mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2024-07-04 18:55:48 +02:00
Add command line options
- Add support for command-line options for managing OpenVPN clients and removing OpenVPN.
This commit is contained in:
parent
70ea744f66
commit
e058f5e3d8
|
@ -101,6 +101,11 @@ TUN needs to be enabled before running this installer."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_client_name() {
|
||||||
|
# Allow a limited set of characters to avoid conflicts
|
||||||
|
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
|
||||||
|
}
|
||||||
|
|
||||||
parse_args() {
|
parse_args() {
|
||||||
while [ "$#" -gt 0 ]; do
|
while [ "$#" -gt 0 ]; do
|
||||||
case $1 in
|
case $1 in
|
||||||
|
@ -108,6 +113,36 @@ parse_args() {
|
||||||
auto=1
|
auto=1
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--addclient)
|
||||||
|
add_client=1
|
||||||
|
unsanitized_client="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--exportclient)
|
||||||
|
export_client=1
|
||||||
|
unsanitized_client="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--listclients)
|
||||||
|
list_clients=1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--revokeclient)
|
||||||
|
revoke_client=1
|
||||||
|
unsanitized_client="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--uninstall)
|
||||||
|
remove_ovpn=1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-y|--yes)
|
||||||
|
assume_yes=1
|
||||||
|
shift
|
||||||
|
;;
|
||||||
-h|--help)
|
-h|--help)
|
||||||
show_usage
|
show_usage
|
||||||
;;
|
;;
|
||||||
|
@ -118,6 +153,43 @@ parse_args() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
check_args() {
|
||||||
|
if [ "$auto" = 1 ] && [ -e "$OVPN_CONF" ]; then
|
||||||
|
echo "Error: Invalid parameter '--auto'. OpenVPN is already set up on this server." >&2
|
||||||
|
echo " To manage OpenVPN clients, re-run this script without '--auto'." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ "$((add_client + export_client + list_clients + revoke_client))" -gt 1 ]; then
|
||||||
|
show_usage "Invalid parameters. Specify only one of '--addclient', '--exportclient', '--listclients' or '--revokeclient'."
|
||||||
|
fi
|
||||||
|
if [ "$remove_ovpn" = 1 ]; then
|
||||||
|
if [ "$((add_client + export_client + list_clients + revoke_client + auto))" -gt 0 ]; then
|
||||||
|
show_usage "Invalid parameters. '--uninstall' cannot be specified with other parameters."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ! -e "$OVPN_CONF" ]; then
|
||||||
|
[ "$add_client" = 1 ] && exiterr "You must first set up OpenVPN before adding a client."
|
||||||
|
[ "$export_client" = 1 ] && exiterr "You must first set up OpenVPN before exporting a client."
|
||||||
|
[ "$list_clients" = 1 ] && exiterr "You must first set up OpenVPN before listing clients."
|
||||||
|
[ "$revoke_client" = 1 ] && exiterr "You must first set up OpenVPN before revoking a client."
|
||||||
|
[ "$remove_ovpn" = 1 ] && exiterr "Cannot remove OpenVPN because it has not been set up on this server."
|
||||||
|
fi
|
||||||
|
if [ "$add_client" = 1 ]; then
|
||||||
|
set_client_name
|
||||||
|
if [ -z "$client" ]; then
|
||||||
|
exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'."
|
||||||
|
elif [ -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]; then
|
||||||
|
exiterr "$client: invalid name. Client already exists."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$export_client" = 1 ] || [ "$revoke_client" = 1 ]; then
|
||||||
|
set_client_name
|
||||||
|
if [ -z "$client" ] || [ ! -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]; then
|
||||||
|
exiterr "Invalid client name, or client does not exist."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
check_nftables() {
|
check_nftables() {
|
||||||
if [ "$os" = "centos" ]; then
|
if [ "$os" = "centos" ]; then
|
||||||
if grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf \
|
if grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf \
|
||||||
|
@ -183,6 +255,7 @@ cat <<'EOF'
|
||||||
|
|
||||||
Welcome to this OpenVPN server installer!
|
Welcome to this OpenVPN server installer!
|
||||||
GitHub: https://github.com/hwdsl2/openvpn-install
|
GitHub: https://github.com/hwdsl2/openvpn-install
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -205,8 +278,14 @@ cat 1>&2 <<EOF
|
||||||
Usage: bash $0 [options]
|
Usage: bash $0 [options]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
--auto auto install OpenVPN using default options
|
--auto auto install OpenVPN using default options
|
||||||
-h, --help show this help message and exit
|
--addclient [client name] add a new client
|
||||||
|
--exportclient [client name] export configuration for an existing client
|
||||||
|
--listclients list the names of existing clients
|
||||||
|
--revokeclient [client name] revoke an existing client
|
||||||
|
--uninstall remove OpenVPN and delete all configuration
|
||||||
|
-y, --yes assume "yes" as answer to prompts when revoking a client or removing OpenVPN
|
||||||
|
-h, --help show this help message and exit
|
||||||
|
|
||||||
To customize install options, run this script without arguments.
