LiittleCookie/vpn-install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openvpn check and deluser (revoke); crl-verify option added; adduser bugfix

Browse Source
This commit is contained in:
bedefaced 2017-08-30 01:57:18 +03:00 committed by bedefaced
parent 7daa49f7de
commit 459db4b62a
7 changed files with 95 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipsec/adduser.sh
View File

@ -48,6 +48,7 @@ do
else else
read -p "Would you want to add another user? [no] " ANSUSER read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER} : ${ANSUSER:=$NOTADDUSER}
unset LOGIN
fi fi
continue continue
else else
@ -101,6 +102,7 @@ do
echo echo
read -p "Would you want to add another user? [no] " ANSUSER read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER} : ${ANSUSER:=$NOTADDUSER}
unset LOGIN
else else
ANSUSER=$NOTADDUSER ANSUSER=$NOTADDUSER
fi fi

67
openvpn/adduser.sh
View File

@ -25,51 +25,60 @@ do
read -p "Enter name: " LOGIN read -p "Enter name: " LOGIN
done done
./build-key --batch $LOGIN $DIR/checkuser.sh $LOGIN
if [ $? -eq 0 ]; then if [[ $? -ne 0 ]]; then
# copy files and OVPN config ./build-key --batch $LOGIN
mkdir -p "$DIR/$LOGIN"
cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"
DIST="$DIR/$LOGIN/openvpn-server.ovpn" if [ $? -eq 0 ]; then
cp $DIR/openvpn-server.ovpn.dist $DIST
sed -i -e "s@LOGIN@$LOGIN@g" $DIST
sed -i -e "s@IP@$IP@g" $DIST
SRC="$DIR/$LOGIN" # copy files and OVPN config
DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn" mkdir -p "$DIR/$LOGIN"
cp $DIR/openvpn-server-embedded.ovpn.dist $DIST cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"
sed -i -e "s@IP@$IP@g" $DIST
echo "<ca>" >> $DIST DIST="$DIR/$LOGIN/openvpn-server.ovpn"
cat $SRC/ca.crt >> $DIST cp $DIR/openvpn-server.ovpn.dist $DIST
echo "</ca>" >> $DIST sed -i -e "s@LOGIN@$LOGIN@g" $DIST
sed -i -e "s@IP@$IP@g" $DIST
echo "<cert>" >> $DIST SRC="$DIR/$LOGIN"
cat $SRC/$LOGIN.crt >> $DIST DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn"
echo "</cert>" >> $DIST cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
sed -i -e "s@IP@$IP@g" $DIST
echo "<key>" >> $DIST echo "<ca>" >> $DIST
cat $SRC/$LOGIN.key >> $DIST cat $SRC/ca.crt >> $DIST
echo "</key>" >> $DIST echo "</ca>" >> $DIST
echo "<tls-auth>" >> $DIST echo "<cert>" >> $DIST
cat $SRC/ta.key >> $DIST cat $SRC/$LOGIN.crt >> $DIST
echo "</tls-auth>" >> $DIST echo "</cert>" >> $DIST
echo echo "<key>" >> $DIST
echo "Directory $DIR/$LOGIN with necessary files has been created." cat $SRC/$LOGIN.key >> $DIST
USERNAME=${SUDO_USER:-$USER} echo "</key>" >> $DIST
chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
echo "<tls-auth>" >> $DIST
cat $SRC/ta.key >> $DIST
echo "</tls-auth>" >> $DIST
echo
echo "Directory $DIR/$LOGIN with necessary files has been created."
USERNAME=${SUDO_USER:-$USER}
chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
fi
else
echo "User $LOGIN already exists."
unset LOGIN
fi fi
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
echo echo
read -p "Would you want to add another user? [no] " ANSUSER read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER} : ${ANSUSER:=$NOTADDUSER}
unset LOGIN
else else
ANSUSER=$NOTADDUSER ANSUSER=$NOTADDUSER
fi fi

22
openvpn/checkuser.sh Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
if [[ $# -gt 0 ]]; then
LOGIN="$1"
fi
while [[ -z "$LOGIN" ]];
do
read -p "Enter name: " LOGIN
done
RET=$(ls $CADIR/keys | grep "^$LOGIN.key$" >/dev/null)
exit $?

26
openvpn/deluser.sh Executable file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
if [[ $# -gt 0 ]]; then
LOGIN="$1"
fi
while [[ -z "$LOGIN" ]];
do
read -p "Enter name: " LOGIN
done
cd $CADIR
source ./vars
./revoke-full $LOGIN
cp -rf $CADIR/keys/crl.pem $OPENVPNDIR
chown nobody:$NOBODYGROUP $OPENVPNDIR/crl.pem

4
openvpn/install.sh
View File

@ -29,6 +29,7 @@ echo
echo "Installing configuration files..." echo "Installing configuration files..."
yes | cp -rf $DIR/openvpn-server.conf.dist $OPENVPNCONFIG yes | cp -rf $DIR/openvpn-server.conf.dist $OPENVPNCONFIG
sed -i -e "s@OPENVPNDIR@$OPENVPNDIR@g" $OPENVPNCONFIG
sed -i -e "s@CADIR@$CADIR@g" $OPENVPNCONFIG sed -i -e "s@CADIR@$CADIR@g" $OPENVPNCONFIG
sed -i -e "s@LOCALPREFIX@$LOCALPREFIX@g" $OPENVPNCONFIG sed -i -e "s@LOCALPREFIX@$LOCALPREFIX@g" $OPENVPNCONFIG
sed -i -e "s@NOBODYGROUP@$NOBODYGROUP@g" $OPENVPNCONFIG sed -i -e "s@NOBODYGROUP@$NOBODYGROUP@g" $OPENVPNCONFIG
@ -63,6 +64,9 @@ source ./vars
./build-dh ./build-dh
openvpn --genkey --secret ta.key openvpn --genkey --secret ta.key
# add dummy user and revoke its certificate for non-empty crl.pem file
./build-key --batch client000
./revoke-full client000
echo echo
echo "Adding cron jobs..." echo "Adding cron jobs..."

1
openvpn/openvpn-server.conf.dist
View File

@ -2,6 +2,7 @@ mode server
port 1194 port 1194
proto udp proto udp
dev tun dev tun
crl-verify OPENVPNDIR/crl.pem
ca CADIR/keys/ca.crt ca CADIR/keys/ca.crt
cert CADIR/keys/openvpn-server.crt cert CADIR/keys/openvpn-server.crt
key CADIR/keys/openvpn-server.key key CADIR/keys/openvpn-server.key

2
pptp/adduser.sh
View File

@ -48,6 +48,7 @@ do
else else
read -p "Would you want to add another user? [no] " ANSUSER read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER} : ${ANSUSER:=$NOTADDUSER}
unset LOGIN
fi fi
continue continue
else else
@ -79,6 +80,7 @@ do
echo echo
read -p "Would you want to add another user? [no] " ANSUSER read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER} : ${ANSUSER:=$NOTADDUSER}
unset LOGIN
else else
ANSUSER=$NOTADDUSER ANSUSER=$NOTADDUSER
fi fi