Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-19 03:10:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #950 from pivpn/test

Browse source 
Merge test into master
This commit is contained in:
Orazio 2020-02-17 16:12:05 +01:00 committed by GitHub
commit 1f7b4b7f2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 166 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

99
auto_install/install.sh
View file

@ -14,6 +14,8 @@
pivpnGitUrl="https://github.com/pivpn/pivpn.git" pivpnGitUrl="https://github.com/pivpn/pivpn.git"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
pivpnFilesDir="/etc/.pivpn" pivpnFilesDir="/etc/.pivpn"
piholeSetupVars="/etc/pihole/setupVars.conf"
dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"
### PKG Vars ### ### PKG Vars ###
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
@ -42,6 +44,11 @@ debianOvpnUserGroup="openvpn:openvpn"
UNATTUPG_RELEASE="1.16" UNATTUPG_RELEASE="1.16"
UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz" UNATTUPG_CONFIG="https://github.com/mvo5/unattended-upgrades/archive/${UNATTUPG_RELEASE}.tar.gz"
# GPG fingerprints (you can look them up at https://keyserver.ubuntu.com)
OPENVPN_REPO_KEY="0x30ebf4e73cce63eee124dd278e6da8b4e158c569"
DEBIAN_STRETCH_KEY="0xe1cf20ddffe4b89e802658f1e0b11894f66aec98"
DEBIAN_BUSTER_KEY="0x80d15823b7fd1561f9f7bcdddc30d7c23cbbabee"
# Find the rows and columns. Will default to 80x24 if it can not be detected. # Find the rows and columns. Will default to 80x24 if it can not be detected.
screen_size=$(stty size 2>/dev/null || echo 24 80) screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo "$screen_size" | awk '{print $1}') rows=$(echo "$screen_size" | awk '{print $1}')
@ -417,9 +424,10 @@ notifyPackageUpdatesAvailable(){
} }
preconfigurePackages(){ preconfigurePackages(){
# Add support for https repositories if there are any that use it otherwise the installation will silently fail # Add support for https repositories that will be used later on
if [[ -f /etc/apt/sources.list ]]; then if [[ -f /etc/apt/sources.list ]]; then
if grep -q https /etc/apt/sources.list; then # buster and bionic have apt >= 1.5 which has https support built in
if [[ ${OSCN} != "buster" ]] && [[ ${OSCN} != "bionic" ]]; then
BASE_DEPS+=("apt-transport-https") BASE_DEPS+=("apt-transport-https")
fi fi
fi fi
@ -432,7 +440,7 @@ preconfigurePackages(){
# if ufw is enabled, configure that. # if ufw is enabled, configure that.
# running as root because sometimes the executable is not in the user's $PATH # running as root because sometimes the executable is not in the user's $PATH
if $SUDO bash -c 'command -v ufw' > /dev/null; then if $SUDO bash -c 'command -v ufw' > /dev/null; then
if LANG=en_US.UTF-8 $SUDO ufw status | grep -q inactive; then if LC_ALL=C $SUDO ufw status | grep -q inactive; then
USING_UFW=0 USING_UFW=0
else else
USING_UFW=1 USING_UFW=1
@ -1030,7 +1038,11 @@ askWhichVPN(){
fi fi
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
# Since WireGuard only uses UDP, askCustomProto() is never called so we
# set the protocol here (it's not actually required to save the value, but
# it might be useful for the user when port forwarding).
pivpnPROTO="udp" pivpnPROTO="udp"
echo "pivpnPROTO=${pivpnPROTO}" >> /tmp/setupVars.conf
pivpnDEV="wg0" pivpnDEV="wg0"
pivpnNET="10.6.0.0" pivpnNET="10.6.0.0"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
@ -1040,6 +1052,9 @@ askWhichVPN(){
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
echo "VPN=${VPN}" >> /tmp/setupVars.conf echo "VPN=${VPN}" >> /tmp/setupVars.conf
echo "pivpnDEV=${pivpnDEV}" >> /tmp/setupVars.conf
echo "pivpnNET=${pivpnNET}" >> /tmp/setupVars.conf
echo "subnetClass=${subnetClass}" >> /tmp/setupVars.conf
} }
installOpenVPN(){ installOpenVPN(){
@ -1048,7 +1063,8 @@ installOpenVPN(){
echo "::: Installing OpenVPN from Debian package... " echo "::: Installing OpenVPN from Debian package... "
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
# gnupg is used to add the openvpn PGP key to the APT keyring # gnupg is used by apt-key to import the openvpn GPG key into the
# APT keyring
PIVPN_DEPS=(gnupg) PIVPN_DEPS=(gnupg)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
