diff --git a/VM_APACHE.sh b/VM_APACHE.sh index 8f4b2ee..d5e7a51 100644 --- a/VM_APACHE.sh +++ b/VM_APACHE.sh @@ -3,13 +3,16 @@ # que contém o APACHE server. # Rede interna (enp0s8) +source VM_CONFIG.sh + # --- variaveis aqui pf joao fr fr fr aaaaa ---# helloworld="print" if_dentro="enp0s8" ip_dentro="10.60.0.2" # --- instalar packages --- -yum install -y epel-release +sudo yum install -y epel-release +sudo yum install -y openssl apache # --- interfaces --- ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 diff --git a/VM_CONFIG.sh b/VM_CONFIG.sh new file mode 100644 index 0000000..5eec1bd --- /dev/null +++ b/VM_CONFIG.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +# NOTA(vasco): vamos ter q fazer isto mil vezes +sudo yum install -y epel-release +sudo yum install -y openvpn iptables-services +sudo systemctl stop firewalld +sudo systemctl disable firewalld +sudo systemctl mask firewalld +sudo systemctl enable iptables +sudo iptables -F + +CA_DIR="/etc/pki/CA" +sudo mkdir -p "${CA_DIR}/newcerts" +sudo touch "${CA_DIR}/serial" +sudo cp ca.crt $CA_DIR + +sudo mkdir -p /etc/openvpn/server +sudo mkdir -p /etc/openvpn/client diff --git a/VM_OPENSSL.sh b/VM_OPENSSL.sh index 6b700ef..f80b7d8 100644 --- a/VM_OPENSSL.sh +++ b/VM_OPENSSL.sh @@ -3,17 +3,9 @@ # que contém o OPENSSL server. # Rede interna (enp0s8) -# --- variaveis aqui pf joao fr fr fr aaaaa ---# -helloworld="print" +source VM_CONFIG.sh + if_dentro="enp0s8" ip_dentro="10.60.0.1" - -# --- instalar packages --- -yum install -y openssl - -# --- interfaces --- -ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 - -# le openslll - +sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 cp openssl.cnf /etc/pki/tls/ diff --git a/VM_ROAD_WARRIOR.sh b/VM_ROAD_WARRIOR.sh index e382fed..097ff8b 100644 --- a/VM_ROAD_WARRIOR.sh +++ b/VM_ROAD_WARRIOR.sh @@ -4,27 +4,18 @@ # Via a rede externa 193.136.212.0/24 # Rede externa (enp0s8) -# --- variaveis aqui pf joao fr fr fr aaaaa ---# -helloworld="print" - -# --- instalar packages --- # -yum install -y epel-release openvpn +source VM_CONFIG.sh # --- interfaces --- # ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0 route add default gw 193.136.212.1 # default gateway LIKE A SHEEP -# --- copiar certificados da CA --- # -ca_dir="/etc/pki/CA" -sudo mkdir -p $ca_dir -sudo touch "${ca_dir}/serial" -sudo cp ca.crt $ca_dir - -# Criar vpn certificate -sudo cp user.key $ca_dir +# certificado +[[ -e "user.key" ]] && echo "user.key ja criado" || sudo openssl genrsa -out user.key [[ -e "user.csr" ]] && echo "user.csr ja criado" || sudo openssl req -new -key user.key -out user.csr [[ -e "user.crt" ]] && echo "user.crt ja criado" || sudo openssl ca -in user.csr -cert ca.crt -keyfile ca.key -out user.crt +sudo cp ca.crt /etc/openuser/client/ sudo cp user.csr /etc/openuser/client/ sudo cp user.crt /etc/openuser/client/ sudo cp client.conf /etc/openvpn/client/ diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh index b272e5e..b1f2615 100644 --- a/VM_VPN_GATEWAY.sh +++ b/VM_VPN_GATEWAY.sh @@ -10,6 +10,8 @@ # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8) # E a rede interna como a segunda interface (enp0s9). +source VM_CONFIG.sh + # --- variaveis aqui pf joao fr fr fr aaaaa --- # helloworld="print" if_fora="enp0s8" @@ -23,17 +25,6 @@ ip_mega_tunel="10.8.0.1/24" sudo ifconfig $if_fora $ip_fora netmask 255.255.255.0 sudo ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 -# --- instalar packages --- # -sudo yum install -y epel-release openvpn iptables-services - - -# --- desativar firewalld --- # -sudo systemctl stop firewalld -sudo systemctl disable firewalld -sudo systemctl mask firewalld -sudo systemctl enable iptables -sudo iptables -F - # --- ip forwarding --- # sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf @@ -45,32 +36,19 @@ sudo iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) sudo iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D sudo iptables-save > /etc/sysconfig/iptables # :3 - -# NOTA(vasco): temos que copiar isto tudo para as pastas correctas -# e configurar também, -# deviamos meter os comandos utlizados no relatorio -# os ficheiros ja estao criados - -# Copiar o Self-signed Certificate Authority -ca_dir="/etc/pki/CA" -sudo mkdir -p "${ca_dir}/newcerts" -sudo touch "${ca_dir}/serial" -sudo cp ca.crt $ca_dir - -# Criar vpn certificate -sudo cp vpn.key $ca_dir +# criar certs [[ -e "vpn.csr" ]] && echo "vpn.csr ja criado" || sudo openssl req -new -key vpn.key -out vpn.csr [[ -e "vpn.crt" ]] && echo "vpn.crt ja criado" || sudo openssl ca -in vpn.csr -cert ca.crt -keyfile ca.key -out vpn.crt [[ -e "dh2048.pem" ]] && echo "dh2048 ja foi criado" || openssl dhparam -out dh2048.pem 2048 -sudo cp vpn.conf /etc/openvpn/server/ -sudo cp vpn.csr /etc/openvpn/server/ -sudo cp vpn.crt /etc/openvpn/server/ -sudo cp dh2048.pem /etc/openvpn/server/ +vpn_dir="/etc/openvpn/server" +sudo cp vpn.key $vpn_dir +sudo cp vpn.conf $vpn_dir +sudo cp vpn.csr $vpn_dir +sudo cp vpn.crt $vpn_dir +sudo cp dh2048.pem $vpn_dir +sudo openvpn --config "$vpn_dir/vpn.conf" # NOTA(vasco): o ficheiro conf vai ser vpn.conf pq isso é o nome do serviço - -# NOTA(vasco): talvez deviamos correr diretamente via o comando -# em vez de via serviços -sudo cp vpn.conf /etc/openvpn/server/ -sudo systemctl enable --now openvpn-server@vpn.service +# o serviço nao funciona ???? +# sudo systemctl enable --now openvpn-server@vpn.service