hmm2

VM_APACHE.sh

@@ -3,13 +3,16 @@
 # que contém o APACHE server.
 # Rede interna (enp0s8)
 
+source VM_CONFIG.sh
+
 # --- variaveis aqui pf joao fr fr fr aaaaa ---#
 helloworld="print"
 if_dentro="enp0s8"
 ip_dentro="10.60.0.2"
 
 # --- instalar packages ---
-yum install -y epel-release
+sudo yum install -y epel-release
+sudo yum install -y openssl apache
 
 # --- interfaces ---
 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0

VM_CONFIG.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# NOTA(vasco): vamos ter q fazer isto mil vezes 
+sudo yum install -y epel-release
+sudo yum install -y openvpn iptables-services
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
+sudo iptables -F
+
+CA_DIR="/etc/pki/CA"
+sudo mkdir -p "${CA_DIR}/newcerts"
+sudo touch "${CA_DIR}/serial"
+sudo cp ca.crt $CA_DIR
+
+sudo mkdir -p /etc/openvpn/server
+sudo mkdir -p /etc/openvpn/client

VM_OPENSSL.sh

@@ -3,17 +3,9 @@
 # que contém o OPENSSL server.
 # Rede interna (enp0s8)
 
-# --- variaveis aqui pf joao fr fr fr aaaaa ---#
-helloworld="print"
+source VM_CONFIG.sh
+
 if_dentro="enp0s8"
 ip_dentro="10.60.0.1"
-
-# --- instalar packages ---
-yum install -y openssl
-
-# --- interfaces ---
-ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
-
-# le openslll
-
+sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
 cp openssl.cnf /etc/pki/tls/

VM_ROAD_WARRIOR.sh

@@ -4,27 +4,18 @@
 # Via a rede externa 193.136.212.0/24
 # Rede externa (enp0s8)
 
-# --- variaveis aqui pf joao fr fr fr aaaaa ---#
-helloworld="print"
-
-# --- instalar packages --- #
-yum install -y epel-release openvpn
+source VM_CONFIG.sh
 
 # --- interfaces --- #
 ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0
 route add default gw 193.136.212.1 # default gateway LIKE A SHEEP
 
-# --- copiar certificados da CA --- #
-ca_dir="/etc/pki/CA"
-sudo mkdir -p $ca_dir 
-sudo touch "${ca_dir}/serial"
-sudo cp ca.crt $ca_dir
- 
-# Criar vpn certificate
-sudo cp user.key $ca_dir
+# certificado 
+[[ -e "user.key" ]] && echo "user.key ja criado" || sudo openssl genrsa -out user.key
 [[ -e "user.csr" ]] && echo "user.csr ja criado" || sudo openssl req -new -key user.key -out user.csr
 [[ -e "user.crt" ]] && echo "user.crt ja criado" || sudo openssl ca -in user.csr -cert ca.crt -keyfile ca.key -out user.crt
 
+sudo cp ca.crt /etc/openuser/client/
 sudo cp user.csr /etc/openuser/client/
 sudo cp user.crt /etc/openuser/client/
 sudo cp client.conf /etc/openvpn/client/

VM_VPN_GATEWAY.sh

@@ -10,6 +10,8 @@
 # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8)
 # E a rede interna como a segunda interface (enp0s9).
 
+source VM_CONFIG.sh
+
 # --- variaveis aqui pf joao fr fr fr aaaaa --- #
 helloworld="print"
 if_fora="enp0s8"
@@ -23,17 +25,6 @@ ip_mega_tunel="10.8.0.1/24"
 sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0
 sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
 
-# --- instalar packages --- #
-sudo yum install -y epel-release openvpn iptables-services
-
-
-# --- desativar firewalld --- #
-sudo systemctl stop firewalld
-sudo systemctl disable firewalld
-sudo systemctl mask firewalld
-sudo systemctl enable iptables
-sudo iptables -F
-
 # --- ip forwarding --- #
 sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
 sudo sysctl -p /etc/sysctl.conf
@@ -45,32 +36,19 @@ sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
 sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
 sudo iptables-save > /etc/sysconfig/iptables # :3
 
-
-# NOTA(vasco): temos que copiar isto tudo para as pastas correctas
-# e configurar também,
-# deviamos meter os comandos utlizados no relatorio
-# os ficheiros ja estao criados
-
-# Copiar o Self-signed Certificate Authority
-ca_dir="/etc/pki/CA"
-sudo mkdir -p "${ca_dir}/newcerts"
-sudo touch "${ca_dir}/serial"
-sudo cp ca.crt $ca_dir
-
-# Criar vpn certificate
-sudo cp vpn.key $ca_dir
+# criar certs 
 [[ -e "vpn.csr" ]]      && echo "vpn.csr ja criado"     || sudo openssl req -new -key vpn.key -out vpn.csr
 [[ -e "vpn.crt" ]]      && echo "vpn.crt ja criado"     || sudo openssl ca -in vpn.csr -cert ca.crt -keyfile ca.key -out vpn.crt
 [[ -e "dh2048.pem" ]]   && echo "dh2048 ja  foi criado" || openssl dhparam -out dh2048.pem 2048
-sudo cp vpn.conf /etc/openvpn/server/
-sudo cp vpn.csr /etc/openvpn/server/
-sudo cp vpn.crt /etc/openvpn/server/
-sudo cp dh2048.pem /etc/openvpn/server/
 
+vpn_dir="/etc/openvpn/server"
+sudo cp vpn.key $vpn_dir
+sudo cp vpn.conf $vpn_dir
+sudo cp vpn.csr $vpn_dir
+sudo cp vpn.crt $vpn_dir
+sudo cp dh2048.pem $vpn_dir
+sudo openvpn --config "$vpn_dir/vpn.conf"
 
 # NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço
-
-# NOTA(vasco): talvez deviamos correr diretamente via o comando
-# em vez de via serviços
-sudo cp vpn.conf /etc/openvpn/server/
-sudo systemctl enable --now openvpn-server@vpn.service
+# o serviço nao funciona ????
+# sudo systemctl enable --now openvpn-server@vpn.service