grupo totp

VM_VPN_GATEWAY.sh

@@ -8,7 +8,6 @@
 source VM_CONFIG.sh
 yum install -y google-authenticator qrencode ntpsec
 
-
 # --- forwarding --- #
 if_fora="enp0s8"
 ip_fora="193.136.212.1"
@@ -23,13 +22,13 @@ ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
 echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
 sysctl -p /etc/sysctl.conf
 
-iptables -I INPUT 1  -p udp --dport 1194 -j ACCEPT # :O
-iptables -I FORWARD 1 -i $mega_tunel -o $if_dentro -j ACCEPT # :P
-iptables -I FORWARD 1 -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
-iptables -I FORWARD 1 -i $mega_tunel -o $if_fora -j ACCEPT # faltava isto ?
-iptables -I FORWARD 1 -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT # faltava isto ?
-iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
-iptables-save > /etc/sysconfig/iptables # :3
+iptables -I INPUT 1  -p udp --dport 1194 -j ACCEPT
+iptables -I FORWARD 1 -i $mega_tunel -o $if_dentro -j ACCEPT
+iptables -I FORWARD 1 -i $if_dentro -o $mega_tunel -j ACCEPT
+iptables -I FORWARD 1 -i $mega_tunel -o $if_fora -j ACCEPT
+iptables -I FORWARD 1 -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE
+iptables-save > /etc/sysconfig/iptables
 
 # --- vpn server --- #
 vpn_dir="/etc/openvpn/server"
@@ -42,3 +41,12 @@ cp conf/vpn.conf $vpn_dir
 cp conf/ocsp-verify.sh $vpn_dir
 cp conf/totp /etc/pam.d/
 systemctl enable --now openvpn-server@vpn.service
+
+# --- utilizador --- #
+id -u john &>/dev/null || useradd john
+echo "password" | passwd --stdin john
+groupadd -f totp
+usermod -aG totp john
+usermod -aG totp openvpn
+sudo chown john:totp /home/john/.google_authenticator
+sudo chmod 660 /home/john/.google_authenticator