+1 thanks.
On 22 October 2015 at 15:11, Patrick Uiterwijk <puiterw...@redhat.com> wrote:
> Can I get any +1s?
> This will guarantee that the routes will have been created when the OpenVPN
> link is up.
>
>
> commit e8f63323b4e236629f438a082422d61a37cc95af
> Author: Patrick Uiterwijk <puiterw...@redhat.com>
> Date: Thu Oct 22 21:06:38 2015 +0000
>
> Add script to OpenVPN for VPN route fixing
>
> This will make sure that always after a start/restart the
> VPN routes are created
>
> Signed-off-by: Patrick Uiterwijk <puiterw...@redhat.com>
>
> diff --git a/roles/openvpn/client/files/client.conf
> b/roles/openvpn/client/files/client.conf
> index abb5d03..704becb 100644
> --- a/roles/openvpn/client/files/client.conf
> +++ b/roles/openvpn/client/files/client.conf
> @@ -14,6 +14,9 @@ nobind
>
> persist-key
>
> +up /etc/openvpn/fix-routes.sh
> +up-restart
> +
> ca ca.crt
> cert client.crt
> key client.key
> diff --git a/roles/openvpn/client/files/fix-routes.sh
> b/roles/openvpn/client/files/fix-routes.sh
> new file mode 100644
> index 0000000..a08e519
> --- /dev/null
> +++ b/roles/openvpn/client/files/fix-routes.sh
> @@ -0,0 +1,12 @@
> +#!/bin/sh
> +# First check if this server is actually an OpenVPN client
> +if [ -f /etc/openvpn/client.crt ];
> +then
> + # Now the magic line
> + # This first checks whether there is a route, and if there isn't it
> will:
> + # 1. Get the local machine's VPN IP (up to and including awk)
> + # 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs
> on)
> + # 3. Print "Fixed VPN" and exit with code 2 to indicate that it
> changed
> + # Note: I've been told that the grep and awk can be in one command,
> and I believe that, but I find this clearer.
> + (ip route show | grep '192.168.0.0/16') || ((ip route show | grep
> '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) &&
> echo "Fixed VPN" && exit 2);
> +fi
> diff --git a/roles/openvpn/client/tasks/main.yml
> b/roles/openvpn/client/tasks/main.yml
> index 76817a2..67e44b1 100644
> --- a/roles/openvpn/client/tasks/main.yml
> +++ b/roles/openvpn/client/tasks/main.yml
> @@ -17,6 +17,9 @@
> - { file: client.conf,
> dest: /etc/openvpn/openvpn.conf,
> mode: '0644' }
> + - { file: fix-routes.sh,
> + dest: /etc/openvpn/fix-routes.sh,
> + mode: '0755' }
> - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname
> }}.crt",
> dest: "/etc/openvpn/client.crt",
> mode: '0600' }
>
>
>
> With kind regards,
> Patrick Uiterwijk
> Fedora Infra
> _______________________________________________
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
