Corrections

darcs-hash:20080304125252-af139-093af21107d9ff5907d32e380cc6c5511c311fb4.gz

Cfg/etc/openvpn/ovh.conf/ovh.conf

@@ -5,6 +5,7 @@
 daemon tun-ovh
 dev tun-ovh
 
+mode server
 tls-server
 ca /etc/ssl/certs/root.pem
 cert /etc/ssl/certs/vpn.pem
@@ -15,7 +16,7 @@ log-append /var/log/openvpn/ovh.log
 
 port 1194
 
-# Du côté crans, le vpn reste toujours actif
+# Du cote crans, le vpn reste toujours actif
 keepalive 15 45
 persist-tun
 
@@ -23,6 +24,6 @@ verb 3
 
 dh /etc/openvpn/dh1024.pem
 
-# Configuration du réseau lorsque ovh se connecte
+# Configuration du reseau lorsque ovh se connecte
 client-connect /etc/openvpn/ovh.connect
 client-disconnect /etc/openvpn/ovh.disconnect

Cfg/etc/openvpn/ovh.connect/ovh.connect

@@ -5,11 +5,16 @@
 # Configuration lorsque ovh se connecte via se point du reseau (komaz
 # ou titanic)
 
-iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
+echo "ovh connected"
+
+iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
 my_ip=$(ip addr show dev $iface|awk '$1 == "inet" {sub("/.*", "", $2); print $2}')
 ovh_ip=10.231.136.8
 
-ip addr add $my_ip peer $ovh_ip/32 dev $iface
-ip link set up dev $iface
+ip addr add $my_ip peer $ovh_ip/32 dev tun-ovh
+ip link set up dev tun-ovh
 ip neigh add proxy $ovh_ip dev $iface
 
+cat > $1 <<EOF
+ifconfig-push $ovh_ip 255.255.255.0
+EOF

Cfg/etc/openvpn/ovh.disconnect/ovh.disconnect

@@ -4,8 +4,10 @@
 #
 # Configuration lorsque la connexion avec ovh est perdue
 
-iface=$(route -n|awk '$1 == "10.231.136.0" {print $8}')
+echo "ovh disconnected"
+
+iface=$(/sbin/route -n|awk '$1 == "10.231.136.0" {print $8}')
 ovh_ip=10.231.136.8
 
 ip neigh del proxy $ovh_ip dev $iface
-ip link set down dev $iface
+ip link set down dev tun-ovh

Python/etc/openvpn/komaz.conf

@@ -1,4 +1,5 @@
 # -*- coding: utf-8; mode: python -*-
 
 remote="komaz"
+remote_vpn="komaz"
 dump("template/openvpn")

etc/python/template/openvpn.py

@@ -1,34 +1,35 @@
 # -*- coding: utf-8; mode: python -*-
 
-header("Configuration du tunnel entre %s et %s" %s (hostname, remote))
+include("ip")
+
+header("Configuration du tunnel entre %s et %s" % (hostname, remote))
 
 print """
-daemon tun-main
-dev tun-main
+daemon tun-%(remote_name)s
+dev tun-%(remote_name)s
 
-tls-server
+tls-client
 ca /etc/ssl/certs/root.pem
 cert /etc/ssl/certs/vpn.pem
 tls-verify "/usr/share/openvpn/verify-cn komaz.vpn.crans.org"
 key /etc/ssl/private/vpn.pem
 
-log-append /var/log/openvpn/%s.log
+log-append /var/log/openvpn/%(remote_name)s.log
 
 port 1194
 
-ifconfig %(local)s %(remote_vpn)s
+ifconfig %(local_vpn_ip)s %(remote_vpn_ip)s
 route 10.231.136.0 255.255.255.0 vpn_gateway
 
-ping-timer-rem
-keepalive 10 60
-persist-tun
+ping 15
+ping-exit 45
 
 verb 3
 
 dh /etc/openvpn/dh1024.pem
 
-remote %s
-""" % (remote,
-       admipof("ovh"),
-       admipof(remote_vpn or remote),
-       pubipof(remote))
+remote %(remote_pub_ip)s
+""" % { "remote_name": remote,
+        "local_vpn_ip": admipof("ovh"),
+        "remote_vpn_ip": admipof(remote_vpn),
+        "remote_pub_ip": pubipof(remote) }