@ -1056,7 +1072,10 @@ installOpenVPN(){
# has already enabled the openvpn repository or not, just to make sure # has already enabled the openvpn repository or not, just to make sure
# we have the right key # we have the right key
echo "::: Adding repository key..." echo "::: Adding repository key..."
wget -qO- https://swupdate.openvpn.net/repos/repo-public.gpg | $SUDO apt-key add - if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$OPENVPN_REPO_KEY"; then
echo "::: Failed to import OpenVPN GPG key"
exit 1
fi
if ! grep -qR "deb http.\?://build.openvpn.net/debian/openvpn/stable.\? $OSCN main" /etc/apt/sources.list*; then if ! grep -qR "deb http.\?://build.openvpn.net/debian/openvpn/stable.\? $OSCN main" /etc/apt/sources.list*; then
echo "::: Adding OpenVPN repository... " echo "::: Adding OpenVPN repository... "
@ -1130,12 +1149,16 @@ installWireGuard(){
if [ "$(uname -m)" = "armv7l" ]; then if [ "$(uname -m)" = "armv7l" ]; then
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
# dirmngr is used to download repository keys for the unstable repo # dirmngr is used by apt-key to import the debian GPG keys for the unstable
# repo into the APT keyring.
PIVPN_DEPS=(dirmngr) PIVPN_DEPS=(dirmngr)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
echo "::: Adding repository keys..." echo "::: Adding repository keys..."
$SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138 if ! $SUDO apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$DEBIAN_STRETCH_KEY" "$DEBIAN_BUSTER_KEY"; then
echo "::: Failed to import Debian GPG keys"
exit 1
fi
# This regular expression should match combinations like http[s]://mirror.example.com/debian[/] unstable main # This regular expression should match combinations like http[s]://mirror.example.com/debian[/] unstable main
if ! grep -qR 'deb http.\?://.*/debian.\? unstable main' /etc/apt/sources.list*; then if ! grep -qR 'deb http.\?://.*/debian.\? unstable main' /etc/apt/sources.list*; then
@ -1157,7 +1180,7 @@ installWireGuard(){
elif [ "$(uname -m)" = "armv6l" ]; then elif [ "$(uname -m)" = "armv6l" ]; then
echo "::: Installing WireGuard from source... " echo "::: Installing WireGuard from source... "
PIVPN_DEPS=(checkinstall dkms libmnl-dev libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode jq) PIVPN_DEPS=(checkinstall dkms libelf-dev raspberrypi-kernel-headers build-essential pkg-config qrencode jq)
installDependentPackages PIVPN_DEPS[@] installDependentPackages PIVPN_DEPS[@]
# Delete any leftover code # Delete any leftover code
@ -1417,8 +1440,34 @@ askClientDNS(){
# Detect and offer to use Pi-hole # Detect and offer to use Pi-hole
if command -v pihole > /dev/null; then if command -v pihole > /dev/null; then
if (whiptail --backtitle "Setup PiVPN" --title "Pi-hole" --yesno "We have detected a Pi-hole installation, do you want to use it as the DNS server for the VPN, so you get ad blocking on the go?" ${r} ${c}); then if (whiptail --backtitle "Setup PiVPN" --title "Pi-hole" --yesno "We have detected a Pi-hole installation, do you want to use it as the DNS server for the VPN, so you get ad blocking on the go?" ${r} ${c}); then
if [ ! -r "$piholeSetupVars" ]; then
echo "::: Unable to read $piholeSetupVars"
exit 1
fi
# Add a custom hosts file for VPN clients so they appear as 'name.pivpn' in the
# Pi-hole dashboard as well as resolve by their names.
echo "addn-hosts=/etc/pivpn/hosts.$VPN" | $SUDO tee "$dnsmasqConfig" > /dev/null
# Then create an empty hosts file or clear if it exists.
$SUDO bash -c "> /etc/pivpn/hosts.$VPN"
# If the listening behavior is "Listen only on interface whatever", which is the
# default, tell dnsmasq to listen on the VPN interface as well. Other listening
# behaviors are permissive enough.
# Source in a subshell to prevent overwriting script's variables
DNSMASQ_LISTENING="$(source "$piholeSetupVars" && echo "${DNSMASQ_LISTENING}")"
