Bonsoir,
Chaque tentative d’y accéder me retourne un «la connexion a échoué». J’ai peut-être commis un erreur pendant l’installation, mais je n’arrive pas à savoir où. Voici le script que j’ai utilisé à cette fin (les variables de la partie «get variables» sont contenues dans un autre fichier se trouvant dans le même dossier que le script). Le script ci-dessous:
#!/bin/bash
dummy_pwd=neutrinet
clear
cat <<EOF
********************************************************************************
You are about to configure an Internet Cube for Neutrinet.
All the passwords; yunohost admin account, openvpn password and the password
for the AP, will be: '$dummy_pwd'. Consider changing them after installation.
/!\\ This script has to be run as root *on* the Cube itself, on a
labriqueinternet_A20LIME_2015-11-09.img SD card (or newer)
/!\\ If you run into trouble, please refer to the original
documentation page: https://yunohost.org/installation_brique_fr
/!\\ Be aware that as soon as the vpn goes live the root user can log in over
the vpn with the chosen password! You might consider revising the root
password before continuing. Choosing a dictionary word or 12345678 is
not the best thing to do here, instead have a look at
https://ssd.eff.org/en/module/creating-strong-passwords for advice on
creating a strong password.
Press any key to continue or CTRL-C to abort
EOF
read
# Exit if any of the following command fails
set -e
get_variables() {
if [ -f neutrinet.variables ]; then
source neutrinet.variables
echo "********************************************************************************"
echo The following settings will apply
echo ""
echo domain = $domain
echo username = $username
echo firstname = $firstname
echo lastgname = $lastname
echo email = $email
echo vpn_username = $vpn_username
echo "vpn_pwd = **********"
echo ip6_net = $ip6_net
echo wifi_ssid = $wifi_ssid
echo vpn_ca_crt = ${vpn_ca_crt:0:46}...
echo vpn_client_key = ${vpn_client_key:0:46}...
echo vpn_client_crt = ${vpn_client_crt:0:46}...
echo ""
echo "********************************************************************************"
echo Press any key to continue or CTRL-C to abort
read
else
echo
echo "Main domain name (will be used to host your email and services)"
echo "i.e.: example.com"
read domain
echo
echo "Username (used to connect to the user interface and access your apps, must be composed of lowercase letters and numbers only)"
echo "i.e.: jonsnow"
read username
echo
echo "Firstname (mandatory, used as your firstname when you send emails)"
echo "i.e.: Jon"
read firstname
echo
echo "Lastname (mandatory, used as your lastname when you send emails)"
echo "i.e. Snow"
read lastname
echo
echo "Email (must contain one of the domain previously entered as second part)"
echo "i.e. jon@example.com"
read email
echo
echo "VPN client certificate (paste all the content of client.crt below and end with a blank line): "
vpn_client_crt=$(sed '/^$/q' | sed 's/-----BEGIN CERTIFICATE-----//' | sed 's/-----END CERTIFICATE-----//' | sed '/^$/d')
echo
echo "VPN client key (paste all the content of client.key below and end with a blank line): "
vpn_client_key=$(sed '/^$/q' | sed 's/-----BEGIN PRIVATE KEY-----//' | sed 's/-----END PRIVATE KEY-----//' | sed '/^$/d')
echo
echo "CA server certificate (paste all the content of ca.crt below and end with a blank line): "
vpn_ca_crt=$(sed '/^$/q' | sed 's/-----BEGIN CERTIFICATE-----//' | sed 's/-----END CERTIFICATE-----//' | sed '/^$/d')
echo
echo "VPN username (first line of the 'auth' file): "
read vpn_username
echo
echo "VPN password (second line of the 'auth' file): "
read vpn_pwd
echo
echo "IPv6 delegated prefix (without trailing /56, to be found in the neutrinet MGMT interface)"
echo "i.e.: 2001:913:1000:300::"
read ip6_net
echo
echo "WiFi AP SSID (that will appear right after this configuration script ending)"
echo "i.e.: MyWunderbarNeutralNetwork"
read wifi_ssid
echo
echo
echo "The installation will proceed, please verify the parameters above one last time."
read -rsp $'Press any key to continue...\n' -n1 yolo
echo
# Store all the variables into a file
for var in domain username firstname lastname email vpn_username vpn_pwd ip6_net wifi_ssid; do
declare -p $var | cut -d ' ' -f 3- >> neutrinet.variables
done
echo "vpn_client_crt=\"$vpn_client_crt\"" >> neutrinet.variables
echo "vpn_client_key=\"$vpn_client_key\"" >> neutrinet.variables
echo "vpn_ca_crt=\"$vpn_ca_crt\"" >> neutrinet.variables
fi
}
modify_hosts() {
# to resolve the domain properly
echo "Modifying hosts..."
set -x
grep -q "olinux" /etc/hosts \
|| echo "127.0.0.1 $domain olinux" >> /etc/hosts
}
set_locales() {
[ "$(grep LC_ALL /etc/environment)" ] || echo 'LC_ALL="en_US.UTF-8"' >> /etc/environment
source /etc/environment
export LC_ALL
}
upgrade_system() {
echo "Upgrading Debian packages..."
set -x
echo "deb http://repo.yunohost.org/debian jessie stable" > /etc/apt/sources.list.d/yunohost.list
apt-get update -qq
apt-get dist-upgrade -y
}
postinstall_yunohost() {
echo "Launching YunoHost post-installation..."
set -x
yunohost tools postinstall -d $domain -p $dummy_pwd
}
create_yunohost_user() {
echo "Creating the first YunoHost user..."
set -x
yunohost user create $username -f "$firstname" -l "$lastname" -m $email \
-q 0 -p $dummy_pwd
}
add_labriqueinternet_app_list() {
echo "Adding labriqueinternet official app list for updates in the future..."
yunohost app fetchlist -n labriqueinternet -u https://labriqueinter.net/apps/labriqueinternet.json
}
install_vpnclient() {
echo "Installing the VPN client application..."
set -x
yunohost app install vpnclient \
--args "domain=$domain&path=/vpnadmin&server_name=vpn.neutrinet.be"
}
configure_vpnclient() {
echo "Configuring the VPN connection..."
set -x
# Restrict user access to the app
yunohost app addaccess vpnclient -u $username
# Neutrinet related: add some VPN configuration directives
cat > /etc/openvpn/client.conf.tpl <<EOF
# [WARN] Edit this raw configuration ONLY IF YOU KNOW
# what you do!
# [WARN] Continue to use the placeholders <TPL:*> and
# keep update their value on the web admin (they
# are not only used for this file).
client
remote <TPL:SERVER_NAME>
proto <TPL:PROTO>
port <TPL:SERVER_PORT>
pull
nobind
dev tun
tun-ipv6
# keepalive 10 30
# neutrinet
keepalive 10 120
comp-lzo adaptive
resolv-retry infinite
# Authentication by login
<TPL:LOGIN_COMMENT>auth-user-pass /etc/openvpn/keys/credentials
# UDP only
<TPL:UDP_COMMENT>explicit-exit-notify
# TLS
tls-client
remote-cert-tls server
ns-cert-type server
ca /etc/openvpn/keys/ca-server.crt
<TPL:CERT_COMMENT>cert /etc/openvpn/keys/user.crt
<TPL:CERT_COMMENT>key /etc/openvpn/keys/user.key
# Logs
verb 3
mute 5
status /var/log/openvpn-client.status
log-append /var/log/openvpn-client.log
# Routing
route-ipv6 2000::/3
redirect-gateway def1 bypass-dhcp
# neutrinet
cipher AES-256-CBC
tls-version-min 1.2
auth SHA256
topology subnet
EOF
# Copy certificates and keys
mkdir -p /etc/openvpn/keys
echo '-----BEGIN CERTIFICATE-----' > /etc/openvpn/keys/user.crt
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_client_crt >> /etc/openvpn/keys/user.crt
echo '-----END CERTIFICATE-----' >> /etc/openvpn/keys/user.crt
echo '-----BEGIN PRIVATE KEY-----' > /etc/openvpn/keys/user.key
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_client_key >> /etc/openvpn/keys/user.key
echo '-----END PRIVATE KEY-----' >> /etc/openvpn/keys/user.key
echo '-----BEGIN CERTIFICATE-----' > /etc/openvpn/keys/ca-server.crt
grep -Eo '"[^"]*"|[^" ]*' <<< $vpn_ca_crt >> /etc/openvpn/keys/ca-server.crt
echo '-----END CERTIFICATE-----' >> /etc/openvpn/keys/ca-server.crt
# And credentials
echo -e "$vpn_username\n$vpn_pwd" > /etc/openvpn/keys/credentials
# Set rights
chown admin:admins -hR /etc/openvpn/keys
chmod 640 -R /etc/openvpn/keys
# Configure VPN client
yunohost app setting vpnclient server_name -v "vpn.neutrinet.be"
yunohost app setting vpnclient server_port -v "1195"
yunohost app setting vpnclient server_proto -v "udp"
yunohost app setting vpnclient service_enabled -v "1"
yunohost app setting vpnclient login_user -v "$vpn_username"
yunohost app setting vpnclient login_passphrase -v "$vpn_pwd"
yunohost app setting vpnclient ip6_net -v "$ip6_net"
# Add the service to YunoHost's monitored services
yunohost service add ynh-vpnclient -l /var/log/openvpn-client.log
echo "Restarting OpenVPN..."
