From 5f82a0740e384b58a311f785c0ad11ed3ae644f6 Mon Sep 17 00:00:00 2001 From: Orazio Date: Tue, 10 Dec 2019 19:07:08 +0100 Subject: [PATCH] Use variable, create openvpn home, add shellcheck reminder --- auto_install/install.sh | 4 ++-- scripts/uninstall.sh | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 738f544..f348939 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -19,6 +19,7 @@ debianOvpnUserGroup="openvpn:openvpn" ### PKG Vars ### PKG_MANAGER="apt-get" PKG_CACHE="/var/lib/apt/lists/" +### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086 UPDATE_PKG_CACHE="${PKG_MANAGER} update" PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" @@ -1308,8 +1309,7 @@ set_var EASYRSA_KEY_SIZE ${pivpnENCRYPT}" | $SUDO tee vars >/dev/null ${SUDOE} ./easyrsa gen-crl ${SUDOE} cp pki/crl.pem /etc/openvpn/crl.pem if ! getent passwd openvpn; then - mkdir -p /var/lib/openvpn - ${SUDOE} adduser --system --home /var/lib/openvpn/ --no-create-home --group --disabled-login ${debianOvpnUserGroup%:*} + ${SUDOE} adduser --system --home /var/lib/openvpn/ --group --disabled-login ${debianOvpnUserGroup%:*} fi ${SUDOE} chown "$debianOvpnUserGroup" /etc/openvpn/crl.pem diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index f4f6eb5..bcfbf94 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -5,6 +5,7 @@ ### FIXME: use variables where appropriate, reduce magic numbers by 99.9%, at least. PKG_MANAGER="apt-get" +subnetClass="24" setupVars="/etc/pivpn/setupVars.conf" if [ ! -f "${setupVars}" ]; then @@ -72,9 +73,9 @@ removeAll(){ ### FIXME: SC2154 ufw delete allow "${pivpnPORT}"/"${pivpnPROTO}" > /dev/null ### FIXME: SC2154 - ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any > /dev/null - sed -z "s/*nat\\n:POSTROUTING ACCEPT \\[0:0\\]\\n-I POSTROUTING -s ${pivpnNET}\\/24 -o ${IPv4dev} -j MASQUERADE\\nCOMMIT\\n\\n//" -i /etc/ufw/before.rules - iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE + ufw route delete allow in on "${pivpnDEV}" from "${pivpnNET}/${subnetClass}" out on "${IPv4dev}" to any > /dev/null + sed -z "s/*nat\\n:POSTROUTING ACCEPT \\[0:0\\]\\n-I POSTROUTING -s ${pivpnNET}\\/${subnetClass} -o ${IPv4dev} -j MASQUERADE\\nCOMMIT\\n\\n//" -i /etc/ufw/before.rules + iptables -t nat -D POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE ufw reload &> /dev/null elif [ "$USING_UFW" -eq 0 ]; then @@ -84,11 +85,11 @@ removeAll(){ fi if [ "$FORWARD_CHAIN_EDITED" -eq 1 ]; then - iptables -D FORWARD -d "${pivpnNET}/24" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -D FORWARD -s "${pivpnNET}/24" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT + iptables -D FORWARD -d "${pivpnNET}/${subnetClass}" -i "${IPv4dev}" -o "${pivpnDEV}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + iptables -D FORWARD -s "${pivpnNET}/${subnetClass}" -i "${pivpnDEV}" -o "${IPv4dev}" -j ACCEPT fi - iptables -t nat -D POSTROUTING -s "${pivpnNET}/24" -o "${IPv4dev}" -j MASQUERADE + iptables -t nat -D POSTROUTING -s "${pivpnNET}/${subnetClass}" -o "${IPv4dev}" -j MASQUERADE iptables-save > /etc/iptables/rules.v4 fi