# $DNSMASQ_LISTENING is not set if you never edit/save settings in the DNS page,
# so if the variable is empty, we still add the 'interface=' directive.
if [ -z "${DNSMASQ_LISTENING}" ] || [ "${DNSMASQ_LISTENING}" = "single" ]; then
echo "interface=$pivpnDEV" | $SUDO tee -a "$dnsmasqConfig" > /dev/null
fi
# Use the Raspberry Pi VPN IP as DNS server.
pivpnDNS1="$vpnGw" pivpnDNS1="$vpnGw"
echo "interface=$pivpnDEV" | $SUDO tee /etc/dnsmasq.d/02-pivpn.conf > /dev/null
echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf echo "pivpnDNS1=${pivpnDNS1}" >> /tmp/setupVars.conf
echo "pivpnDNS2=${pivpnDNS2}" >> /tmp/setupVars.conf echo "pivpnDNS2=${pivpnDNS2}" >> /tmp/setupVars.conf
return return
@ -1720,6 +1769,13 @@ askEncryption(){
echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> /tmp/setupVars.conf echo "USE_PREDEFINED_DH_PARAM=${USE_PREDEFINED_DH_PARAM}" >> /tmp/setupVars.conf
} }
cidrToMask(){
# Source: https://stackoverflow.com/a/20767392
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
[ $1 -gt 1 ] && shift $1 || shift
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
confOpenVPN(){ confOpenVPN(){
# Grab the existing Hostname # Grab the existing Hostname
host_name=$(hostname -s) host_name=$(hostname -s)
@ -1731,12 +1787,22 @@ confOpenVPN(){
# Backup the openvpn folder # Backup the openvpn folder
OPENVPN_BACKUP="openvpn_$(date +%Y-%m-%d-%H%M%S).tar.gz" OPENVPN_BACKUP="openvpn_$(date +%Y-%m-%d-%H%M%S).tar.gz"
echo "::: Backing up the openvpn folder to /etc/${OPENVPN_BACKUP}" echo "::: Backing up the openvpn folder to /etc/${OPENVPN_BACKUP}"
CURRENT_UMASK=$(umask)
umask 0077
$SUDO tar czf "/etc/${OPENVPN_BACKUP}" /etc/openvpn &> /dev/null $SUDO tar czf "/etc/${OPENVPN_BACKUP}" /etc/openvpn &> /dev/null
umask "$CURRENT_UMASK"
if [ -f /etc/openvpn/server.conf ]; then if [ -f /etc/openvpn/server.conf ]; then
$SUDO rm /etc/openvpn/server.conf $SUDO rm /etc/openvpn/server.conf
fi fi
if [ -d /etc/openvpn/ccd ]; then
$SUDO rm -rf /etc/openvpn/ccd
fi
# Create folder to store client specific directives used to push static IPs
$SUDO mkdir /etc/openvpn/ccd
# If easy-rsa exists, remove it # If easy-rsa exists, remove it
if [[ -d /etc/openvpn/easy-rsa/ ]]; then if [[ -d /etc/openvpn/easy-rsa/ ]]; then
$SUDO rm -rf /etc/openvpn/easy-rsa/ $SUDO rm -rf /etc/openvpn/easy-rsa/
@ -1853,6 +1919,16 @@ set_var EASYRSA_ALGO ${pivpnCERT}" | $SUDO tee vars >/dev/null
$SUDO sed -i "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" /etc/openvpn/server.conf $SUDO sed -i "s#\\(dh /etc/openvpn/easy-rsa/pki/dh\\).*#\\1${pivpnENCRYPT}.pem#" /etc/openvpn/server.conf
fi fi
# if they modified VPN network put value in server.conf
if [ "$pivpnNET" != "10.8.0.0" ]; then
$SUDO sed -i "s/10.8.0.0/${pivpnNET}/g" /etc/openvpn/server.conf
fi
# if they modified VPN subnet class put value in server.conf
if [ "$(cidrToMask "$subnetClass")" != "255.255.255.0" ]; then
$SUDO sed -i "s/255.255.255.0/$(cidrToMask "$subnetClass")/g" /etc/openvpn/server.conf
fi
# if they modified port put value in server.conf # if they modified port put value in server.conf
if [ "$pivpnPORT" != 1194 ]; then if [ "$pivpnPORT" != 1194 ]; then
$SUDO sed -i "s/1194/${pivpnPORT}/g" /etc/openvpn/server.conf $SUDO sed -i "s/1194/${pivpnPORT}/g" /etc/openvpn/server.conf
@ -1901,7 +1977,10 @@ confWireGuard(){
# Backup the wireguard folder # Backup the wireguard folder
WIREGUARD_BACKUP="wireguard_$(date +%Y-%m-%d-%H%M%S).tar.gz" WIREGUARD_BACKUP="wireguard_$(date +%Y-%m-%d-%H%M%S).tar.gz"
echo "::: Backing up the wireguard folder to /etc/${WIREGUARD_BACKUP}" echo "::: Backing up the wireguard folder to /etc/${WIREGUARD_BACKUP}"
CURRENT_UMASK=$(umask)
umask 0077
$SUDO tar czf "/etc/${WIREGUARD_BACKUP}" /etc/wireguard &> /dev/null $SUDO tar czf "/etc/${WIREGUARD_BACKUP}" /etc/wireguard &> /dev/null
umask "$CURRENT_UMASK"
if [ -f /etc/wireguard/wg0.conf ]; then if [ -f /etc/wireguard/wg0.conf ]; then
$SUDO rm /etc/wireguard/wg0.conf $SUDO rm /etc/wireguard/wg0.conf
@ -2078,7 +2157,7 @@ restartServices(){
;; ;;
esac esac
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then if [ -f "$dnsmasqConfig" ]; then
$SUDO pihole restartdns $SUDO pihole restartdns
fi fi
} }

1
files/etc/openvpn/server_config.txt
View file

@ -17,6 +17,7 @@ push "block-outside-dns"
# overriding but not wiping out the original default gateway. # overriding but not wiping out the original default gateway.
push "redirect-gateway def1" push "redirect-gateway def1"
client-to-client client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120 keepalive 15 120
remote-cert-tls client remote-cert-tls client
tls-version-min 1.2 tls-version-min 1.2

29
scripts/openvpn/makeOVPN.sh
View file

@ -405,6 +405,35 @@ else
fi fi
cidrToMask(){
# Source: https://stackoverflow.com/a/20767392
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
[ $1 -gt 1 ] && shift $1 || shift
echo ${1-0}.${2-0}.${3-0}.${4-0}
}
NET_REDUCED="${pivpnNET::-2}"
# Find an unused number for the last octet of the client IP
for i in {2..254}; do
# find returns 0 if the folder is empty, so we create the 'ls -A [...]'
# exception to stop at the first static IP (10.8.0.2). Otherwise it would
# cycle to the end without finding and available octet.
if [ -z "$(ls -A /etc/openvpn/ccd)" ] || ! find /etc/openvpn/ccd -type f -exec grep -q "${NET_REDUCED}.${i}" {} +; then
COUNT="${i}"
echo "ifconfig-push ${NET_REDUCED}.${i} $(cidrToMask "$subnetClass")" >> /etc/openvpn/ccd/"${NAME}"
break
fi
done
if [ -f /etc/pivpn/hosts.openvpn ]; then
echo "${NET_REDUCED}.${COUNT} ${NAME}.pivpn" >> /etc/pivpn/hosts.openvpn
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
fi
# Copy the .ovpn profile to the home directory for convenient remote access # Copy the .ovpn profile to the home directory for convenient remote access
cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT" cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$install_home/ovpns/$NAME$FILEEXT"

15
scripts/openvpn/removeOVPN.sh
View file

@ -120,8 +120,23 @@ for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key"
rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt"
# Grab the client IP address
NET_REDUCED="${pivpnNET::-2}"
STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}")
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn"
rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn"
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# If using Pi-hole, remove the client from the hosts file
if [ -f /etc/pivpn/hosts.openvpn ]; then
sed "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" -i /etc/pivpn/hosts.openvpn
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
fi
done done
printf "::: Completed!\n" printf "::: Completed!\n"

6
scripts/self_check.sh
View file

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
subnetClass="24"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
ERR=0 ERR=0
@ -12,14 +11,9 @@ fi
source "${setupVars}" source "${setupVars}"
if [ "$VPN" = "wireguard" ]; then if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
VPN_SERVICE="wg-quick@wg0" VPN_SERVICE="wg-quick@wg0"
VPN_PRETTY_NAME="WireGuard" VPN_PRETTY_NAME="WireGuard"
elif [ "$VPN" = "openvpn" ]; then elif [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
VPN_SERVICE="openvpn" VPN_SERVICE="openvpn"
VPN_PRETTY_NAME="OpenVPN" VPN_PRETTY_NAME="OpenVPN"
fi fi

17
scripts/uninstall.sh
View file

@ -6,7 +6,7 @@
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update"
subnetClass="24" dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"
setupVars="/etc/pivpn/setupVars.conf" setupVars="/etc/pivpn/setupVars.conf"
if [ ! -f "${setupVars}" ]; then if [ ! -f "${setupVars}" ]; then
@ -59,16 +59,6 @@ removeAll(){
# Removing firewall rules. # Removing firewall rules.
echo "::: Removing firewall rules..." echo "::: Removing firewall rules..."
### FIXME: introduce global config space!
if [ "$VPN" = "wireguard" ]; then
pivpnPROTO="udp"
pivpnDEV="wg0"
pivpnNET="10.6.0.0"
elif [ "$VPN" = "openvpn" ]; then
pivpnDEV="tun0"
pivpnNET="10.8.0.0"
fi
if [ "$USING_UFW" -eq 1 ]; then if [ "$USING_UFW" -eq 1 ]; then
### FIXME: SC2154 ### FIXME: SC2154
@ -176,8 +166,8 @@ removeAll(){
# Removing pivpn files # Removing pivpn files
echo "::: Removing pivpn system files..." echo "::: Removing pivpn system files..."
if [ -f /etc/dnsmasq.d/02-pivpn.conf ]; then if [ -f "$dnsmasqConfig" ]; then
rm -f /etc/dnsmasq.d/02-pivpn.conf rm -f "$dnsmasqConfig"
pihole restartdns pihole restartdns
fi fi
@ -202,6 +192,7 @@ removeAll(){
rm -f /etc/openvpn/server.conf rm -f /etc/openvpn/server.conf
rm -f /etc/openvpn/crl.pem rm -f /etc/openvpn/crl.pem
rm -rf /etc/openvpn/easy-rsa rm -rf /etc/openvpn/easy-rsa
rm -rf /etc/openvpn/ccd
rm -rf "$install_home/ovpns" rm -rf "$install_home/ovpns"
fi fi

15
scripts/wireguard/makeCONF.sh
View file

@ -86,9 +86,11 @@ for i in {2..254}; do
fi fi
done done
NET_REDUCED="${pivpnNET::-2}"
echo -n "[Interface] echo -n "[Interface]
PrivateKey = $(cat "keys/${CLIENT_NAME}_priv") PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")
Address = 10.6.0.${COUNT}/24 Address = ${NET_REDUCED}.${COUNT}/${subnetClass}
DNS = ${pivpnDNS1}" > "configs/${CLIENT_NAME}.conf" DNS = ${pivpnDNS1}" > "configs/${CLIENT_NAME}.conf"
if [ -n "${pivpnDNS2}" ]; then if [ -n "${pivpnDNS2}" ]; then
@ -109,10 +111,19 @@ echo "# begin ${CLIENT_NAME}
[Peer] [Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub") PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat keys/psk) PresharedKey = $(cat keys/psk)
AllowedIPs = 10.6.0.${COUNT}/32 AllowedIPs = ${NET_REDUCED}.${COUNT}/32
# end ${CLIENT_NAME}" >> wg0.conf # end ${CLIENT_NAME}" >> wg0.conf
echo "::: Updated server config" echo "::: Updated server config"
if [ -f /etc/pivpn/hosts.wireguard ]; then
echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" >> /etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
fi
if systemctl restart wg-quick@wg0; then if systemctl restart wg-quick@wg0; then
echo "::: WireGuard restarted" echo "::: WireGuard restarted"
else else

13
scripts/wireguard/removeCONF.sh
View file

@ -101,9 +101,20 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
fi fi
done done
((DELETED_COUNT++))
echo "::: Successfully deleted ${CLIENT_NAME}" echo "::: Successfully deleted ${CLIENT_NAME}"
((DELETED_COUNT++)) # If using Pi-hole, remove the client from the hosts file
if [ -f /etc/pivpn/hosts.wireguard ]; then
NET_REDUCED="${pivpnNET::-2}"
sed "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
fi
fi fi
fi fi