|
To customize install options, run this script without arguments.
|
||||||
EOF
|
EOF
|
||||||
|
@ -216,7 +295,6 @@ EOF
|
||||||
show_welcome() {
|
show_welcome() {
|
||||||
if [ "$auto" = 0 ]; then
|
if [ "$auto" = 0 ]; then
|
||||||
show_header2
|
show_header2
|
||||||
echo
|
|
||||||
echo 'I need to ask you a few questions before starting setup.'
|
echo 'I need to ask you a few questions before starting setup.'
|
||||||
echo 'You can use the default options and just press enter if you are OK with them.'
|
echo 'You can use the default options and just press enter if you are OK with them.'
|
||||||
else
|
else
|
||||||
|
@ -430,11 +508,6 @@ select_dns() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
set_client_name() {
|
|
||||||
# Allow a limited set of characters to avoid conflicts
|
|
||||||
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
|
|
||||||
}
|
|
||||||
|
|
||||||
enter_first_client_name() {
|
enter_first_client_name() {
|
||||||
if [ "$auto" = 0 ]; then
|
if [ "$auto" = 0 ]; then
|
||||||
echo
|
echo
|
||||||
|
@ -975,7 +1048,11 @@ enter_client_name() {
|
||||||
[ -z "$unsanitized_client" ] && abort_and_exit
|
[ -z "$unsanitized_client" ] && abort_and_exit
|
||||||
set_client_name
|
set_client_name
|
||||||
while [[ -z "$client" || -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; do
|
while [[ -z "$client" || -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; do
|
||||||
echo "$client: invalid name."
|
if [ -z "$client" ]; then
|
||||||
|
echo "Invalid client name. Use one word only, no special characters except '-' and '_'."
|
||||||
|
else
|
||||||
|
echo "$client: invalid name. Client already exists."
|
||||||
|
fi
|
||||||
read -rp "Name: " unsanitized_client
|
read -rp "Name: " unsanitized_client
|
||||||
[ -z "$unsanitized_client" ] && abort_and_exit
|
[ -z "$unsanitized_client" ] && abort_and_exit
|
||||||
set_client_name
|
set_client_name
|
||||||
|
@ -1005,7 +1082,7 @@ check_clients() {
|
||||||
if [[ "$num_of_clients" = 0 ]]; then
|
if [[ "$num_of_clients" = 0 ]]; then
|
||||||
echo
|
echo
|
||||||
echo "There are no existing clients!"
|
echo "There are no existing clients!"
|
||||||
exit
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1032,12 +1109,16 @@ select_client_to() {
|
||||||
}
|
}
|
||||||
|
|
||||||
confirm_revoke_client() {
|
confirm_revoke_client() {
|
||||||
echo
|
if [ "$assume_yes" != 1 ]; then
|
||||||
read -rp "Confirm $client revocation? [y/N]: " revoke
|
echo
|
||||||
until [[ "$revoke" =~ ^[yYnN]*$ ]]; do
|
|
||||||
echo "$revoke: invalid selection."
|
|
||||||
read -rp "Confirm $client revocation? [y/N]: " revoke
|
read -rp "Confirm $client revocation? [y/N]: " revoke
|
||||||
done
|
until [[ "$revoke" =~ ^[yYnN]*$ ]]; do
|
||||||
|
echo "$revoke: invalid selection."
|
||||||
|
read -rp "Confirm $client revocation? [y/N]: " revoke
|
||||||
|
done
|
||||||
|
else
|
||||||
|
revoke=y
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
print_revoke_client() {
|
print_revoke_client() {
|
||||||
|
@ -1054,7 +1135,7 @@ remove_client_conf() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
revoke_client() {
|
revoke_client_ovpn() {
|
||||||
cd /etc/openvpn/server/easy-rsa/ || exit 1
|
cd /etc/openvpn/server/easy-rsa/ || exit 1
|
||||||
(
|
(
|
||||||
set -x
|
set -x
|
||||||
|
@ -1079,12 +1160,16 @@ print_client_revocation_aborted() {
|
||||||
}
|
}
|
||||||
|
|
||||||
confirm_remove_ovpn() {
|
confirm_remove_ovpn() {
|
||||||
echo
|
if [ "$assume_yes" != 1 ]; then
|
||||||
read -rp "Confirm OpenVPN removal? [y/N]: " remove
|
echo
|
||||||
until [[ "$remove" =~ ^[yYnN]*$ ]]; do
|
|
||||||
echo "$remove: invalid selection."
|
|
||||||
read -rp "Confirm OpenVPN removal? [y/N]: " remove
|
read -rp "Confirm OpenVPN removal? [y/N]: " remove
|
||||||
done
|
until [[ "$remove" =~ ^[yYnN]*$ ]]; do
|
||||||
|
echo "$remove: invalid selection."
|
||||||
|
read -rp "Confirm OpenVPN removal? [y/N]: " remove
|
||||||
|
done
|
||||||
|
else
|
||||||
|
remove=y
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
print_remove_ovpn() {
|
print_remove_ovpn() {
|
||||||
|
@ -1141,9 +1226,76 @@ check_tun
|
||||||
OVPN_CONF="/etc/openvpn/server/server.conf"
|
OVPN_CONF="/etc/openvpn/server/server.conf"
|
||||||
|
|
||||||
auto=0
|
auto=0
|
||||||
|
assume_yes=0
|
||||||
|
add_client=0
|
||||||
|
export_client=0
|
||||||
|
list_clients=0
|
||||||
|
revoke_client=0
|
||||||
|
remove_ovpn=0
|
||||||
|
|
||||||
|
parse_args "$@"
|
||||||
|
check_args
|
||||||
|
|
||||||
|
if [ "$add_client" = 1 ]; then
|
||||||
|
show_header
|
||||||
|
echo
|
||||||
|
build_client_config
|
||||||
|
new_client
|
||||||
|
print_client_action added
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$export_client" = 1 ]; then
|
||||||
|
show_header
|
||||||
|
new_client
|
||||||
|
print_client_action exported
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$list_clients" = 1 ]; then
|
||||||
|
show_header
|
||||||
|
print_check_clients
|
||||||
|
check_clients
|
||||||
|
echo
|
||||||
|
show_clients
|
||||||
|
print_client_total
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$revoke_client" = 1 ]; then
|
||||||
|
show_header
|
||||||
|
confirm_revoke_client
|
||||||
|
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
||||||
|
print_revoke_client
|
||||||
|
revoke_client_ovpn
|
||||||
|
print_client_revoked
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
print_client_revocation_aborted
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$remove_ovpn" = 1 ]; then
|
||||||
|
show_header
|
||||||
|
confirm_remove_ovpn
|
||||||
|
if [[ "$remove" =~ ^[yY]$ ]]; then
|
||||||
|
print_remove_ovpn
|
||||||
|
remove_firewall_rules
|
||||||
|
disable_ovpn_service
|
||||||
|
remove_sysctl_rules
|
||||||
|
remove_rclocal_rules
|
||||||
|
remove_pkgs
|
||||||
|
print_ovpn_removed
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
print_ovpn_removal_aborted
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ! -e "$OVPN_CONF" ]]; then
|
if [[ ! -e "$OVPN_CONF" ]]; then
|
||||||
check_nftables
|
check_nftables
|
||||||
parse_args "$@"
|
|
||||||
install_wget
|
install_wget
|
||||||
install_iproute
|
install_iproute
|
||||||
show_welcome
|
show_welcome
|
||||||
|
@ -1188,14 +1340,14 @@ else
|
||||||
build_client_config
|
build_client_config
|
||||||
new_client
|
new_client
|
||||||
print_client_action added
|
print_client_action added
|
||||||
exit
|
exit 0
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
check_clients
|
check_clients
|
||||||
select_client_to export
|
select_client_to export
|
||||||
new_client
|
new_client
|
||||||
print_client_action exported
|
print_client_action exported
|
||||||
exit
|
exit 0
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
print_check_clients
|
print_check_clients
|
||||||
|
@ -1203,7 +1355,7 @@ else
|
||||||
echo
|
echo
|
||||||
show_clients
|
show_clients
|
||||||
print_client_total
|
print_client_total
|
||||||
exit
|
exit 0
|
||||||
;;
|
;;
|
||||||
4)
|
4)
|
||||||
check_clients
|
check_clients
|
||||||
|
@ -1211,12 +1363,13 @@ else
|
||||||
confirm_revoke_client
|
confirm_revoke_client
|
||||||
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
if [[ "$revoke" =~ ^[yY]$ ]]; then
|
||||||
print_revoke_client
|
print_revoke_client
|
||||||
revoke_client
|
revoke_client_ovpn
|
||||||
print_client_revoked
|
print_client_revoked
|
||||||
|
exit 0
|
||||||
else
|
else
|
||||||
print_client_revocation_aborted
|
print_client_revocation_aborted
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
exit
|
|
||||||
;;
|
;;
|
||||||
5)
|
5)
|
||||||
confirm_remove_ovpn
|
confirm_remove_ovpn
|
||||||
|
@ -1228,13 +1381,14 @@ else
|
||||||
remove_rclocal_rules
|
remove_rclocal_rules
|
||||||
remove_pkgs
|
remove_pkgs
|
||||||
print_ovpn_removed
|
print_ovpn_removed
|
||||||
|
exit 0
|
||||||
else
|
else
|
||||||
print_ovpn_removal_aborted
|
print_ovpn_removal_aborted
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
exit
|
|
||||||
;;
|
;;
|
||||||
6)
|
6)
|
||||||
exit
|
exit 0
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue
Block a user