From a44c1ea4732bb47d3302a14065edd2e44a9b3a87 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sat, 30 Jan 2021 14:24:01 -0600 Subject: [PATCH] Update IKEv2 script - Improvement: If the script is run using sudo, export the VPN client config files to the user's home directory instead of "/root", and set owner/group so that users can more easily download the config files. --- extras/ikev2setup.sh | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 9e97d1a..518a7ae 100644 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -110,10 +110,8 @@ check_utils_exist() { check_container() { in_container=0 - export_dir=~/ if grep -qs "hwdsl2" /opt/src/run.sh; then in_container=1 - export_dir="/etc/ipsec.d/" fi } @@ -276,6 +274,22 @@ show_export_client_message() { bigecho2 "Exporting existing IKEv2 client '$client_name', using default options." } +get_export_dir() { + export_to_home_dir=0 + if grep -qs "hwdsl2" /opt/src/run.sh; then + export_dir="/etc/ipsec.d/" + else + export_dir=~/ + if [ -n "$SUDO_USER" ] && getent group "$SUDO_USER" >/dev/null 2>&1; then + user_home_dir=$(getent passwd "$SUDO_USER" 2>/dev/null | cut -d: -f6) + if [ -d "$user_home_dir" ] && [ "$user_home_dir" != "/" ]; then + export_dir="$user_home_dir/" + export_to_home_dir=1 + fi + fi + fi +} + get_server_ip() { echo "Trying to auto discover IP of this server..." public_ip=$(dig @resolver1.opendns.com -t A -4 myip.opendns.com +short) @@ -619,11 +633,17 @@ EOF [ -z "$p12_password" ] && exiterr "Could not generate a random password for .p12 file." fi + p12_file="$export_dir$client_name-$SYS_DT.p12" if [ "$use_own_password" = "1" ]; then - pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$export_dir$client_name-$SYS_DT.p12" || exit 1 + pk12util -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1 else - pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$export_dir$client_name-$SYS_DT.p12" || exit 1 + pk12util -W "$p12_password" -d sql:/etc/ipsec.d -n "$client_name" -o "$p12_file" || exit 1 fi + + if [ "$export_to_home_dir" = "1" ]; then + chown "$SUDO_USER:$SUDO_USER" "$p12_file" + fi + chmod 600 "$p12_file" } install_base64_uuidgen() { @@ -802,6 +822,9 @@ $ca_base64 EOF + if [ "$export_to_home_dir" = "1" ]; then + chown "$SUDO_USER:$SUDO_USER" "$mc_file" + fi chmod 600 "$mc_file" } @@ -835,6 +858,9 @@ cat > "$sswan_file" <