mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-23 13:20:16 +00:00
Merge pull request #731 from orazioedoardo/test
Custom certificate duration and more flexible names
This commit is contained in:
commit
2c82a83894
2 changed files with 34 additions and 5 deletions
|
@ -405,8 +405,7 @@ installScripts() {
|
||||||
$SUDO cp /etc/.pivpn/scripts/removeOVPN.sh /opt/pivpn/removeOVPN.sh
|
$SUDO cp /etc/.pivpn/scripts/removeOVPN.sh /opt/pivpn/removeOVPN.sh
|
||||||
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/uninstall.sh
|
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/uninstall.sh
|
||||||
$SUDO cp /etc/.pivpn/scripts/pivpnDebug.sh /opt/pivpn/pivpnDebug.sh
|
$SUDO cp /etc/.pivpn/scripts/pivpnDebug.sh /opt/pivpn/pivpnDebug.sh
|
||||||
$SUDO cp /etc/.pivpn/scripts/fix_iptables.sh /opt/pivpn/fix_iptables.sh
|
$SUDO chmod 0755 /opt/pivpn/{makeOVPN,clientStat,listOVPN,removeOVPN,uninstall,pivpnDebug}.sh
|
||||||
$SUDO chmod 0755 /opt/pivpn/{makeOVPN,clientStat,listOVPN,removeOVPN,uninstall,pivpnDebug,fix_iptables}.sh
|
|
||||||
$SUDO cp /etc/.pivpn/pivpn /usr/local/bin/pivpn
|
$SUDO cp /etc/.pivpn/pivpn /usr/local/bin/pivpn
|
||||||
$SUDO chmod 0755 /usr/local/bin/pivpn
|
$SUDO chmod 0755 /usr/local/bin/pivpn
|
||||||
$SUDO cp /etc/.pivpn/scripts/bash-completion /etc/bash_completion.d/pivpn
|
$SUDO cp /etc/.pivpn/scripts/bash-completion /etc/bash_completion.d/pivpn
|
||||||
|
|
|
@ -13,11 +13,12 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
|
||||||
helpFunc() {
|
helpFunc() {
|
||||||
echo "::: Create a client ovpn profile, optional nopass"
|
echo "::: Create a client ovpn profile, optional nopass"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-h|--help]"
|
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-d|--days <number>] [-h|--help]"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Commands:"
|
echo "::: Commands:"
|
||||||
echo "::: [none] Interactive mode"
|
echo "::: [none] Interactive mode"
|
||||||
echo "::: nopass Create a client without a password"
|
echo "::: nopass Create a client without a password"
|
||||||
|
echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)"
|
||||||
echo "::: -n,--name Name for the Client (default: '"$(hostname)"')"
|
echo "::: -n,--name Name for the Client (default: '"$(hostname)"')"
|
||||||
echo "::: -p,--password Password for the Client (no default)"
|
echo "::: -p,--password Password for the Client (no default)"
|
||||||
echo "::: -h,--help Show this help dialog"
|
echo "::: -h,--help Show this help dialog"
|
||||||
|
@ -48,6 +49,16 @@ do
|
||||||
fi
|
fi
|
||||||
PASSWD="$_val"
|
PASSWD="$_val"
|
||||||
;;
|
;;
|
||||||
|
-d|--days|--days=*)
|
||||||
|
_val="${_key##--days=}"
|
||||||
|
if test "$_val" = "$_key"
|
||||||
|
then
|
||||||
|
test $# -lt 2 && echo "Missing value for the optional argument '$_key'." && exit 1
|
||||||
|
_val="$2"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
DAYS="$_val"
|
||||||
|
;;
|
||||||
-h|--help)
|
-h|--help)
|
||||||
helpFunc
|
helpFunc
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -71,6 +82,7 @@ function keynoPASS() {
|
||||||
#Build the client key
|
#Build the client key
|
||||||
expect << EOF
|
expect << EOF
|
||||||
set timeout -1
|
set timeout -1
|
||||||
|
set env(EASYRSA_CERT_EXPIRE) "${DAYS}"
|
||||||
spawn ./easyrsa build-client-full "${NAME}" nopass
|
spawn ./easyrsa build-client-full "${NAME}" nopass
|
||||||
expect eof
|
expect eof
|
||||||
EOF
|
EOF
|
||||||
|
@ -115,6 +127,7 @@ function keyPASS() {
|
||||||
|
|
||||||
expect << EOF
|
expect << EOF
|
||||||
set timeout -1
|
set timeout -1
|
||||||
|
set env(EASYRSA_CERT_EXPIRE) "${DAYS}"
|
||||||
spawn ./easyrsa build-client-full "${NAME}"
|
spawn ./easyrsa build-client-full "${NAME}"
|
||||||
expect "Enter PEM pass phrase" { send -- "${PASSWD}\r" }
|
expect "Enter PEM pass phrase" { send -- "${PASSWD}\r" }
|
||||||
expect "Verifying - Enter PEM pass phrase" { send -- "${PASSWD}\r" }
|
expect "Verifying - Enter PEM pass phrase" { send -- "${PASSWD}\r" }
|
||||||
|
@ -129,8 +142,13 @@ if [ -z "${NAME}" ]; then
|
||||||
read -r NAME
|
read -r NAME
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "${NAME}" =~ [^a-zA-Z0-9\-] ]]; then
|
if [[ ${NAME::1} == "." ]] || [[ ${NAME::1} == "-" ]]; then
|
||||||
echo "Name can only contain alphanumeric characters and dashes (-)."
|
echo "Names cannot start with a dot (.) or a dash (-)."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${NAME}" =~ [^a-zA-Z0-9\.\-\@\_] ]]; then
|
||||||
|
echo "Name can only contain alphanumeric characters and these characters (.-@_)."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -164,6 +182,18 @@ if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ];
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example
|
||||||
|
if [ -z "${DAYS}" ]; then
|
||||||
|
read -r -e -p "How many days should the certificate last? " -i 1080 DAYS
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then
|
||||||
|
#The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer
|
||||||
|
echo "Please input a valid number of days, between 1 and 3650 inclusive."
|
||||||
|
exit 1
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
cd /etc/openvpn/easy-rsa || exit
|
cd /etc/openvpn/easy-rsa || exit
|
||||||
|
|
||||||
if [[ "${NO_PASS}" =~ "1" ]]; then
|
if [[ "${NO_PASS}" =~ "1" ]]; then
|
||||||
|
|
Loading…
Reference in a new issue