systemctl restart ynh-vpnclient \
|| (echo "Logs:" && cat /var/log/openvpn-client.log && exit 1)
sleep 5
}
install_hotspot() {
echo "Installing the Hotspot application..."
set -x
yunohost app install hotspot --verbose \
--args "domain=$domain&path=/wifiadmin&wifi_ssid=$wifi_ssid&wifi_passphrase=$dummy_pwd&firmware_nonfree=yes"
}
configure_hostpot() {
echo "Configuring the hotspot..."
set -x
# Removing the persistent Net rules to keep the Wifi device to wlan0
rm -f /etc/udev/rules.d/70-persistent-net.rules
# Restrict user access to the app
yunohost app addaccess hotspot -u $username
# Ensure that the hotspot is activated and that the IPv6 prefix is set
yunohost app setting hotspot service_enabled -v "1"
yunohost app setting hotspot ip6_net -v "$ip6_net"
yunohost app setting hotspot ip6_addr -v "${ip6_net}42"
# Add the service to YunoHost's monitored services
yunohost service add ynh-hotspot -l /var/log/syslog
echo "Restarting the hotspot..."
systemctl restart ynh-hotspot
}
install_doctorcube() {
set -x
echo "Installing doctorcube (this shouldn't do anything)..."
yunohost app install doctorcube --verbose
}
install_neutrinet_ynh() {
set -x
echo "Installing neutrinet_ynh..."
yunohost app install https://github.com/Neutrinet/neutrinet_ynh --verbose --args "domain=$domain&path=/neutrinet"
}
# ----------------------------------
# Optional steps
# ----------------------------------
remove_dyndns_cron() {
set -x
yunohost dyndns update > /dev/null 2>&1 \
&& echo "Removing the DynDNS cronjob..." \
|| echo "No DynDNS to remove"
rm -f /etc/cron.d/yunohost-dyndns
}
restart_api() {
set -x
systemctl restart yunohost-api
}
display_win_message() {
ip6=$(ip -6 addr show tun0 | awk -F'[/ ]' '/inet/{print $6}' || echo 'ERROR')
ip4=$(ip -4 addr show tun0 | awk -F'[/ ]' '/inet/{print $6}' || echo 'ERROR')
cat <<EOF
VICTOIRE !
Your Cube has been configured properly. Please set your DNS records as below:
@ 14400 IN A $ip4
* 14400 IN A $ip4
@ 14400 IN AAAA $ip6
* 14400 IN AAAA $ip6
_xmpp-client._tcp 14400 IN SRV 0 5 5222 $domain.
_xmpp-server._tcp 14400 IN SRV 0 5 5269 $domain.
@ 14400 IN MX 5 $domain.
@ 14400 IN TXT "v=spf1 a mx ip4:$ip4 ip6:$ip6 -all"
$(cat /etc/dkim/$domain.mail.txt > /dev/null 2>&1 || echo '')
EOF
cat <<EOF
/!\\ Do not forget to change:
* The root password on the OS-level: # passwd
* The administration password in yunohost
* The regular user password in yunohost
* The VPN client password administered in yunohost
* The Wifi AP password administered in yunohost
EOF
}
# ----------------------------------
# Operation order (you can deactivate some if your script has failed in the middle)
# ----------------------------------
get_variables
modify_hosts
set_locales
upgrade_system
postinstall_yunohost
create_yunohost_user
add_labriqueinternet_app_list
install_vpnclient
configure_vpnclient
install_hotspot
configure_hostpot
install_doctorcube
install_neutrinet_ynh
remove_dyndns_cron
restart_api
display_win_message