Implement the "planetahuevo enhancement", IE the ability to

generate a client cert with no password. Run 'pivpn add nopass'

auto_install/install.sh

@@ -125,7 +125,7 @@ chooseUser() {
 
 
 verifyFreeDiskSpace() {
-    # I have no idea what the minimum space needed is, but checking for at least 50MB sounds like a good idea.
+    # Seems we need about 30MB so checking for at least 50MB sounds like a good idea.
     requiredFreeBytes=51200
 
     existingFreeBytes=$(df -lk / 2>&1 | awk '{print $4}' | head -2 | tail -1)

pivpn

@@ -11,7 +11,8 @@ if [[ ! $EUID -eq 0 ]];then
 fi
 
 function makeOVPNFunc {
-    $SUDO /opt/pivpn/makeOVPN.sh
+    shift
+    $SUDO /opt/pivpn/makeOVPN.sh "$@"
     exit 1
 }
 
@@ -42,10 +43,10 @@ function versionFunc {
 function helpFunc {
     echo "::: Control all PiVPN specific functions!"
     echo ":::"
-    echo "::: Usage: pivpn [options]"
+    echo "::: Usage: pivpn <command> [option]"
     echo ":::"
-    echo "::: Options:"
+    echo "::: Commands:"
-    echo ":::  -a, add              Create a client ovpn profile"
+    echo ":::  -a, add [nopass]     Create a client ovpn profile, optional nopass"
     echo ":::  -d, debug            Start a debugging session if having trouble"
     echo ":::  -l, list             List all valid and revoked certificates"
     echo ":::  -r, revoke           Revoke a client ovpn profile"
@@ -60,7 +61,7 @@ fi
 
 # Handle redirecting to specific functions based on arguments
 case "$1" in
-"-a" | "add"                ) makeOVPNFunc;;
+"-a" | "add"                ) makeOVPNFunc "$@";;
 "-d" | "debug"              ) debugFunc;;
 "-l" | "list"               ) listOVPNFunc;;
 "-r" | "revoke"             ) removeOVPNFunc;;

scripts/makeOVPN.sh

@@ -10,55 +10,94 @@ CA="ca.crt"
 TA="ta.key" 
 INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
 
+# Functions def
+
+function keynoPASS() {
+
+    # Override key def
+    KEY=".key"
+
+    #Build the client key
+    expect << EOF
+    spawn ./build-key $NAME
+    expect "Country Name" { send "\r" }
+    expect "State or Province Name" { send "\r" }
+    expect "Locality Name" { send "\r" }
+    expect "Organization Name" { send "\r" }
+    expect "Organizational Unit" { send "\r" }
+    expect "Common Name" { send "\r" }
+    expect "Name" { send "\r" }
+    expect "Email Address" { send "\r" }
+    expect "challenge password" { send "\r" }
+    expect "optional company name" { send "\r" }
+    expect "Sign the certificate" { send "y\r" }
+    expect "commit" { send "y\r" }
+    expect eof
+EOF
+
+    cd keys
+
+}
+
+function keyPASS() {
+
+    stty -echo
+    while true
+    do
+        printf "Enter the password for the Client:  "
+        read PASSWD
+        printf "\n"
+        printf "Enter the password again to verify:  "
+        read PASSWD2
+        printf "\n"
+        [ "$PASSWD" = "$PASSWD2" ] && break
+        printf "Passwords do not match! Please try again.\n"
+    done
+    stty echo
+
+    #Build the client key and then encrypt the key
+
+    expect << EOF
+    spawn ./build-key-pass $NAME
+    expect "Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Country Name" { send "\r" }
+    expect "State or Province Name" { send "\r" }
+    expect "Locality Name" { send "\r" }
+    expect "Organization Name" { send "\r" }
+    expect "Organizational Unit" { send "\r" }
+    expect "Common Name" { send "\r" }
+    expect "Name" { send "\r" }
+    expect "Email Address" { send "\r" }
+    expect "challenge password" { send "\r" }
+    expect "optional company name" { send "\r" }
+    expect "Sign the certificate" { send "y\r" }
+    expect "commit" { send "y\r" }
+    expect eof
+EOF
+
+    cd keys
+
+    expect << EOF
+    spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
+    expect "Enter pass phrase for" { send "$PASSWD\r" }
+    expect "Enter PEM pass phrase" { send "$PASSWD\r" }
+    expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
+    expect eof
+EOF
+}
+
 printf "Enter a Name for the Client:  "
 read NAME
 
-stty -echo
-while true
-do
-    printf "Enter the password for the Client:  "
-    read PASSWD
-    printf "\n"
-    printf "Enter the password again to verify:  "
-    read PASSWD2
-    printf "\n"
-    [ "$PASSWD" = "$PASSWD2" ] && break
-    printf "Passwords do not match! Please try again.\n"
-done
-stty echo
-
-#Build the client key and then encrypt the key
 cd /etc/openvpn/easy-rsa
 source /etc/openvpn/easy-rsa/vars
 
-expect << EOF
+if [[ "$@" =~ "nopass" ]]; then
-spawn ./build-key-pass $NAME
+    keynoPASS
-expect "Enter PEM pass phrase" { send "$PASSWD\r" }
+else
-expect "Verifying - Enter PEM pass phrase" { send "$PASSWD\r" }
+    keyPASS
-expect "Country Name" { send "\r" }
+fi
-expect "State or Province Name" { send "\r" }
-expect "Locality Name" { send "\r" }
-expect "Organization Name" { send "\r" }
-expect "Organizational Unit" { send "\r" }
-expect "Common Name" { send "\r" }
-expect "Name" { send "\r" }
-expect "Email Address" { send "\r" }
-expect "challenge password" { send "\r" }
-expect "optional company name" { send "\r" }
-expect "Sign the certificate" { send "y\r" }
-expect "commit" { send "y\r" }
-expect eof
-EOF
-
-cd keys
-
-expect << EOF
-spawn openssl rsa -in $NAME$OKEY -des3 -out $NAME$KEY
-expect "Enter pass phrase for" { send "$PASSWD\r" }
-expect "Enter PEM pass phrase" { send "$PASSWD\r" }
-expect "Verifying - Enter PEM pass" { send "$PASSWD\r" }
-expect eof
-EOF
  
 #1st Verify that clients Public Key Exists 
 if [ ! -f $NAME$CRT ]; then