~fkooman/vpn-documentation

ref: b609977fb14b1f6da23d14a3537b24a1621a7a56 vpn-documentation/convert_to_controller_v3.sh -rwxr-xr-x 977 bytes
b609977fFrançois Kooman additional comments 4 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh

#
# Convert a full VPN install to just a controller
#

dnf -y remove vpn-server-node
rm -rf /etc/vpn-server-node

# allow OpenVPN to bind to the management ports
semanage port -d -t openvpn_port_t -p tcp 11940-16036
# allow OpenVPN to bind to additional ports for client connections
semanage port -d -t openvpn_port_t -p tcp 1195-5290
semanage port -d -t openvpn_port_t -p udp 1195-5290

rm /etc/sysctl.d/70-vpn.conf
sysctl --system

for CONFIG_NAME in $(systemctl list-units "openvpn-server@*" --no-legend | awk '{print $1}')
do
    systemctl disable --now "${CONFIG_NAME}"
done

for CONFIG_NAME in $(systemctl list-units "wg-quick@*" --no-legend | awk '{print $1}')
do
    systemctl disable --now "${CONFIG_NAME}"
done

rm -rf /etc/openvpn/server/*
rm -rf /etc/wireguard/*

cp resources/firewall/controller/iptables /etc/sysconfig/iptables
cp resources/firewall/controller/ip6tables /etc/sysconfig/ip6tables

systemctl restart iptables
systemctl restart ip6tables