diff --git a/README.md b/README.md index d7087fe..2c8de55 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,22 @@ ## INSTALLATION -Installation CentOS 7 Minimal +Installation Rocky Linux 9 Minimal Partitionierung (LVM; XFS als Filesystem): ``` -/boot 500 MB -/ 50 GB -/home 73 GB -swap 4 GB +/boot 1 GB +/ XXX GB +swap X GB ``` Netzwerkkonfiguration: ``` -Hostname: ryovpn.rych01.rychiger.com +Hostname: ryovpn01.rych01.rychiger.com DNS: 8.8.8.8 -NTP: server 0.centos.pool.ntp.org iburst - server 1.centos.pool.ntp.org iburst - server 2.centos.pool.ntp.org iburst - server 3.centos.pool.ntp.org iburst +NTP: XXXXXX + XXXXXX + +TODO: TYPE="Ethernet" NAME="enp0s10f0" @@ -40,6 +39,12 @@ PREFIX=24 GATEWAY=192.168.99.1 UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ``` + +Installation diverse Pakete +``` +# yum install kbd-legacy +# dracut -f +``` Anschliessend Installation OpenVPN: ``` @@ -47,14 +52,13 @@ Anschliessend Installation OpenVPN: # yum install openvpn -y Noch ein paar Zusatzpakete: -# yum install mailx -y +# yum install s-nail -y # yum install git -y # yum install net-tools -y # yum install policycoreutils-devel -y # yum install bridge-utils -y # yum install tcpdump -y -# yum install chrony -y -# yum install py-bcrypt -y +# yum install python3-bcrypt -y ``` Wegen Entropy: @@ -66,29 +70,22 @@ Test: # cat /proc/sys/kernel/random/entropy_avail ``` -Wegen Time-Sync Meldungen: -``` -# cat /etc/rsyslog.d/time_msg.conf -:msg, contains, "Time has been changed" ~ -``` - -Wegen fehlerhafter HW-Clock: - -/etc/cron.d/sync-hw-clock: -``` -MAILTO=root -*/10 * * * * root /sbin/hwclock --systohc -``` Installation NGINX (Zugang fuer Statusabfragen): ``` # yum install nginx +# systemctl enable nginx Konfiguration /etc/nginx/nginx.conf: ... root /opt/openvpn/status; ... +Installation von altem Server oder git uebernehmen... +# cd /opt +# git clone https://gitlab.com/drpuur/rych-openvpn.git openvpn # use personal access token in Gitlab + + SELinux: # semanage fcontext -a -t httpd_sys_content_t /opt/openvpn/status/openvpnserver-status.log # semanage fcontext -a -t httpd_sys_content_t /opt/openvpn/status/openvpnserver-status-443.log @@ -107,11 +104,11 @@ Prinzipieller Aufbau: enp0s10f0: Netzwerkinterface Richtung Internet enp0s10f1: Netzwerkinterface Richtung Intranet -enp0s10f0 (192.168.99.11) ==> hier hoert OpenVPN und bildet das Device tap0 +enp0s10f0 (192.168.99.11/24) ==> hier hoert OpenVPN und bildet das Device tap0 Eine zweite OpenVPN Instanz bildet das Device tap1 (443/TCP) --- enp0s10f0 => tap0 --+-- br0 (10.3.5.1) +-- enp0s10f0 => tap0 --+-- br0 (10.3.5.1/16) tap1 | -- enp0s10f1 ----------+ ``` @@ -161,17 +158,9 @@ COMMIT ``` ``` -/etc/sysctl.conf: -# System default settings live in /usr/lib/sysctl.d/00-system.conf. -# To override those settings, enter new settings here, or in an /etc/sysctl.d/.conf file -# -# For more information, see sysctl.conf(5) and sysctl.d(5). -#net.ipv4.ip_forward = 1 -net.ipv6.conf.all.disable_ipv6 = 1 -net.ipv6.conf.default.disable_ipv6 = 1 -net.bridge.bridge-nf-call-iptables = 1 -net.ipv6.conf.default.autoconf = 0 -net.ipv6.conf.all.autoconf = 0 +Disable IPv6: + +# nmcli connection modify ipv6.method "disabled" ``` ``` @@ -196,8 +185,6 @@ MAILTO=root /etc/hosts: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 #::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -10.3.5.2 ewonshare ``` Startup mit Systemd einrichten: @@ -218,3 +205,12 @@ User anlegen: # useradd -m -g sysoper -s /opt/openvpn/sysoper/sysoper_shell sysoper # passwd sysoper ``` +Git Config: +``` +# cat .gitconfig +[user] + name = Joerg Lehmann + email = joerg.lehmann@nbit.ch +[http] + sslVerify = false +``` diff --git a/bin/shutdown.sh.05jul2016 b/bin/shutdown.sh.05jul2016 deleted file mode 100755 index 89e518f..0000000 --- a/bin/shutdown.sh.05jul2016 +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Zuerst stoppen wir Openvpn -pkill openvpn - -# Dann unmounten wir den CIFS-Share -#/bin/umount /opt/openvpn/status -/bin/systemctl stop opt-openvpn-status.mount -#/bin/sleep 15 - -# Dann stoppen wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-stop.sh - diff --git a/bin/shutdown.sh.13oct2016 b/bin/shutdown.sh.13oct2016 deleted file mode 100755 index f75a2c2..0000000 --- a/bin/shutdown.sh.13oct2016 +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Zuerst stoppen wir Openvpn -/bin/pkill openvpn - -# Dann unmounten wir den CIFS-Share -#/bin/umount /opt/openvpn/status -/bin/systemctl stop opt-openvpn-status.mount -#/bin/sleep 15 - -# Dann stoppen wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-stop.sh - diff --git a/bin/shutdown.sh.new b/bin/shutdown.sh.new deleted file mode 100755 index ab96223..0000000 --- a/bin/shutdown.sh.new +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -# Zuerst stoppen wir Openvpn -/bin/pkill openvpn - -# Dann stoppen wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-stop.sh - diff --git a/bin/startup.sh.05jul2016 b/bin/startup.sh.05jul2016 deleted file mode 100755 index fe972bf..0000000 --- a/bin/startup.sh.05jul2016 +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Zuerst starten wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-start.sh - -# Dann mounten wir den CIFS-Share -# (wird fuer Status-File gebraucht) -#/bin/mount /opt/openvpn/status -/bin/systemctl start opt-openvpn-status.mount -# -# Dann starten wir Openvpn -/sbin/openvpn /opt/openvpn/config/server.conf diff --git a/bin/startup.sh.13oct2016 b/bin/startup.sh.13oct2016 deleted file mode 100755 index 16286a1..0000000 --- a/bin/startup.sh.13oct2016 +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -# Zuerst starten wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-start.sh - -# Pause... -sleep 10 - -# Dann mounten wir den CIFS-Share -# (wird fuer Status-File gebraucht) -#/bin/mount /opt/openvpn/status -/bin/systemctl start opt-openvpn-status.mount -# -# Dann starten wir Openvpn -/sbin/openvpn /opt/openvpn/config/server.conf diff --git a/bin/startup.sh.31aug2016 b/bin/startup.sh.31aug2016 deleted file mode 100755 index fe972bf..0000000 --- a/bin/startup.sh.31aug2016 +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Zuerst starten wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-start.sh - -# Dann mounten wir den CIFS-Share -# (wird fuer Status-File gebraucht) -#/bin/mount /opt/openvpn/status -/bin/systemctl start opt-openvpn-status.mount -# -# Dann starten wir Openvpn -/sbin/openvpn /opt/openvpn/config/server.conf diff --git a/bin/startup.sh.31aug2016-with-loop b/bin/startup.sh.31aug2016-with-loop deleted file mode 100755 index 7f36edd..0000000 --- a/bin/startup.sh.31aug2016-with-loop +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -IP_OF_CIFS_SERVER=10.3.5.2 - -# Zuerst starten wir die Bridge mit TAP-Device -/opt/openvpn/scripts/bridge-start.sh - -# Wir warten, bis ein ping erfolgreich ist... -((count = 20)) # Maximum number to try. -while [[ $count -ne 0 ]] ; do - ping -q -c 1 -W 1 $IP_OF_CIFS_SERVER >/dev/null # Try once. - rc=$? - if [[ $rc -eq 0 ]] ; then - ((count = 1)) # If okay, flag to exit loop. - fi - ((count = count - 1)) # So we don't go forever. -done - -# Dann mounten wir den CIFS-Share -# (wird fuer Status-File gebraucht) -#/bin/mount /opt/openvpn/status -/bin/systemctl start opt-openvpn-status.mount -# -# Dann starten wir Openvpn -/sbin/openvpn /opt/openvpn/config/server.conf diff --git a/config/server-443.conf b/config/server-443.conf index d3b8e12..7cc76cc 100644 --- a/config/server-443.conf +++ b/config/server-443.conf @@ -9,7 +9,7 @@ script-security 3 writepid /var/run/openvpn-server/myopenvpn-443.pid ; ciphers -tls-cipher "DEFAULT" +tls-cipher "DEFAULT:@SECLEVEL=0" ; tunnel configuration dev tap1 @@ -36,7 +36,7 @@ client-disconnect /opt/openvpn/scripts/logoff.sh management localhost 6667 ; certificates and authentication -dh /opt/openvpn/private/dh1024.pem +dh /opt/openvpn/private/dh2048.pem ca /opt/openvpn/ca/cacert.pem cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem key /opt/openvpn/private/ewon.rychiger.com-key.pem diff --git a/config/server-443.conf.22feb2019 b/config/server-443.conf.22feb2019 deleted file mode 100644 index afbff88..0000000 --- a/config/server-443.conf.22feb2019 +++ /dev/null @@ -1,51 +0,0 @@ -mode server -daemon -tls-server -proto tcp -port 443 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 -writepid /var/run/openvpn-server/myopenvpn-443.pid - -; ciphers -tls-cipher "DEFAULT" - -; tunnel configuration -dev tap1 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status-443.log 5; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6667 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -verify-client-cert none -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env -;client-to-client -keepalive 10 60 -max-clients 50 - -; explicit exit -push "explicit-exit-notify" diff --git a/config/server-443.conf.5jul2018 b/config/server-443.conf.5jul2018 deleted file mode 100644 index e579931..0000000 --- a/config/server-443.conf.5jul2018 +++ /dev/null @@ -1,48 +0,0 @@ -mode server -daemon -tls-server -proto tcp -port 443 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 -writepid /var/run/openvpn-server/myopenvpn-443.pid - -; tunnel configuration -dev tap1 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status-443.log 5; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6667 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -verify-client-cert none -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env -;client-to-client -keepalive 10 60 -max-clients 50 - -; explicit exit -push "explicit-exit-notify" diff --git a/config/server.conf b/config/server.conf index 37673b7..25d167e 100644 --- a/config/server.conf +++ b/config/server.conf @@ -9,7 +9,7 @@ script-security 3 writepid /var/run/openvpn-server/myopenvpn.pid ; ciphers -tls-cipher "DEFAULT" +tls-cipher "DEFAULT:@SECLEVEL=0" ; tunnel configuration dev tap0 @@ -36,7 +36,7 @@ client-disconnect /opt/openvpn/scripts/logoff.sh management localhost 6666 ; certificates and authentication -dh /opt/openvpn/private/dh1024.pem +dh /opt/openvpn/private/dh2048.pem ca /opt/openvpn/ca/cacert.pem cert /opt/openvpn/certs/hostcert.pem key /opt/openvpn/private/hostkey.pem diff --git a/config/server.conf.15sep2016 b/config/server.conf.15sep2016 deleted file mode 100644 index a834e28..0000000 --- a/config/server.conf.15sep2016 +++ /dev/null @@ -1,45 +0,0 @@ -mode server -daemon -tls-server -proto udp -port 1194 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 -writepid /var/run/openvpn/myopenvpn.pid - -; tunnel configuration -dev tap0 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status.log 30; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6666 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -client-cert-not-required -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env -;client-to-client -keepalive 10 60 -max-clients 50 diff --git a/config/server.conf.19sep2016 b/config/server.conf.19sep2016 deleted file mode 100644 index f3b373c..0000000 --- a/config/server.conf.19sep2016 +++ /dev/null @@ -1,45 +0,0 @@ -mode server -daemon -tls-server -proto udp -port 1194 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 -writepid /var/run/openvpn/myopenvpn.pid - -; tunnel configuration -dev tap0 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status.log 5; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6666 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -client-cert-not-required -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env -;client-to-client -keepalive 10 60 -max-clients 50 diff --git a/config/server.conf.2jul2016 b/config/server.conf.2jul2016 deleted file mode 100644 index 27143ef..0000000 --- a/config/server.conf.2jul2016 +++ /dev/null @@ -1,44 +0,0 @@ -mode server -daemon -tls-server -proto udp -port 1194 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 - -; tunnel configuration -dev tap0 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status.log 30; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6666 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -client-cert-not-required -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.sh via-env -;client-to-client -keepalive 10 60 -max-clients 50 diff --git a/config/server.conf.5jul2018 b/config/server.conf.5jul2018 deleted file mode 100644 index 5cd8a74..0000000 --- a/config/server.conf.5jul2018 +++ /dev/null @@ -1,48 +0,0 @@ -mode server -daemon -tls-server -proto udp -port 1194 -local 192.168.99.11 -client-config-dir /opt/openvpn/ccd -script-security 3 -writepid /var/run/openvpn-server/myopenvpn.pid - -; tunnel configuration -dev tap0 -server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254 -passtos -comp-lzo -persist-key -persist-tun -persist-local-ip -persist-remote-ip - -; loggin and status -ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases -status-version 2 -status /opt/openvpn/status/openvpnserver-status.log 5; -verb 3 -client-connect /opt/openvpn/scripts/logon.sh -client-disconnect /opt/openvpn/scripts/logoff.sh - -; routing -;push "route 10.3.0.0 255.255.0.0" - -; management -management localhost 6666 - -; certificates and authentication -dh /opt/openvpn/private/dh1024.pem -ca /opt/openvpn/ca/cacert.pem -cert /opt/openvpn/certs/hostcert.pem -key /opt/openvpn/private/hostkey.pem -verify-client-cert none -username-as-common-name -auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env -;client-to-client -keepalive 10 60 -max-clients 50 - -; explicit exit -push "explicit-exit-notify" diff --git a/private/dh1024.pem b/private/dh1024.pem deleted file mode 100644 index bea3589..0000000 --- a/private/dh1024.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIGHAoGBAIPEsURCfpqVznQaOYeWUrTyvMBD2N+6V96Saz3VPJ9WfEoPWM/3CkWH -G/wOFuSYCV8pGok9Y+d2N0V45x56CmhJp6CJdD0L9JwHNhXqRdDOxT1emOb43/Kk -CAXggVkAWnA+XFYXol8lYDP9W5XrU7svRfUe33Q/ijHsaY23myqDAgEC ------END DH PARAMETERS----- diff --git a/private/dh2048.pem b/private/dh2048.pem new file mode 100644 index 0000000..9ea927e --- /dev/null +++ b/private/dh2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAyC5BozEDJWU9xKcMEDRxQTyvTKyJ+VhqqJiyiif/LtU1mjTy40Ss +BGO13FjRsXM0VLgl//J/NPi9kfYK5UPSv/mr3TIxMKDRi+U+y48HU2f68XgFhnCE +ePYVwCpOdymOwnYKxtCIwsF4GvNAoLHUIfIwK40BWtpuwB5AbVIkjSCrBWeP9Gxs +g6M06c5G3+xdE/5RqWVtWjnQNutsUrbKTFrBCEBUzElNpYE3mp2cA/8lePtIa8rI +QUHKGcQyln4eH3R/Pt+RETzSybnzliWNfctyiJ7xj/2qYlUdxhlfPipqZbg9u8Jd +NhpXiGhCh2DAcVoRYMERsOkyTKgC6KbBDwIBAg== +-----END DH PARAMETERS----- diff --git a/sysoper/sysoper_shell.05jul2016 b/sysoper/sysoper_shell.05jul2016 deleted file mode 100755 index 29983c3..0000000 --- a/sysoper/sysoper_shell.05jul2016 +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/bash - -ReadToContinue() { - echo "Return Taste zum fortfahren..." - read -} - -AddUser() { - echo -n "Benutzername : " - read username - echo -n "IP Adresse : " - read ip - echo -n "Passwort : " - read pwd - export string_to_hash="${pwd}" - hash="$(/opt/openvpn/sysoper/hashme.py)" - echo "${hash}" > /opt/openvpn/users/${username}.pwd - echo "ifconfig-push ${ip} 255.255.0.0" > /opt/openvpn/ccd/${username} - echo "User ${username} wurde erzeugt" - ReadToContinue -} - -ChangePassword() { - echo -n "Benutzername : " - read username - if [ -f /opt/openvpn/users/${username}.pwd ]; then - echo -n "Passwort : " - read pwd - export string_to_hash="${pwd}" - hash="$(/opt/openvpn/sysoper/hashme.py)" - echo "${hash}" > /opt/openvpn/users/${username}.pwd - ReadToContinue - else - echo "User ${username} existiert nicht" - ReadToContinue - fi -} - -DeleteUser() { - echo -n "Benutzername : " - read username - if [ -f /opt/openvpn/users/${username}.pwd ]; then - rm /opt/openvpn/users/${username}.pwd - echo "User ${username} wurde geloescht" - # Das CCD-File loeschen wir auch, falls vorhanden - if [ -f /opt/openvpn/ccd/${username} ]; then - rm /opt/openvpn/ccd/${username} - fi - ReadToContinue - else - echo "User ${username} existiert nicht" - ReadToContinue - fi -} - -ShowUser() { - echo -n "Benutzername : " - read username - ip="" - if [ -f /opt/openvpn/users/${username}.pwd ]; then - if [ -f /opt/openvpn/ccd/${username} ]; then - ip="$(cat /opt/openvpn/ccd/${username} |awk '{print $2}')" - fi - echo "User ${username} existiert und hat die IP Adresse ${ip}" - echo - echo "Folgendes sind die letzten 20 Logeintraege fuer diesen User:" - echo - if [ -f /opt/openvpn/log/${username}.log ]; then - tail -20 /opt/openvpn/log/${username}.log - else - echo "Es existieren keine Logeintraege" - fi - ReadToContinue - else - echo "User ${username} existiert nicht" - ReadToContinue - fi -} - -ListUsers() { - echo - echo "Username IP Adresse" - echo "==================================" - for userfile in $(ls -1 /opt/openvpn/users/*.pwd 2>/dev/null) ; do - user="${userfile##*/}" - user="${user%.pwd}" - ip="N/A" - if [ -f /opt/openvpn/ccd/${user} ]; then - ip="$(cat /opt/openvpn/ccd/${user} |awk '{print $2}')" - fi - printf "%-20s %-15s\n" "$user" "$ip" - done - echo - ReadToContinue -} - -ShowLogfile() { - echo "Hinweis: mit Taste G zum Ende des Logs gehen..., Space fuer Seitenweises vorwaertsgehen..." - echo - ReadToContinue - /bin/less /opt/openvpn/log/logon.log -} - -character=0 -while [ "${character}" != "9" ]; do - clear - echo "Userverwaltung OpenVPN" - echo "======================" - echo "1 - OpenVPN Benutzer hinzufuegen" - echo "2 - OpenVPN Benutzer Passwort setzen" - echo "3 - OpenVPN Benutzer entfernen" - echo "4 - OpenVPN Benutzer anzeigen" - echo "5 - OpenVPN Benutzer auflisten" - echo - echo "7 - Logfile anzeigen" - echo "8 - Passwort von sysoper aendern" - echo - echo "9 - Exit" - echo - echo -n "Bitte Option waehlen > " - read character - case ${character} in - 1) AddUser - ;; - 2) ChangePassword - ;; - 3) DeleteUser - ;; - 4) ShowUser - ;; - 5) ListUsers - ;; - 7) ShowLogfile - ;; - 8) passwd sysoper - ;; - 9) echo Exit... - ;; - *) echo "Ungueltige Option..." - read - esac -done -exit 0 diff --git a/systemd/myopenvpn.service.05jul2016 b/systemd/myopenvpn.service.05jul2016 deleted file mode 100644 index 3e6bea5..0000000 --- a/systemd/myopenvpn.service.05jul2016 +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=My OpenVPN Service -After=network-online.target - -[Service] -PrivateTmp=true -Type=forking -ExecStart=/opt/openvpn/bin/startup.sh -ExecStop=/opt/openvpn/bin/shutdown.sh -PIDFile=/var/run/openvpn/myopenvpn.pid - -[Install] -WantedBy=multi-user.target diff --git a/systemd/myopenvpn.service.31aug2016 b/systemd/myopenvpn.service.31aug2016 deleted file mode 100644 index 3e6bea5..0000000 --- a/systemd/myopenvpn.service.31aug2016 +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=My OpenVPN Service -After=network-online.target - -[Service] -PrivateTmp=true -Type=forking -ExecStart=/opt/openvpn/bin/startup.sh -ExecStop=/opt/openvpn/bin/shutdown.sh -PIDFile=/var/run/openvpn/myopenvpn.pid - -[Install] -WantedBy=multi-user.target