diff --git a/labs/sec/ex-5_iptables.adoc b/labs/sec/ex-5_iptables.adoc
index c37bdd5..2afcae7 100644
--- a/labs/sec/ex-5_iptables.adoc
+++ b/labs/sec/ex-5_iptables.adoc
@@ -57,53 +57,48 @@ https://en.wikipedia.org/wiki/OpenVPN[More: wikipedia]
[source,bash]
----
#!/bin/bash
-IP=192.168.89.5 # Server IP
+IP=127.0.0.1 # Server IP
P=1194 # Server Port
OVPN_SERVER='10.80.0.0/16' # VPN Network
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
+
+#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
+vpn_data=$PWD/openvpn-services/
+if [ ! -d $vpn_data ]; then
+ mkdir -p $vpn_data
+fi
+
NAME=swarmlab-vpn-services # name of docker service
DOCKERnetwork=swarmlab-vpn-services-network # docker network
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image
-docker stop $NAME #stop container
-sleep 3
+docker stop $NAME #stop container
+sleep 1
docker container rm $NAME #rm container
-# rm config files
-sudo rm -f $vpn_data/openvpn.conf.*.bak
-sudo rm -f $vpn_data/openvpn.conf
-sudo rm -f $vpn_data/ovpn_env.sh.*.bak
-sudo rm -f $vpn_data/ovpn_env.sh
+# rm config files
+rm -f $vpn_data/openvpn.conf.*.bak
+rm -f $vpn_data/openvpn.conf
+rm -f $vpn_data/ovpn_env.sh.*.bak
+rm -f $vpn_data/ovpn_env.sh
# create network
-sleep 2
+sleep 1
docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork
-read -d '' MULTILINE_EXTRA_SERVER_CONF << EOF
-duplicate-cn
-max-clients 35000
-topology subnet
-EOF
-
-#run container
-sleep 3
-docker run --net=none -it -v $vpn_data:/etc/openvpn --rm $docker ovpn_genconfig -u udp://$IP:1194 \
+#run container see ovpn_genconfig
+docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
-
-# create pki
-sleep 3
-echo "new pki is disabled"
+# create pki see ovpn_initpki
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki
-#sleep 3
+# see ovpn_copy_server_files
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files
-#create vpn
-sleep 3
+#create vpn see --cap-add=NET_ADMIN
+sleep 1
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
-sleep 5
sudo sysctl -w net.ipv4.ip_forward=1
#show created
@@ -113,122 +108,58 @@ docker ps
== Create user
-.config
+.create-user.sh
[source,bash]
----
-#!/bin/bash
-IP=83.212.114.14
-P=5194
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
-NAME=swarmlab-vpn-services
-DOCKERnetwork=swarmlab-vpn-services-network
-docker=registry.vlabs.uniwa.gr:5080/myownvpn
-PATHNAME=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
-vpn_data_user_config=$PATHNAME
-
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
-vpn_data_user_config=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
-NAME=swarmlab-vpn-services
-
-MANAGER=/var/lib/swarmlab/openvpn/etc/managers
-WORKER=/var/lib/swarmlab/openvpn/etc/workers
-MANAGERkeys=/var/lib/swarmlab/openvpn/etc/managers_keys
+USERNAME=test1
+vpn_data=$PWD/openvpn-services/
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass
+docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn
----
-
-
-.create-user.sh
[source,bash]
+.add to $USERNAME.ovpn file
----
-#!/bin/bash
-
-. ./config
-
-sudo mkdir -p $vpn_data
-sudo mkdir -p $vpn_data_user_config
-sudo mkdir -p $MANAGERkeys
-
-docker=registry.vlabs.uniwa.gr:5080/myownvpn
-echo $vpnip
-echo $#
-
-docker=registry.vlabs.uniwa.gr:5080/myownvpn
-echo $vpnip
-echo $#
-
-if [ $# -eq 1 ]; then
- CLIENTNAME=$1
- U=$CLIENTNAME
- mkdir users
- docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $CLIENTNAME nopass
- sleep 3
- docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $CLIENTNAME > users/$CLIENTNAME.ovpn
-
- file="users/$CLIENTNAME.ovpn"
-
- ps='remote '
- pi="remote $IP $P udp"
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "5a $pi" $file
-
- ps='comp-lzo'
- pi='comp-lzo no'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "6a $pi" $file
-
- ps='resolv-retry'
- pi='resolv-retry infinite'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "7a $pi" $file
- ps='persist-key'
- pi='persist-key'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "8a $pi" $file
-
- ps='persist-tun'
- pi='persist-tun'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "9a $pi" $file
-
- ps='keepalive'
- pi='keepalive 15 60'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "10a $pi" $file
-
-
-
-else
