From f5094340aa91358e5e85f7f5b8dc96aa9a4cbef8 Mon Sep 17 00:00:00 2001 From: "Dominic Dumrauf (MacBook Pro 2017)" Date: Wed, 18 Sep 2019 08:51:35 +0100 Subject: [PATCH 1/5] Updating documentation around existing headless user addition feature This closes https://github.com/angristan/openvpn-install/issues/422 --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 780412b..3d9d691 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,20 @@ Other variables can be set depending on your choice (encryption, compression). Y Password-protected clients are not supported by the headless installation method since user input is expected by Easy-RSA. +### Headless User Addition + +It's also possible to automate the addition of a new user. Here, the key is to provide the (string) value of the `MENU_OPTION` variable along with the remaining mandatory variables before invoking the script. + +The following Bash script adds a new user `foo` to an existing OpenVPN configuration +```bash +#!/bin/bash +export MENU_OPTION="1" +export CLIENT="foo" +export PASS="1" +./openvpn-install.sh +``` + + ## Features - Installs and configures a ready-to-use OpenVPN server From b8bdb1a56bf48e469a2fabfa60eec2424a5942d6 Mon Sep 17 00:00:00 2001 From: "Dominic Dumrauf (MacBook Pro 2017)" Date: Wed, 18 Sep 2019 09:03:54 +0100 Subject: [PATCH 2/5] Making Client Revocation Headless and Documenting New Feature This closes https://github.com/angristan/openvpn-install/issues/486 --- README.md | 13 +++++++++++++ openvpn-install.sh | 20 +++++++++++--------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 780412b..81b147d 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,19 @@ Other variables can be set depending on your choice (encryption, compression). Y Password-protected clients are not supported by the headless installation method since user input is expected by Easy-RSA. +### Headless User Removal + +The removal of an existing user can also be fully automated. Again, the key is to provide the (string) value of the `MENU_OPTION` variable along with the remaining mandatory variables before invoking the script. + +The following Bash script removes the existing user `bar` from an OpenVPN configuration +```bash +#!/bin/bash +export MENU_OPTION="2" +export CLIENT="bar" +./openvpn-install.sh +``` + + ## Features - Installs and configures a ready-to-use OpenVPN server diff --git a/openvpn-install.sh b/openvpn-install.sh index 45615cd..d624db4 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1072,16 +1072,18 @@ function revokeClient () { exit 1 fi - echo "" - echo "Select the existing client certificate you want to revoke" - tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' - if [[ "$NUMBEROFCLIENTS" = '1' ]]; then - read -rp "Select one client [1]: " CLIENTNUMBER - else - read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER - fi + until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do + echo "" + echo "Select the existing client certificate you want to revoke" + tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' + if [[ "$NUMBEROFCLIENTS" = '1' ]]; then + read -rp "Select one client [1]: " CLIENTNUMBER + else + read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER + fi - CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) + CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) + done cd /etc/openvpn/easy-rsa/ ./easyrsa --batch revoke "$CLIENT" EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl From 43966b9e25fb9bec6c137d7699894f40b37433dd Mon Sep 17 00:00:00 2001 From: "Dominic Dumrauf (MacBook Pro 2017)" Date: Wed, 18 Sep 2019 09:18:33 +0100 Subject: [PATCH 3/5] Documenting One-Stop Solution for AWS This closes https://github.com/angristan/openvpn-install/issues/487 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 81b147d..983c79e 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,13 @@ This script will let you setup your own secure VPN server in just a few seconds. You can also check out [wireguard-install](https://github.com/angristan/wireguard-install), a simple installer for a simpler, safer, faster and more modern VPN protocol. + +## One-Stop Solutions for the Public Cloud + +Solutions that provision a ready to use OpenVPN server based on `openvpn-install` in one go are available for + - AWS using Terraform at [`openvpn-terraform-install`](https://github.com/dumrauf/openvpn-terraform-install) and described in [Ready to Use OpenVPN Servers in AWS For Everyone](https://www.how-hard-can-it.be/openvpn-server-install-terraform-aws/) + + ## Usage First, get the script and make it executable : From 1573e8db9c878a48cfe5293ea91ab3af87ad8ed3 Mon Sep 17 00:00:00 2001 From: "Dominic Dumrauf (MacBook Pro 2017)" Date: Wed, 18 Sep 2019 09:03:54 +0100 Subject: [PATCH 4/5] Making Client Revocation Headless and Documenting New Feature This closes https://github.com/angristan/openvpn-install/issues/486 --- README.md | 12 ++++++++++++ openvpn-install.sh | 16 +++++++++------- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 23a3957..9f75d6f 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,18 @@ export PASS="1" ./openvpn-install.sh ``` +### Headless User Removal + +The removal of an existing user can also be fully automated. Again, the key is to provide the (string) value of the `MENU_OPTION` variable along with the remaining mandatory variables before invoking the script. + +The following Bash script removes the existing user `bar` from an OpenVPN configuration +```bash +#!/bin/bash +export MENU_OPTION="2" +export CLIENT="bar" +./openvpn-install.sh +``` + ## Features - Installs and configures a ready-to-use OpenVPN server diff --git a/openvpn-install.sh b/openvpn-install.sh index 685f607..3e2e8ab 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1144,14 +1144,16 @@ function revokeClient() { echo "" echo "Select the existing client certificate you want to revoke" tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' - until [[ $CLIENTNUMBER -ge 1 && $CLIENTNUMBER -le $NUMBEROFCLIENTS ]]; do - if [[ $CLIENTNUMBER == '1' ]]; then - read -rp "Select one client [1]: " CLIENTNUMBER - else - read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER - fi + until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do + until [[ $CLIENTNUMBER -ge 1 && $CLIENTNUMBER -le $NUMBEROFCLIENTS ]]; do + if [[ $CLIENTNUMBER == '1' ]]; then + read -rp "Select one client [1]: " CLIENTNUMBER + else + read -rp "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER + fi + done + CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) done - CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) cd /etc/openvpn/easy-rsa/ || return ./easyrsa --batch revoke "$CLIENT" EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl From 86d8d01f3120ec126096d060af413656b3e514b8 Mon Sep 17 00:00:00 2001 From: Slava Kostenko Date: Sun, 6 Sep 2020 00:59:24 +0400 Subject: [PATCH 5/5] Fix lint error --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 3e2e8ab..b9de242 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1144,7 +1144,7 @@ function revokeClient() { echo "" echo "Select the existing client certificate you want to revoke" tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') ' - until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do + until [[ $CLIENT =~ ^[a-zA-Z0-9_]+$ ]]; do until [[ $CLIENTNUMBER -ge 1 && $CLIENTNUMBER -le $NUMBEROFCLIENTS ]]; do if [[ $CLIENTNUMBER == '1' ]]; then read -rp "Select one client [1]: " CLIENTNUMBER