Ajout de soyoustart et modification de la conf d'openvpn pour qu'il s'y connecte

Bundler/openvpn.xml

@@ -11,4 +11,5 @@
     <Path name="/etc/openvpn/ovh.connect"/>
     <Path name="/etc/openvpn/ovh.disconnect"/>
   </Group>
+  <Path name="/etc/openvpn/allowed_clients"/>
 </Bundle>

Cfg/etc/openvpn/allowed_clients/allowed_clients

@@ -0,0 +1,4 @@
+ovh.vpn.crans.org
+soyoustart.vpn.crans.org
+komaz.vpn.crans.org
+freebox.vpn.crans.org

Cfg/etc/openvpn/ovh.conf/ovh.conf

@@ -9,7 +9,7 @@ mode server
 tls-server
 ca /etc/ssl/certs/cacert.org.pem
 cert /etc/ssl/certs/vpn.pem
-tls-verify "/usr/scripts/utils/verify-cn ovh.vpn.crans.org"
+tls-verify "/usr/scripts/utils/verify-cn /etc/openvpn/allowed_clients"
 key /etc/ssl/private/vpn.pem
 
 log-append /var/log/openvpn/ovh.log

Cfg/etc/openvpn/ovh.connect/ovh.connect

@@ -4,12 +4,22 @@
 #
 # Configuration lorsque ovh se connecte via se point du reseau (komaz
 # ou titanic)
+case $common_name in
+    ovh.vpn.crans.org)
+        echo "ovh connected"
+        ovh_ip=10.231.136.8
+    ;;
+    soyoustart.vpn.crans.org)
+        echo "soyoustart connected"
+        ovh_ip=10.231.136.108
+    ;;
+    *)
+    ;;
+esac
 
-echo "ovh connected"
 
 iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
 my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
-ovh_ip=10.231.136.8
 
 ip addr add $my_ip peer $ovh_ip/32 dev tun-ovh
 ip link set up dev tun-ovh

Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect

@@ -4,10 +4,10 @@
 #
 # Configuration lorsque la connexion avec ovh est perdue
 
-echo "ovh disconnected"
+echo "$common_name disconnected"
 
 iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
-ovh_ip=10.231.136.8
+ovh_ip=$ifconfig_pool_remote_ip
 
 ip neigh del proxy $ovh_ip dev $iface
 ip link set down dev tun-ovh

Metadata/clients.xml

@@ -8,6 +8,7 @@
   <Client name="vert.adm.crans.org" profile="vert" pingable="Y" pingtime="1342471851.09"/>
   <Client name="babar.adm.crans.org" profile="babar" pingable="Y" pingtime="1342471851.09"/>
   <Client name="ovh.adm.crans.org" profile="ovh" pingable="Y" pingtime="1342471851.22"/>
+  <Client name="soyoustart.adm.crans.org" profile="soyoustart" pingable="Y" pingtime="1342471851.22"/>
   <Client name="vo.adm.crans.org" profile="vo" pingable="Y" pingtime="1342471851.08"/>
   <Client name="gordon.adm.crans.org" profile="gordon" pingable="Y" pingtime="1342471851.08"/>
   <Client name="malloc.adm.crans.org" profile="malloc" pingable="Y" pingtime="1342471851.07"/>

Metadata/groups.xml

@@ -211,6 +211,17 @@
     <Group name="sqlgrey-localdb"/>
   </Group>
 
+  <Group name="soyoustart"
+     profile="true">
+    <Group name="crans-wheezy"/>
+    <Group name="db-replicat"/>
+    <Group name="mail-mx-secondary"/>
+    <Group name="dns-secondary-no-forward"/>
+    <Group name="external"/>
+    <Group name="pgsql-server"/>
+    <Group name="sqlgrey-localdb"/>
+  </Group>
+
   <Group name="fy"
      profile="true">
     <Group name="crans-dom0-wheezy"/>

Python/etc/apt/sources.list

@@ -21,7 +21,7 @@ components = "main"
 if has("non-free"):
     components = "main contrib non-free"
     
-if has("ovh"):
+if has("ovh") or has("soyoustart"):
     @# Dépôt classique
     source("ftp://mir1.ovh.net/debian/ %s %s" % (distro, components))
     @# Dépôt de mises à jour fréquentes (volatile)

etc/python/template/openvpn.py

@@ -11,7 +11,7 @@ dev tun-%(remote_name)s
 tls-client
 ca /etc/ssl/certs/cacert.org.pem
 cert /etc/ssl/certs/vpn.pem
-tls-verify "/usr/scripts/utils/verify-cn %(remote_name)s.vpn.crans.org"
+tls-verify "/usr/scripts/utils/verify-cn /etc/openvpn/allowed_clients"
 key /etc/ssl/private/vpn.pem
 
 log-append /var/log/openvpn/%(remote_name)s.log
@@ -31,6 +31,6 @@ dh /etc/openvpn/dh1024.pem
 
 remote %(remote_pub_ip)s
 """ % { "remote_name": remote,
-        "local_vpn_ip": admipof("ovh"),
+        "local_vpn_ip": admip(),
         "remote_vpn_ip": admipof(remote_vpn),
         "remote_pub_ip": pubipof(remote) }