Add script to OpenVPN for VPN route fixing

This will make sure that always after a start/restart the
VPN routes are created

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/openvpn/client/files/client.conf

@@ -14,6 +14,9 @@ nobind
 
 persist-key
 
+up /etc/openvpn/fix-routes.sh
+up-restart
+
 ca ca.crt
 cert client.crt
 key client.key

roles/openvpn/client/files/fix-routes.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+# First check if this server is actually an OpenVPN client
+if [ -f /etc/openvpn/client.crt ];
+then
+	# Now the magic line
+	# This first checks whether there is a route, and if there isn't it will:
+	# 1. Get the local machine's VPN IP (up to and including awk)
+	# 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs on)
+	# 3. Print "Fixed VPN" and exit with code 2 to indicate that it changed
+	# Note: I've been told that the grep and awk can be in one command, and I believe that, but I find this clearer.
+	(ip route show | grep '192.168.0.0/16') || ((ip route show | grep '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) && echo "Fixed VPN" && exit 2);
+fi

roles/openvpn/client/tasks/main.yml

@@ -17,6 +17,9 @@
   - { file: client.conf,
       dest: /etc/openvpn/openvpn.conf,
       mode: '0644' }
+  - { file: fix-routes.sh,
+      dest: /etc/openvpn/fix-routes.sh,
+      mode: '0755' }
   - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
       dest: "/etc/openvpn/client.crt",
       mode: '0600' }