From 81f1459b595d54498a33273a494840312c1b003a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= <becue@crans.org>
Date: Sun, 24 Aug 2014 18:29:13 +0200
Subject: [PATCH] [vpn] Tunnel entre soyouz et odlyd

---
 .../openvpn/allowed_clients/allowed_clients   |  4 +--
 .../openvpn/arp_proxy_soyouz/arp_proxy_soyouz |  4 +++
 Cfg/etc/openvpn/arp_proxy_soyouz/info.xml     |  3 ++
 .../arp_unproxy_soyouz/arp_unproxy_soyouz     |  4 +++
 Cfg/etc/openvpn/arp_unproxy_soyouz/info.xml   |  3 ++
 Cfg/etc/openvpn/ovh.conf/ovh.conf             | 30 -------------------
 Cfg/etc/openvpn/ovh.connect/info.xml          |  3 --
 Cfg/etc/openvpn/ovh.connect/ovh.connect       | 30 -------------------
 Cfg/etc/openvpn/ovh.disconnect/info.xml       |  3 --
 Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect | 13 --------
 Cfg/etc/openvpn/soyouz.conf/info.xml          |  3 ++
 Cfg/etc/openvpn/soyouz.conf/soyouz.conf       | 20 +++++++++++++
 Python/etc/openvpn/{komaz.conf => odlyd.conf} |  4 +--
 13 files changed, 41 insertions(+), 83 deletions(-)
 create mode 100644 Cfg/etc/openvpn/arp_proxy_soyouz/arp_proxy_soyouz
 create mode 100644 Cfg/etc/openvpn/arp_proxy_soyouz/info.xml
 create mode 100644 Cfg/etc/openvpn/arp_unproxy_soyouz/arp_unproxy_soyouz
 create mode 100644 Cfg/etc/openvpn/arp_unproxy_soyouz/info.xml
 delete mode 100644 Cfg/etc/openvpn/ovh.conf/ovh.conf
 delete mode 100644 Cfg/etc/openvpn/ovh.connect/info.xml
 delete mode 100755 Cfg/etc/openvpn/ovh.connect/ovh.connect
 delete mode 100644 Cfg/etc/openvpn/ovh.disconnect/info.xml
 delete mode 100755 Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect
 create mode 100644 Cfg/etc/openvpn/soyouz.conf/info.xml
 create mode 100644 Cfg/etc/openvpn/soyouz.conf/soyouz.conf
 rename Python/etc/openvpn/{komaz.conf => odlyd.conf} (65%)

