  clear
  echo "Userverwaltung OpenVPN"
  echo "======================"
  echo "1 - OpenVPN Benutzer hinzufuegen"
  echo "2 - OpenVPN Benutzer Passwort setzen"
  echo "3 - OpenVPN Benutzer entfernen"
  echo "4 - OpenVPN Benutzer anzeigen"
  echo "5 - OpenVPN Benutzer auflisten"
  echo 
  echo "7 - Logfile anzeigen"
  echo "8 - Advanced Functions"
  echo 
  echo "9 - Exit"
  echo
  echo -n "Bitte Option waehlen > "
  read  character
  case ${character} in 
    1) AddUser
       ;;
    2) ChangePassword
       ;;
    3) DeleteUser
       ;;
    4) ShowUser
       ;;
    5) ListUsers
       ;;
    7) ShowLogfile 
       ;;
    8) AdvancedMenu
       ;;
    9) echo Exit...
       ;;
    *) echo "Ungueltige Option..."
       read
  esac
 done
 exit 0
--- a/sysoper/sysoper_shell.05jul2016
+++ b/sysoper/sysoper_shell.05jul2016
@ -0,0 +1,143 @@
 #!/bin/bash
 ReadToContinue() {
  echo "Return Taste zum fortfahren..."
  read
 }
 AddUser() {
  echo -n "Benutzername : "
  read username
  echo -n "IP Adresse   : "
  read ip
  echo -n "Passwort     : "
  read pwd
  export string_to_hash="${pwd}"
  hash="$(/opt/openvpn/sysoper/hashme.py)"
  echo "${hash}"                           > /opt/openvpn/users/${username}.pwd
  echo "ifconfig-push ${ip} 255.255.0.0"   > /opt/openvpn/ccd/${username}
  echo "User ${username} wurde erzeugt"
  ReadToContinue
 }
 ChangePassword() {
  echo -n "Benutzername : "
  read username
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    echo -n "Passwort     : "
    read pwd
    export string_to_hash="${pwd}"
    hash="$(/opt/openvpn/sysoper/hashme.py)"
    echo "${hash}"                           > /opt/openvpn/users/${username}.pwd
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 DeleteUser() {
  echo -n "Benutzername : "
  read username
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    rm /opt/openvpn/users/${username}.pwd 
    echo "User ${username} wurde geloescht"
    # Das CCD-File loeschen wir auch, falls vorhanden
    if [ -f /opt/openvpn/ccd/${username} ]; then
      rm /opt/openvpn/ccd/${username}
    fi
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 ShowUser() {
  echo -n "Benutzername : "
  read username
  ip=""
  if [ -f /opt/openvpn/users/${username}.pwd ]; then
    if [ -f /opt/openvpn/ccd/${username} ]; then
      ip="$(cat /opt/openvpn/ccd/${username} |awk '{print $2}')"
    fi   
    echo "User ${username} existiert und hat die IP Adresse ${ip}"
    echo
    echo "Folgendes sind die letzten 20 Logeintraege fuer diesen User:"
    echo
    if [ -f /opt/openvpn/log/${username}.log ]; then
       tail -20 /opt/openvpn/log/${username}.log 
    else
       echo "Es existieren keine Logeintraege"
    fi
    ReadToContinue
  else
    echo "User ${username} existiert nicht"
    ReadToContinue
  fi
 }
 ListUsers() {
  echo
  echo "Username              IP Adresse"
  echo "=================================="
  for userfile in $(ls -1 /opt/openvpn/users/*.pwd 2>/dev/null) ; do
    user="${userfile##*/}"
    user="${user%.pwd}"
    ip="N/A"
    if [ -f /opt/openvpn/ccd/${user} ]; then
      ip="$(cat /opt/openvpn/ccd/${user} |awk '{print $2}')"
    fi
    printf "%-20s  %-15s\n" "$user" "$ip"
  done
  echo
  ReadToContinue
 }
 ShowLogfile() {
  echo "Hinweis: mit Taste G zum Ende des Logs gehen..., Space fuer Seitenweises vorwaertsgehen..."
  echo
  ReadToContinue
  /bin/less /opt/openvpn/log/logon.log
 }
 character=0
 while [ "${character}" != "9" ]; do
  clear
  echo "Userverwaltung OpenVPN"
  echo "======================"
  echo "1 - OpenVPN Benutzer hinzufuegen"
  echo "2 - OpenVPN Benutzer Passwort setzen"
  echo "3 - OpenVPN Benutzer entfernen"
  echo "4 - OpenVPN Benutzer anzeigen"
  echo "5 - OpenVPN Benutzer auflisten"
  echo 
  echo "7 - Logfile anzeigen"
  echo "8 - Passwort von sysoper aendern"
  echo 
  echo "9 - Exit"
  echo
  echo -n "Bitte Option waehlen > "
  read  character
  case ${character} in 
    1) AddUser
       ;;
    2) ChangePassword
       ;;
    3) DeleteUser
       ;;
    4) ShowUser
       ;;
    5) ListUsers
       ;;
    7) ShowLogfile 
       ;;
    8) passwd sysoper
       ;;
    9) echo Exit...
       ;;
    *) echo "Ungueltige Option..."
       read
  esac
 done
 exit 0
--- a/systemd/README
+++ b/systemd/README
@ -0,0 +1,4 @@
 Systemd Unit fuer myopenvpn
 ist nach /etc/systemd/system zu kopieren und anschliessend:
 # systemctl daemon-reload
--- a/systemd/myopenvpn.service
+++ b/systemd/myopenvpn.service
@ -0,0 +1,14 @@
 [Unit]
 Description=My OpenVPN Service
 After=network-online.target network.target remote-fs.target nss-lookup.target
 Requires=network-online.target
 [Service]
 PrivateTmp=true
 Type=forking
 ExecStart=/opt/openvpn/bin/startup.sh
 ExecStop=/opt/openvpn/bin/shutdown.sh
 PIDFile=/var/run/openvpn/myopenvpn.pid
 [Install]
 WantedBy=multi-user.target
--- a/systemd/myopenvpn.service.05jul2016
+++ b/systemd/myopenvpn.service.05jul2016
@ -0,0 +1,13 @@
 [Unit]
 Description=My OpenVPN Service
 After=network-online.target
 [Service]
 PrivateTmp=true
 Type=forking
 ExecStart=/opt/openvpn/bin/startup.sh
 ExecStop=/opt/openvpn/bin/shutdown.sh
 PIDFile=/var/run/openvpn/myopenvpn.pid
 [Install]
 WantedBy=multi-user.target
--- a/systemd/myopenvpn.service.31aug2016
+++ b/systemd/myopenvpn.service.31aug2016
@ -0,0 +1,13 @@
 [Unit]
 Description=My OpenVPN Service
 After=network-online.target
 [Service]
 PrivateTmp=true
 Type=forking
 ExecStart=/opt/openvpn/bin/startup.sh
 ExecStop=/opt/openvpn/bin/shutdown.sh
 PIDFile=/var/run/openvpn/myopenvpn.pid
 [Install]
 WantedBy=multi-user.target