1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-23 13:20:16 +00:00

Merge pull request from orazioedoardo/test

Custom certificate duration and more flexible names
This commit is contained in:
4s3ti 2019-05-10 18:51:14 +02:00 committed by GitHub
commit 2c82a83894
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 5 deletions
auto_install
scripts

View file

@ -405,8 +405,7 @@ installScripts() {
$SUDO cp /etc/.pivpn/scripts/removeOVPN.sh /opt/pivpn/removeOVPN.sh $SUDO cp /etc/.pivpn/scripts/removeOVPN.sh /opt/pivpn/removeOVPN.sh
$SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/uninstall.sh $SUDO cp /etc/.pivpn/scripts/uninstall.sh /opt/pivpn/uninstall.sh
$SUDO cp /etc/.pivpn/scripts/pivpnDebug.sh /opt/pivpn/pivpnDebug.sh $SUDO cp /etc/.pivpn/scripts/pivpnDebug.sh /opt/pivpn/pivpnDebug.sh
$SUDO cp /etc/.pivpn/scripts/fix_iptables.sh /opt/pivpn/fix_iptables.sh $SUDO chmod 0755 /opt/pivpn/{makeOVPN,clientStat,listOVPN,removeOVPN,uninstall,pivpnDebug}.sh
$SUDO chmod 0755 /opt/pivpn/{makeOVPN,clientStat,listOVPN,removeOVPN,uninstall,pivpnDebug,fix_iptables}.sh
$SUDO cp /etc/.pivpn/pivpn /usr/local/bin/pivpn $SUDO cp /etc/.pivpn/pivpn /usr/local/bin/pivpn
$SUDO chmod 0755 /usr/local/bin/pivpn $SUDO chmod 0755 /usr/local/bin/pivpn
$SUDO cp /etc/.pivpn/scripts/bash-completion /etc/bash_completion.d/pivpn $SUDO cp /etc/.pivpn/scripts/bash-completion /etc/bash_completion.d/pivpn

View file

@ -13,11 +13,12 @@ INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
helpFunc() { helpFunc() {
echo "::: Create a client ovpn profile, optional nopass" echo "::: Create a client ovpn profile, optional nopass"
echo ":::" echo ":::"
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-h|--help]" echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-d|--days <number>] [-h|--help]"
echo ":::" echo ":::"
echo "::: Commands:" echo "::: Commands:"
echo "::: [none] Interactive mode" echo "::: [none] Interactive mode"
echo "::: nopass Create a client without a password" echo "::: nopass Create a client without a password"
echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)"
echo "::: -n,--name Name for the Client (default: '"$(hostname)"')" echo "::: -n,--name Name for the Client (default: '"$(hostname)"')"
echo "::: -p,--password Password for the Client (no default)" echo "::: -p,--password Password for the Client (no default)"
echo "::: -h,--help Show this help dialog" echo "::: -h,--help Show this help dialog"
@ -48,6 +49,16 @@ do
fi fi
PASSWD="$_val" PASSWD="$_val"
;; ;;
-d|--days|--days=*)
_val="${_key##--days=}"
if test "$_val" = "$_key"
then
test $# -lt 2 && echo "Missing value for the optional argument '$_key'." && exit 1
_val="$2"
shift
fi
DAYS="$_val"
;;
-h|--help) -h|--help)
helpFunc helpFunc
exit 0 exit 0
@ -71,6 +82,7 @@ function keynoPASS() {
#Build the client key #Build the client key
expect << EOF expect << EOF
set timeout -1 set timeout -1
set env(EASYRSA_CERT_EXPIRE) "${DAYS}"
spawn ./easyrsa build-client-full "${NAME}" nopass spawn ./easyrsa build-client-full "${NAME}" nopass
expect eof expect eof
EOF EOF
@ -115,6 +127,7 @@ function keyPASS() {
expect << EOF expect << EOF
set timeout -1 set timeout -1
set env(EASYRSA_CERT_EXPIRE) "${DAYS}"
spawn ./easyrsa build-client-full "${NAME}" spawn ./easyrsa build-client-full "${NAME}"
expect "Enter PEM pass phrase" { send -- "${PASSWD}\r" } expect "Enter PEM pass phrase" { send -- "${PASSWD}\r" }
expect "Verifying - Enter PEM pass phrase" { send -- "${PASSWD}\r" } expect "Verifying - Enter PEM pass phrase" { send -- "${PASSWD}\r" }
@ -129,8 +142,13 @@ if [ -z "${NAME}" ]; then
read -r NAME read -r NAME
fi fi
if [[ "${NAME}" =~ [^a-zA-Z0-9\-] ]]; then if [[ ${NAME::1} == "." ]] || [[ ${NAME::1} == "-" ]]; then
echo "Name can only contain alphanumeric characters and dashes (-)." echo "Names cannot start with a dot (.) or a dash (-)."
exit 1
fi
if [[ "${NAME}" =~ [^a-zA-Z0-9\.\-\@\_] ]]; then
echo "Name can only contain alphanumeric characters and these characters (.-@_)."
exit 1 exit 1
fi fi
@ -164,6 +182,18 @@ if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ];
exit 1 exit 1
fi fi
#As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example
if [ -z "${DAYS}" ]; then
read -r -e -p "How many days should the certificate last? " -i 1080 DAYS
fi
if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then
#The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer
echo "Please input a valid number of days, between 1 and 3650 inclusive."
exit 1
fi
cd /etc/openvpn/easy-rsa || exit cd /etc/openvpn/easy-rsa || exit
if [[ "${NO_PASS}" =~ "1" ]]; then if [[ "${NO_PASS}" =~ "1" ]]; then