Making Client Revocation Headless and Documenting New Feature

This closes https://github.com/angristan/openvpn-install/issues/486
2025-01-09 16:20:04 +01:00 · 2019-09-18 09:03:54 +01:00 · 2019-09-18 09:03:54 +01:00 · b8bdb1a56b
commit b8bdb1a56b
parent bc109db04f
2 changed files with 24 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -70,6 +70,19 @@ Other variables can be set depending on your choice (encryption, compression). Y

 Password-protected clients are not supported by the headless installation method since user input is expected by Easy-RSA.

+### Headless User Removal
+
+The removal of an existing user can also be fully automated. Again, the key is to provide the (string) value of the `MENU_OPTION` variable along with the remaining mandatory variables before invoking the script.
+
+The following Bash script removes the existing user `bar` from an OpenVPN configuration
+```bash
+#!/bin/bash
+export MENU_OPTION="2"
+export CLIENT="bar"
+./openvpn-install.sh
+```
+
+
 ## Features

 - Installs and configures a ready-to-use OpenVPN server
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -1072,6 +1072,7 @@ function revokeClient () {
 		exit 1
 	fi

+	until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do
 		echo ""
 		echo "Select the existing client certificate you want to revoke"
 		tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
@ -1082,6 +1083,7 @@ function revokeClient () {
 		fi

 		CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
+	done
 	cd /etc/openvpn/easy-rsa/
 	./easyrsa --batch revoke "$CLIENT"
 	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl