diff --git a/seqs/openvpn.sh b/seqs/openvpn.sh new file mode 100755 index 0000000..390486e --- /dev/null +++ b/seqs/openvpn.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +toolName=openvpn +toolDeps=openvpn +toolDefaultConf="/etc/default/openvpn" +toolUserScriptsLoc="/usr/lib/openvpn" + +# Get script working directory +# (when called from a different directory) +WDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >>/dev/null 2>&1 && pwd)" +APTOPT= +CONFIG=0 +SCRIPT_FILE=$(basename -- $0) +SCRIPT_NAME=${SCRIPT_FILE%%.*} +CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg" +CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example" +CONFIG_DIR="$WDIR/$SCRIPT_NAME" + +step_config() { + #echo "Called once before executing steps." + ## e.g. to source a config file manually: + #. "$CONFIG_FILE" + ## or to use sequencer api with global config file: + #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE" + ## or to use sequencer api with profile config file support: + #initSeqConfig -p "$SCRIPT_NAME" "$CONFIG_FILE_TEMPLATE" + #if [ $? -eq 0 ] ; then + # CONFIG=1 + #else + # # End if no configuration file exists + # [ $DRY -eq 0 ] && return -1 + #fi + #[ $QUIET -ne 0 ] && APTOPT="-y" + return 0 +} + +step_1_info() { echo "Install $toolName"; } +step_1_alias() { ALIAS="install"; } +step_1() { + exe apt update + exe apt install $toolDeps $APTOPT +} + +step_2_info() { echo "Install customized helper scripts to $toolUserScriptsLoc"; } +step_2() { + exep "mkdir \"$toolUserScriptsLoc\" 2>>/dev/null" + [ $? -ne 0 ] && \ + echoseq " [W] $toolUserScriptsLoc already exists. Not overwriting existing files." + exe cp -n "$CONFIG_DIR"/* "$toolUserScriptsLoc" +} + +step_10_info() { echo "Open openvpn system start configuration"; } +step_10_alias() { ALIAS="default"; } +step_10() { + exe vi "$toolDefaultConf" +} + +VERSION_SEQREV=12 +. /usr/local/bin/sequencer.sh diff --git a/seqs/openvpn/down.sh b/seqs/openvpn/down.sh new file mode 100755 index 0000000..c821d05 --- /dev/null +++ b/seqs/openvpn/down.sh @@ -0,0 +1,5 @@ +#! /bin/bash +echo "Restoring original nameservers" +rm -f /etc/resolv.conf +cp -f /etc/resolv.conf.default /etc/resolv.conf +echo "Done restoring nameservers cheers" diff --git a/seqs/openvpn/my.conf b/seqs/openvpn/my.conf new file mode 100644 index 0000000..7159796 --- /dev/null +++ b/seqs/openvpn/my.conf @@ -0,0 +1,22 @@ +# Set output verbosity (3 recommended by openvpn) +# 0 -- No output except fatal errors. +# 1 to 4 -- Normal usage range. +# 5 -- Output R and W characters to the console for each packet read +# and write, uppercase is used for TCP/UDP packets and lowercase is +# used for TUN/TAP packets. +# 6 to 11 -- Debug info range (see errlevel.h for additional informtion +verb 1 + +# Always add custom nameserver +#dhcp-option DNS 208.67.222.222 +#dhcp-option DNS 84.200.69.80 + +# Mute common false alarm on WiFi networks +mute-replay-warnings + +# Allow openvpn to call user defined scripts +script-security 2 + +# Execute our custom up and down scripts +up /usr/lib/openvpn/vpn-up +down /usr/lib/openvpn/vpn-down diff --git a/seqs/openvpn/up.sh b/seqs/openvpn/up.sh new file mode 100755 index 0000000..2d5bf33 --- /dev/null +++ b/seqs/openvpn/up.sh @@ -0,0 +1,38 @@ +#! /bin/bash +DEV=$1 + +if [ ! -d /tmp/openvpn ]; then + mkdir /tmp/openvpn +fi +CACHE_NAMESERVER="/tmp/$DEV.nameserver" +echo -n "" > $CACHE_NAMESERVER + +TEMP_LOG="/tmp/openvpn_dns.log" +echo "DNS openvpn" > "$TEMP_LOG" +echo -e "${foreign_option_1}\n${foreign_option_2}\n$foreign_option_3" >> "$TEMP_LOG" + +rm -rf /tmp/resolv.conf +touch /tmp/resolv.conf +dns=dns +for opt in ${!foreign_option_*} +do + eval "echo \$$opt" >> "$TEMP_LOG" + eval "dns=\${$opt#dhcp-option DNS }" + if [[ $dns =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]; then + if [ ! -f /etc/resolv.conf.default ]; then + cp /etc/resolv.conf /etc/resolv.conf.default + fi + + # don't add "local" dns server + #cat /etc/resolv.conf | grep -v ^# | grep -v ^nameserver > /tmp/resolv.conf + + echo "nameserver $dns" >> /tmp/resolv.conf + echo $dns >> $CACHE_NAMESERVER + #cat /etc/resolv.conf | grep -v ^# | grep -v "nameserver $dns" | grep nameserver >> /tmp/resolv.conf + + fi +done + +if [ -e "/tmp/resolv.conf" ]; then + mv /tmp/resolv.conf /etc/resolv.conf +fi diff --git a/seqs/openvpn/vpn-down b/seqs/openvpn/vpn-down new file mode 100755 index 0000000..4551132 --- /dev/null +++ b/seqs/openvpn/vpn-down @@ -0,0 +1,13 @@ +#!/bin/bash + +# Manage nameserver with resolvconf +#/etc/openvpn/update-resolv-conf + +# Manage nameserver with /etc/resolv.conf only +#/usr/lib/openvpn/down.sh $@ + +# Delete route to internal network +#/usr/sbin/ip route del 10.5.0.0/24 via 192.168.0.20 dev eth0 + +# Stop services only active while vpn is connected +/usr/lib/openvpn/vpn-services stop diff --git a/seqs/openvpn/vpn-services b/seqs/openvpn/vpn-services new file mode 100755 index 0000000..30645a7 --- /dev/null +++ b/seqs/openvpn/vpn-services @@ -0,0 +1,15 @@ +#!/bin/bash + +# Default or unrecognized stops the listed services +serviceOp="stop" + +case $1 in + start|restart|stop) + serviceOp="$1";; + *) + >&2 echo "Unrecognized argument. Stopping services" + serviceOp="stop";; +esac + +#/usr/sbin/service danted $serviceOp +#/usr/sbin/service privoxy $serviceOp diff --git a/seqs/openvpn/vpn-up b/seqs/openvpn/vpn-up new file mode 100755 index 0000000..e98b0c7 --- /dev/null +++ b/seqs/openvpn/vpn-up @@ -0,0 +1,16 @@ +#!/bin/bash + +# Make sure firewall is active +#ufw --force enable + +# Manage nameserver with resolvconf +#/etc/openvpn/update-resolv-conf + +# Manage nameserver with /etc/resolv.conf only +#/usr/lib/openvpn/up.sh $@ + +# Add route to internal network +#/usr/sbin/ip route add 10.5.0.0/24 via 192.168.0.20 dev eth0 + +# Start services only active while vpn is connected +/usr/lib/openvpn/vpn-services start