Commit 5d8d65c3 authored by Matthew Smith's avatar Matthew Smith
Browse files

Fix bugs with server endpoint ip address creation

Improve make-static-ip while were at it
parent 292ae3e6
...@@ -2,11 +2,11 @@ ...@@ -2,11 +2,11 @@
# Useful vars # Useful vars
openvpn_config_dir="/etc/openvpn/" OPENVPNCONFIGDIR="/etc/openvpn/"
ccd_dir="$openvpn_config_dir/ccd/" CCDDIR="$OPENVPNCONFIGDIR/ccd/"
ccd_revoked_dir="$openvpn_config_dir/ccd_revoked/" CCDREVOKEDDIR="$OPENVPNCONFIGDIR/ccd_revoked/"
shorewall_vars="/etc/shorewall/openvpn.vars" SHOREWALLVARS="/etc/shorewall/openvpn.vars"
# ask_key_questions # ask_key_questions
...@@ -142,10 +142,26 @@ y" | \ ...@@ -142,10 +142,26 @@ y" | \
# get_current_certificates # get_current_certificates
# echo's out a list of currect vpn certificates # echo's out a list of currect vpn certificates
# #
function get_current_certificates { function get_current_certificates () {
echo "Index User <email address>" echo "Index User <email address>"
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}' }
function create_shorewall_vars () {
grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | sed "s/-//g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
}
function prompt_restart_shorewall () {
read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
if [ "$SHOREWALLYN" = "y" ] ; then
echo "OK proceeding"
shorewall restart
else
exit
fi
} }
...@@ -19,28 +19,28 @@ fi ...@@ -19,28 +19,28 @@ fi
cd /etc/openvpn/ cd /etc/openvpn/
if [ ! -d "$ccd_revoked_dir" ]; then if [ ! -d "$CCDREVOKEDDIR" ]; then
mkdir "$ccd_revoked_dir" mkdir "$CCDREVOKEDDIR"
fi fi
echo "Beginning ccd clean up..." echo "Beginning ccd clean up..."
for f in `ls "$ccd_dir"` ; do for f in `ls "$CCDDIR"` ; do
if grep -q "^R.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then if grep -q "^R.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then
echo "$f moved" echo "$f moved"
mv "$ccd_dir/$f" "$ccd_revoked_dir/" mv "$CCDDIR/$f" "$CCDREVOKEDDIR"
fi fi
done done
echo "You can find moved files in $ccd_revoked_dir" echo "You can find moved files in $CCDREVOKEDDIR"
echo "" echo ""
wtf=false wtf=false
echo "Checking for ccd's without a valid key..." echo "Checking for ccd's without a valid key..."
for f in `ls "$ccd_dir"` ; do for f in `ls "$CCDDIR"` ; do
if ! grep -q "^V.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then if ! grep -q "^V.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then
wtf=true wtf=true
...@@ -53,6 +53,10 @@ if [ "$wtf" = true ] ; then ...@@ -53,6 +53,10 @@ if [ "$wtf" = true ] ; then
echo "..wtfomgbbq!?! Son you've got a serious problem, the ccd file(s) above don't have a valid key nor are they revoked. Get it sorted will ya." echo "..wtfomgbbq!?! Son you've got a serious problem, the ccd file(s) above don't have a valid key nor are they revoked. Get it sorted will ya."
else else
echo "...all good" echo "...all good"
create_shorewall_vars
prompt_restart_shorewall
fi fi
......
...@@ -8,10 +8,9 @@ ...@@ -8,10 +8,9 @@
#setting the COMMONNAME to $1 #setting the COMMONNAME to $1
COMMONNAME=$1 COMMONNAME=$1
. /usr/share/openvpn-server/functions.sh
. /etc/openvpn-server/config.sh . /etc/openvpn-server/config.sh
CCDDIR=/etc/openvpn/ccd/
SHOREWALLVARS=/etc/shorewall/openvpn.vars
IPPREFIX=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf |grep 'server '|cut -f2 -d' '|cut -f1,2,3 -d.`. IPPREFIX=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf |grep 'server '|cut -f2 -d' '|cut -f1,2,3 -d.`.
IP=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f2 -d' '` IP=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f2 -d' '`
...@@ -32,15 +31,6 @@ echo FIREWALLED=yes >> /etc/openvpn-server/config.sh ...@@ -32,15 +31,6 @@ echo FIREWALLED=yes >> /etc/openvpn-server/config.sh
;; ;;
esac esac
function prompt_restart_shorewall () {
read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
if [ "$SHOREWALLYN" = "y" ] ; then
echo "OK proceeding"
shorewall restart
else
exit
fi
}
function get_new_ip() { function get_new_ip() {
local newip="" local newip=""
...@@ -59,6 +49,13 @@ function get_new_ip() { ...@@ -59,6 +49,13 @@ function get_new_ip() {
} }
# Return the openvpn server endpoint for an IP
function get_server_endpoint_ip {
echo "$1" | awk -F"." '{$4++;print $1"."$2"."$3"."$4}'
}
#Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints. #Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints.
#They must be taken from successive /30 subnets in order to be compatible with Windows clients #They must be taken from successive /30 subnets in order to be compatible with Windows clients
#and the TAP-Win32 driver. #and the TAP-Win32 driver.
...@@ -85,17 +82,22 @@ if [ -x $ip ] ; then ...@@ -85,17 +82,22 @@ if [ -x $ip ] ; then
echo "we appear to have run out of ip's, fix it" echo "we appear to have run out of ip's, fix it"
echo "then run \$ $0 $COMMONNAME" echo "then run \$ $0 $COMMONNAME"
else else
IFS='.' read -ra ipnums <<< $ip endpointip=$(get_server_endpoint_ip $ip)
(( ipnums[3]++ ))
newgw=$(echo ${ipnums[*]} | sed "s/ /\./g")
echo "your new ip will be $ip" echo "your new ip will be $ip"
echo "your new gateway will be $newgw" echo "your new gateway will be $endpointip"
echo "writing new ccd for you"
echo ifconfig-push $ip $newgw > $CCDDIR$COMMONNAME
if [ $COMMONNAME == "" ] ; then
echo "writing new ccd $COMMONNAME"
echo ifconfig-push $ip $endpointip > $CCDDIR$COMMONNAME
echo "writing new shorewall vars" echo "writing new shorewall vars"
grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS create_shorewall_vars
prompt_restart_shorewall prompt_restart_shorewall
else
echo "no command name supplied so nothing will be written out"
echo "to write the results run \$ $0 <COMMONNAME>"
fi
fi fi
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment