fix(vpn): ensure OpenVPN is restarted when freshly installed initialized

Fixes #19

bindata/bindata.go

@@ -87,7 +87,7 @@ func templateCcdFileTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/ccd.file.tmpl", size: 74, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
+	info := bindataFileInfo{name: "template/ccd.file.tmpl", size: 74, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }
@@ -107,7 +107,7 @@ func templateClientOvpnTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 306, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
+	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 306, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }
@@ -127,7 +127,7 @@ func templateDh4096PemTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/dh4096.pem.tmpl", size: 1468, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
+	info := bindataFileInfo{name: "template/dh4096.pem.tmpl", size: 1468, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }
@@ -147,7 +147,7 @@ func templateIptablesTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/iptables.tmpl", size: 0, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
+	info := bindataFileInfo{name: "template/iptables.tmpl", size: 0, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }
@@ -167,7 +167,7 @@ func templateServerConfTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9585, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
+	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9585, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }

cmd/ovpm/main.go

@@ -322,25 +322,25 @@ func main() {
 						return nil
 					},
 				},
-				{
-					Name:  "apply",
-					Usage: "Apply pending changes.",
-					Action: func(c *cli.Context) error {
-						action = "apply"
-
-						conn := getConn(c.GlobalString("daemon-port"))
-						defer conn.Close()
-						vpnSvc := pb.NewVPNServiceClient(conn)
-
-						if _, err := vpnSvc.Apply(context.Background(), &pb.VPNApplyRequest{}); err != nil {
-							logrus.Errorf("can not apply configuration: %v", err)
-							os.Exit(1)
-							return err
-						}
-						logrus.Info("changes applied; OpenVPN restarted")
-						return nil
-					},
-				},
+				// {
+				// 	Name:  "apply",
+				// 	Usage: "Apply pending changes.",
+				// 	Action: func(c *cli.Context) error {
+				// 		action = "apply"
+
+				// 		conn := getConn(c.GlobalString("daemon-port"))
+				// 		defer conn.Close()
+				// 		vpnSvc := pb.NewVPNServiceClient(conn)
+
+				// 		if _, err := vpnSvc.Apply(context.Background(), &pb.VPNApplyRequest{}); err != nil {
+				// 			logrus.Errorf("can not apply configuration: %v", err)
+				// 			os.Exit(1)
+				// 			return err
+				// 		}
+				// 		logrus.Info("changes applied; OpenVPN restarted")
+				// 		return nil
+				// 	},
+				// },
 			},
 		},
 	}

cmd/ovpmd/main.go

@@ -98,22 +98,6 @@ func (s *server) start() {
 	logrus.Infof("OVPM is running :%s ...", s.port)
 	go s.grpcServer.Serve(s.lis)
 	ovpm.StartVPNProc()
-
-	// Nat enablerer
-	go func() {
-		for {
-			err := ovpm.EnsureNatEnabled()
-			if err == nil {
-				logrus.Debug("nat is enabled")
-				return
-			}
-			logrus.Debugf("can not enable nat: %v", err)
-			// TODO(cad): employ a exponential back-off approach here
-			// instead of sleeping for the constant duration.
-			time.Sleep(1 * time.Second)
-		}
-
-	}()
 }
 
 func (s *server) stop() {

net.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/Sirupsen/logrus"
 	"github.com/coreos/go-iptables/iptables"
+	"time"
 )
 
 // routedInterface returns a network interface that can route IP
@@ -110,8 +111,27 @@ func routableIP(network string, ip net.IP) net.IP {
 	return nil
 }
 
-// EnsureNatEnabled is an idempotent command that ensures nat is enabled for the vpn server.
-func EnsureNatEnabled() error {
+// ensureNatEnabled launches a goroutine that constantly tries to enable nat.
+func ensureNatEnabled() {
+	// Nat enablerer
+	go func() {
+		for {
+			err := enableNat()
+			if err == nil {
+				logrus.Debug("nat is enabled")
+				return
+			}
+			logrus.Debugf("can not enable nat: %v", err)
+			// TODO(cad): employ a exponential back-off approach here
+			// instead of sleeping for the constant duration.
+			time.Sleep(1 * time.Second)
+		}
+
+	}()
+}
+
+// enableNat is an idempotent command that ensures nat is enabled for the vpn server.
+func enableNat() error {
 	rif := routedInterface("ip", net.FlagUp|net.FlagBroadcast)
 	if rif == nil {
 		return fmt.Errorf("can not get routable network interface")

user.go

@@ -149,6 +149,11 @@ func (u *DBUser) ResetPassword(password string) error {
 		return fmt.Errorf("user password can not be updated %s: %v", u.Username, err)
 	}
 	db.Save(u)
+	err = Emit()
+	if err != nil {
+		return err
+	}
+
 	logrus.Infof("user password reset: %s", u.GetUsername())
 	return nil
 }
@@ -181,6 +186,11 @@ func (u *DBUser) Renew() error {
 	u.ServerSerialNumber = server.SerialNumber
 
 	db.Save(&u)
+	err = Emit()
+	if err != nil {
+		return err
+	}
+
 	logrus.Infof("user renewed cert: %s", u.GetUsername())
 	return nil
 }

vpn.go

@@ -19,6 +19,7 @@ import (
 	"github.com/cad/ovpm/supervisor"
 	"github.com/google/uuid"
 	"github.com/jinzhu/gorm"
+	"time"
 )
 
 // DBNetwork is database model for external networks on the VPN server.
@@ -131,6 +132,7 @@ func Init(hostname string, port string) error {
 			continue
 		}
 	}
+	Emit()
 	logrus.Infof("server initialized")
 	return nil
 }
@@ -143,6 +145,7 @@ func Deinit() error {
 
 	db.Unscoped().Delete(&DBServer{})
 	db.Unscoped().Delete(&DBRevoked{})
+	Emit()
 	return nil
 }
 
@@ -233,8 +236,8 @@ func StartVPNProc() {
 		logrus.Error("OpenVPN is already started")
 		return
 	}
-
 	vpnProc.Start()
+	ensureNatEnabled()
 }
 
 // RestartVPNProc restarts the OpenVPN process.
@@ -320,10 +323,13 @@ func Emit() error {
 
 	logrus.Info("configurations emitted to the filesystem")
 
-	// If the OpenVPN is already running, restart it.
-	if vpnProc.Status() == supervisor.RUNNING {
-		logrus.Info("OpenVPN process is restarting")
-		RestartVPNProc()
+	for {
+		if vpnProc.Status() == supervisor.RUNNING || vpnProc.Status() == supervisor.STOPPED {
+			logrus.Info("OpenVPN process is restarting")
+			RestartVPNProc()
+			break
+		}
+		time.Sleep(1 * time.Second)
 	}
 
 	return nil