From d5bdc6588774543f3352a974d5627db4430b5d47 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 22 Oct 2015 21:06:38 +0000
Subject: [PATCH] Add script to OpenVPN for VPN route fixing

This will make sure that always after a start/restart the
VPN routes are created

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/openvpn/client/files/client.conf   |  3 +++
 roles/openvpn/client/files/fix-routes.sh | 12 ++++++++++++
 roles/openvpn/client/tasks/main.yml      |  3 +++
 3 files changed, 18 insertions(+)
 create mode 100644 roles/openvpn/client/files/fix-routes.sh

diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index abb5d03d16..704becbda1 100644
--- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -14,6 +14,9 @@ nobind
 
 persist-key
 
+up /etc/openvpn/fix-routes.sh
+up-restart
+
 ca ca.crt
 cert client.crt
 key client.key
diff --git a/roles/openvpn/client/files/fix-routes.sh b/roles/openvpn/client/files/fix-routes.sh
new file mode 100644
index 0000000000..a08e519802
--- /dev/null
+++ b/roles/openvpn/client/files/fix-routes.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# First check if this server is actually an OpenVPN client
+if [ -f /etc/openvpn/client.crt ];
+then
+	# Now the magic line
+	# This first checks whether there is a route, and if there isn't it will:
+	# 1. Get the local machine's VPN IP (up to and including awk)
+	# 2. Add a new route to 192.168.0.0/16 via that IP addres (from xargs on)
+	# 3. Print "Fixed VPN" and exit with code 2 to indicate that it changed
+	# Note: I've been told that the grep and awk can be in one command, and I believe that, but I find this clearer.
+	(ip route show | grep '192.168.0.0/16') || ((ip route show | grep '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) && echo "Fixed VPN" && exit 2);
+fi
diff --git a/roles/openvpn/client/tasks/main.yml b/roles/openvpn/client/tasks/main.yml
index 76817a24f9..67e44b1ac8 100644
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@@ -17,6 +17,9 @@
   - { file: client.conf,
       dest: /etc/openvpn/openvpn.conf,
       mode: '0644' }
+  - { file: fix-routes.sh,
+      dest: /etc/openvpn/fix-routes.sh,
+      mode: '0755' }
   - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
       dest: "/etc/openvpn/client.crt",
       mode: '0600' }