diff --git a/Cfg/etc/openvpn/allowed_clients/allowed_clients b/Cfg/etc/openvpn/allowed_clients/allowed_clients
index 10e8998..394611b 100644
--- a/Cfg/etc/openvpn/allowed_clients/allowed_clients
+++ b/Cfg/etc/openvpn/allowed_clients/allowed_clients
@@ -1,4 +1,4 @@
-ovh.vpn.crans.org
-soyoustart.vpn.crans.org
+oyoustart.vpn.crans.org
 komaz.vpn.crans.org
+odlyd.vpn.crans.org
 freebox.vpn.crans.org
diff --git a/Cfg/etc/openvpn/arp_proxy_soyouz/arp_proxy_soyouz b/Cfg/etc/openvpn/arp_proxy_soyouz/arp_proxy_soyouz
new file mode 100644
index 0000000..3591694
--- /dev/null
+++ b/Cfg/etc/openvpn/arp_proxy_soyouz/arp_proxy_soyouz
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+sysctl net.ipv4.conf.tun-soyouz.forwarding=1
+arp -i crans.2 -Ds 10.231.136.108 crans.2 pub
diff --git a/Cfg/etc/openvpn/arp_proxy_soyouz/info.xml b/Cfg/etc/openvpn/arp_proxy_soyouz/info.xml
new file mode 100644
index 0000000..3f8267c
--- /dev/null
+++ b/Cfg/etc/openvpn/arp_proxy_soyouz/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0744'/>
+</FileInfo>
diff --git a/Cfg/etc/openvpn/arp_unproxy_soyouz/arp_unproxy_soyouz b/Cfg/etc/openvpn/arp_unproxy_soyouz/arp_unproxy_soyouz
new file mode 100644
index 0000000..56ed2ef
--- /dev/null
+++ b/Cfg/etc/openvpn/arp_unproxy_soyouz/arp_unproxy_soyouz
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+arp -i crans.2 -d 10.231.136.108 pub
+sysctl net.ipv4.conf.tun-soyouz.forwarding=0
diff --git a/Cfg/etc/openvpn/arp_unproxy_soyouz/info.xml b/Cfg/etc/openvpn/arp_unproxy_soyouz/info.xml
new file mode 100644
index 0000000..3f8267c
--- /dev/null
+++ b/Cfg/etc/openvpn/arp_unproxy_soyouz/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0744'/>
+</FileInfo>
diff --git a/Cfg/etc/openvpn/ovh.conf/ovh.conf b/Cfg/etc/openvpn/ovh.conf/ovh.conf
deleted file mode 100644
index 09a353f..0000000
--- a/Cfg/etc/openvpn/ovh.conf/ovh.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration du vpn entre komaz/titanic et ovh
-
-daemon tun-ovh
-dev tun-ovh
-
-mode server
-tls-server
-ca /etc/ssl/certs/cacert.org.pem
-cert /etc/ssl/certs/vpn.pem
-tls-verify "/usr/scripts/utils/verify-cn /etc/openvpn/allowed_clients"
-key /etc/ssl/private/vpn.pem
-
-log-append /var/log/openvpn/ovh.log
-
-port 1194
-fragment 1400
-
-# Du cote crans, le vpn reste toujours actif
-keepalive 15 45
-persist-tun
-
-verb 3
-
-dh /etc/openvpn/dh1024.pem
-
-# Configuration du reseau lorsque ovh se connecte
-client-connect /etc/openvpn/ovh.connect
-client-disconnect /etc/openvpn/ovh.disconnect
diff --git a/Cfg/etc/openvpn/ovh.connect/info.xml b/Cfg/etc/openvpn/ovh.connect/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/ovh.connect/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/ovh.connect/ovh.connect b/Cfg/etc/openvpn/ovh.connect/ovh.connect
deleted file mode 100755
index 71df6c2..0000000
--- a/Cfg/etc/openvpn/ovh.connect/ovh.connect
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration lorsque ovh se connecte via se point du reseau (komaz
-# ou titanic)
-case $common_name in
-    ovh.vpn.crans.org)
-        echo "ovh connected"
-        ovh_ip=10.231.136.8
-    ;;
-    soyoustart.vpn.crans.org)
-        echo "soyoustart connected"
-        ovh_ip=10.231.136.108
-    ;;
-    *)
-    ;;
-esac
-
-
-iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
-my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
-
-ip addr add $my_ip peer $ovh_ip/32 dev tun-ovh
-ip link set up dev tun-ovh
-ip neigh add proxy $ovh_ip dev $iface
-
-cat > $1 <<EOF
-ifconfig-push $ovh_ip 255.255.255.0
-EOF
diff --git a/Cfg/etc/openvpn/ovh.disconnect/info.xml b/Cfg/etc/openvpn/ovh.disconnect/info.xml
deleted file mode 100644
index a0b21f3..0000000
--- a/Cfg/etc/openvpn/ovh.disconnect/info.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0755'/>
-</FileInfo>
diff --git a/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect b/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect
deleted file mode 100755
index f4dbdb8..0000000
--- a/Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-#
-# Fichier gere par BCfg2 avec le plugin Cfg
-#
-# Configuration lorsque la connexion avec ovh est perdue
-
-echo "$common_name disconnected"
-
-iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
-ovh_ip=$ifconfig_pool_remote_ip
-
-ip neigh del proxy $ovh_ip dev $iface
-ip link set down dev tun-ovh
diff --git a/Cfg/etc/openvpn/soyouz.conf/info.xml b/Cfg/etc/openvpn/soyouz.conf/info.xml
new file mode 100644
index 0000000..28fd470
--- /dev/null
+++ b/Cfg/etc/openvpn/soyouz.conf/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0644'/>
+</FileInfo>
diff --git a/Cfg/etc/openvpn/soyouz.conf/soyouz.conf b/Cfg/etc/openvpn/soyouz.conf/soyouz.conf
new file mode 100644
index 0000000..b92b974
--- /dev/null
+++ b/Cfg/etc/openvpn/soyouz.conf/soyouz.conf
@@ -0,0 +1,20 @@
+proto udp
+
+dev tun-soyouz
+ca /etc/ssl/certs/cacert.org.pem
+cert /etc/ssl/certs/vpn.pem
+key /etc/ssl/private/vpn.pem
+
+dh /etc/openvpn/dh1024.pem
+persist-tun
+keepalive 15 45
+ifconfig 10.231.136.4 10.231.136.108
+
+port 1194
+fragment 1400
+tls-server
+tls-verify "/usr/scripts/utils/verify-cn /etc/openvpn/allowed_clients"
+
+log-append /var/log/openvpn/soyouz.log
+up ./arp_proxy_soyouz
+down ./arp_unproxy_soyouz
diff --git a/Python/etc/openvpn/komaz.conf b/Python/etc/openvpn/odlyd.conf
similarity index 65%
rename from Python/etc/openvpn/komaz.conf
rename to Python/etc/openvpn/odlyd.conf
index 8b7605b..fad933f 100644
--- a/Python/etc/openvpn/komaz.conf
+++ b/Python/etc/openvpn/odlyd.conf
@@ -1,5 +1,5 @@
 # -*- coding: utf-8; mode: python -*-
 
-remote="komaz"
-remote_vpn="komaz"
+remote="odlyd"
+remote_vpn="odlyd"
 dump("template/openvpn")