services:openvpn
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
services:openvpn [2020/07/21 18:48] djgalloway |
services:openvpn [2020/10/27 19:22] (current) djgalloway old revision restored (2020/10/27 17:55) |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| The process for requesting lab access is documented [[https://ceph.github.io/sepia/adding_users/#requesting-lab-access|here]]. | The process for requesting lab access is documented [[https://ceph.github.io/sepia/adding_users/#requesting-lab-access|here]]. | ||
| - | ===== Adding Users ===== | + | ===== Ops Tasks ===== |
| + | ==== Adding Users ==== | ||
| A ticket should be filed for paper trail purposes. Put the ticket in the commit messages for the PRs created below. | A ticket should be filed for paper trail purposes. Put the ticket in the commit messages for the PRs created below. | ||
| Line 19: | Line 20: | ||
| <code>ansible-playbook gateway.yml --tags="users"</code> | <code>ansible-playbook gateway.yml --tags="users"</code> | ||
| - | ===== fail2ban ===== | + | ==== fail2ban ==== |
| fail2ban is configured via the gateway role. It's configured to work with firewalld. Run ''ipset list'' to see list of currently banned IPs. | fail2ban is configured via the gateway role. It's configured to work with firewalld. Run ''ipset list'' to see list of currently banned IPs. | ||
| Line 27: | Line 28: | ||
| ^%(__prefix_line)sReceived disconnect from <HOST>: 11: (Bye Bye)? \[preauth\]$ | ^%(__prefix_line)sReceived disconnect from <HOST>: 11: (Bye Bye)? \[preauth\]$ | ||
| </code> | </code> | ||
| + | |||
| + | ==== Updating sepia-vpn-client.tar.gz ==== | ||
| + | This shouldn't need to happen often but was necessary when python3 came out. | ||
| + | |||
| + | - ''%%ssh www.ceph.com%%'' | ||
| + | - ''sudo -i'' | ||
| + | - ''cd /var/www/ceph.com/sage/'' | ||
| + | - ''mkdir wip && cp sepia-vpn-client.tar.gz wip/ && cd wip && tar xzf sepia-vpn-client.tar.gz'' | ||
| + | - Make your edits in the sepia dir | ||
| + | - When you're done, ''tar -czvf sepia-vpn-client.tar.gz sepia'' | ||
| + | - ''mv sepia-vpn-client.tar.gz /var/www/ceph.com/sage/'' | ||
| + | - ''chown dgalloway:www-data /var/www/ceph.com/sage/sepia-vpn-client.tar.gz'' | ||
| + | - ''rm -rf /var/www/ceph.com/sage/wip'' | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| - | ==== TLS Error: local/remote TLS keys are out of sync ==== | + | ==== ValueError: need more than 2 values to unpack ==== |
| - | You may also see ''ValueError: need more than 2 values to unpack'' in ''/var/log/openvpn/openvpn.log'' | + | |
| **Resolution:** You likely forgot a space in a user's hashed credential. Check recent commits in ceph-sepia-secrets.git and make sure all users have three values per ''ovpn'' key. | **Resolution:** You likely forgot a space in a user's hashed credential. Check recent commits in ceph-sepia-secrets.git and make sure all users have three values per ''ovpn'' key. | ||
services/openvpn.1595357287.txt.gz · Last modified: 2020/07/21 18:48 by djgalloway
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