- echo "no clientname"
-fi
+client
+nobind
+dev tun
+comp-lzo
+resolv-retry infinite
+keepalive 15 60
+
+remote-cert-tls server
+remote 192.168.1.5 1194 udp
----
-
== rm vpn user
.rm-user.sh
[source,bash]
----
#!/bin/bash
-. ./config
-CLIENTNAME=$1
+CLIENTNAME=test1
U=$CLIENTNAME
-if [ $# -eq 1 ]; then
- sudo rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
- sudo rm -f $vpn_data/pki/private/$CLIENTNAME.key
- sudo rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
- sudo rm -f $vpn_data/server/ccd/$CLIENTNAME
- sudo rm -f $vpn_data/ccd/$CLIENTNAME
- pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
- #/var/lab/gswarm/vpn-data/pki/certs_by_serial/BACA61827E65D0E5F695245519410952.pem
- sudo rm -f $vpn_data/pki/certs_by_serial/$pem.pem
- sudo sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
- echo $pem
- docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
-
-
- sudo rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
- sudo rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
-else
- echo "no client"
-fi
+vpn_data=$PWD/openvpn-services/
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+
+rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
+rm -f $vpn_data/pki/private/$CLIENTNAME.key
+rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
+rm -f $vpn_data/server/ccd/$CLIENTNAME
+rm -f $vpn_data/ccd/$CLIENTNAME
+pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
+
+rm -f $vpn_data/pki/certs_by_serial/$pem.pem
+sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
+echo $pem
+docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
+rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
+rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
----
== show all vpn users
@@ -236,8 +167,7 @@ fi
.show-user.sh
[source,bash]
----
-. ./config
-
+NAME=swarmlab-vpn-services # name of docker service
docker exec -it $NAME ovpn_listclients
----
@@ -246,8 +176,7 @@ docker exec -it $NAME ovpn_listclients
.show-conn-user.sh
[source,bash]
----
-. ./config
-
+NAME=swarmlab-vpn-services # name of docker service
docker exec -it $NAME cat /tmp/openvpn-status.log
----
diff --git a/labs/sec/ex-5_iptables.adoc.html b/labs/sec/ex-5_iptables.adoc.html
index 135d7e5..0a0f14a 100644
--- a/labs/sec/ex-5_iptables.adoc.html
+++ b/labs/sec/ex-5_iptables.adoc.html
@@ -531,53 +531,48 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
#!/bin/bash
-IP=192.168.89.5 # Server IP
+IP=127.0.0.1 # Server IP
P=1194 # Server Port
OVPN_SERVER='10.80.0.0/16' # VPN Network
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
+
+#vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/ # Dir to save data ** this must exist **
+vpn_data=$PWD/openvpn-services/
+if [ ! -d $vpn_data ]; then
+ mkdir -p $vpn_data
+fi
+
NAME=swarmlab-vpn-services # name of docker service
DOCKERnetwork=swarmlab-vpn-services-network # docker network
docker=registry.vlabs.uniwa.gr:5080/myownvpn # docker image
-docker stop $NAME #stop container
-sleep 3
+docker stop $NAME #stop container
+sleep 1
docker container rm $NAME #rm container
# rm config files
-sudo rm -f $vpn_data/openvpn.conf.*.bak
-sudo rm -f $vpn_data/openvpn.conf
-sudo rm -f $vpn_data/ovpn_env.sh.*.bak
-sudo rm -f $vpn_data/ovpn_env.sh
+rm -f $vpn_data/openvpn.conf.*.bak
+rm -f $vpn_data/openvpn.conf
+rm -f $vpn_data/ovpn_env.sh.*.bak
+rm -f $vpn_data/ovpn_env.sh
# create network
-sleep 2
+sleep 1
docker network create --attachable=true --driver=bridge --subnet=172.50.0.0/16 --gateway=172.50.0.1 $DOCKERnetwork
-read -d '' MULTILINE_EXTRA_SERVER_CONF << EOF
-duplicate-cn
-max-clients 35000
-topology subnet
-EOF
-
-#run container
-sleep 3
-docker run --net=none -it -v $vpn_data:/etc/openvpn --rm $docker ovpn_genconfig -u udp://$IP:1194 \
+#run container see ovpn_genconfig
+docker run --net=none -it -v $vpn_data:/etc/openvpn -p 1194:1194 --rm $docker ovpn_genconfig -u udp://$IP:1194 \
-N -d -c -p "route 172.50.20.0 255.255.255.0" -e "topology subnet" -s $OVPN_SERVER
-
-# create pki
-sleep 3
-echo "new pki is disabled"
+# create pki see ovpn_initpki
docker run --net=none -v $vpn_data:/etc/openvpn --rm -it $docker ovpn_initpki
-#sleep 3
+# see ovpn_copy_server_files
#docker run --net=none -v $vpn_data:/etc/openvpn --rm $docker ovpn_copy_server_files
-#create vpn
-sleep 3
+#create vpn see --cap-add=NET_ADMIN
+sleep 1
docker run --detach --name $NAME -v $vpn_data:/etc/openvpn --net=$DOCKERnetwork --ip=172.50.0.2 -p $P:1194/udp --cap-add=NET_ADMIN $docker
-sleep 5
sudo sysctl -w net.ipv4.ip_forward=1
#show created
@@ -590,84 +585,28 @@ docker ps
4. Create user
-
config
+
create-user.sh
-
#!/bin/bash
-IP=83.212.114.14
-P=5194
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
-NAME=swarmlab-vpn-services
-DOCKERnetwork=swarmlab-vpn-services-network
+USERNAME=test1
+vpn_data=$PWD/openvpn-services/
docker=registry.vlabs.uniwa.gr:5080/myownvpn
-PATHNAME=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
-vpn_data_user_config=$PATHNAME
-
-vpn_data=/var/lib/swarmlab/openvpn/openvpn-services/
-vpn_data_user_config=/var/lib/swarmlab/openvpn/etc/vpn-data_user_config
-NAME=swarmlab-vpn-services
-MANAGER=/var/lib/swarmlab/openvpn/etc/managers
-WORKER=/var/lib/swarmlab/openvpn/etc/workers
-MANAGERkeys=/var/lib/swarmlab/openvpn/etc/managers_keys
+docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $USERNAME nopass
+docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $USERNAME > $USERNAME.ovpn
-
create-user.sh
+
add to $USERNAME.ovpn file
-
#!/bin/bash
-
-. ./config
-
-sudo mkdir -p $vpn_data
-sudo mkdir -p $vpn_data_user_config
-sudo mkdir -p $MANAGERkeys
-
-docker=registry.vlabs.uniwa.gr:5080/myownvpn
-echo $vpnip
-echo $#
-
-docker=registry.vlabs.uniwa.gr:5080/myownvpn
-echo $vpnip
-echo $#
-
-if [ $# -eq 1 ]; then
- CLIENTNAME=$1
- U=$CLIENTNAME
- mkdir users
- docker run -v $vpn_data:/etc/openvpn --rm -it $docker easyrsa build-client-full $CLIENTNAME nopass
- sleep 3
- docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm $docker ovpn_getclient $CLIENTNAME > users/$CLIENTNAME.ovpn
-
- file="users/$CLIENTNAME.ovpn"
-
- ps='remote '
- pi="remote $IP $P udp"
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "5a $pi" $file
-
- ps='comp-lzo'
- pi='comp-lzo no'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "6a $pi" $file
-
- ps='resolv-retry'
- pi='resolv-retry infinite'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "7a $pi" $file
- ps='persist-key'
- pi='persist-key'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "8a $pi" $file
-
- ps='persist-tun'
- pi='persist-tun'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "9a $pi" $file
+client
+nobind
+dev tun
+comp-lzo
+resolv-retry infinite
+keepalive 15 60
- ps='keepalive'
- pi='keepalive 15 60'
- grep -q "^$ps" $file && sed -i "s/^$ps.*/$pi/" $file || sed -i "10a $pi" $file
-
-
-
-else
- echo "no clientname"
-fi
+remote-cert-tls server
+remote 192.168.1.5 1194 udp
@@ -679,30 +618,27 @@ fi
rm-user.sh
#!/bin/bash
-. ./config
-CLIENTNAME=$1
+CLIENTNAME=test1
U=$CLIENTNAME
-if [ $# -eq 1 ]; then
- sudo rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
- sudo rm -f $vpn_data/pki/private/$CLIENTNAME.key
- sudo rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
- sudo rm -f $vpn_data/server/ccd/$CLIENTNAME
- sudo rm -f $vpn_data/ccd/$CLIENTNAME
- pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
- #/var/lab/gswarm/vpn-data/pki/certs_by_serial/BACA61827E65D0E5F695245519410952.pem
- sudo rm -f $vpn_data/pki/certs_by_serial/$pem.pem
- sudo sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
- echo $pem
- docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
+vpn_data=$PWD/openvpn-services/
+docker=registry.vlabs.uniwa.gr:5080/myownvpn
+rm -f $vpn_data/pki/reqs/$CLIENTNAME.req
+rm -f $vpn_data/pki/private/$CLIENTNAME.key
+rm -f $vpn_data/pki/issued/$CLIENTNAME.crt
+rm -f $vpn_data/server/ccd/$CLIENTNAME
+rm -f $vpn_data/ccd/$CLIENTNAME
+pem=$(sudo grep "CN=$U$" $vpn_data/pki/index.txt | cut -f4)
- sudo rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
- sudo rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
-else
- echo "no client"
-fi
+rm -f $vpn_data/pki/certs_by_serial/$pem.pem
+sed -i "/CN=$U$/d" $vpn_data/pki/index.txt
+echo $pem
+docker run -v $vpn_data:/etc/openvpn --log-driver=none --rm -it $docker ovpn_revokeclient $CLIENTNAME remove
+
+rm -f $vpn_data_user_config/$CLIENTNAME.ovpn
+rm -f $vpn_data_user_config1/$CLIENTNAME.ovpn
@@ -713,8 +649,7 @@ fi