diff --git a/auto_install/install.sh b/auto_install/install.sh index 93fef2e..2d99876 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -187,9 +187,9 @@ chooseUser() { chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty) if [[ $? = 0 ]]; then for desiredUser in ${chooseUserOptions}; do - pivpnUser=${desiredUser} - echo "::: Using User: $pivpnUser" - echo "${pivpnUser}" > /tmp/pivpnUSR + INSTALL_USER=${desiredUser} + echo "::: Using User: $INSTALL_USER" + echo "${INSTALL_USER}" > /tmp/INSTALL_USER done else echo "::: Cancel selected, exiting...." @@ -398,7 +398,7 @@ installScripts() { $SUDO echo -n "::: Installing scripts to /opt/pivpn..." if [ ! -d /opt/pivpn ]; then $SUDO mkdir /opt/pivpn - $SUDO chown "$pivpnUser":root /opt/pivpn + $SUDO chown "$INSTALL_USER":root /opt/pivpn $SUDO chmod 0755 /opt/pivpn fi $SUDO cp /etc/.pivpn/scripts/makeOVPN.sh /opt/pivpn/makeOVPN.sh @@ -1074,7 +1074,7 @@ confOVPN() { exit 1 fi fi - $SUDO cp /tmp/pivpnUSR /etc/pivpn/INSTALL_USER + $SUDO cp /tmp/INSTALL_USER /etc/pivpn/INSTALL_USER $SUDO cp /tmp/DET_PLATFORM /etc/pivpn/DET_PLATFORM $SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt @@ -1132,10 +1132,10 @@ confOVPN() { $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/pki/Default.txt INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) - if [ ! -d "$INSTALL_HOME/ovpns" ]; then + if [ ! -d "$INSTALL_HOME/ovpns" ]; then $SUDO mkdir "$INSTALL_HOME/ovpns" fi - $SUDO chmod 0750 -R "$INSTALL_HOME/ovpns" + $SUDO chmod 0750 "$INSTALL_HOME/ovpns" } confLogging() { @@ -1170,10 +1170,10 @@ if \$programname == 'ovpn-server' then stop" | $SUDO tee /etc/rsyslog.d/30-openv finalExports() { # Update variables in setupVars.conf file if [ -e "${setupVars}" ]; then - $SUDO sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}" + $SUDO sed -i.update.bak '/INSTALL_USER/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}" fi { - echo "pivpnUser=${pivpnUser}" + echo "INSTALL_USER=${INSTALL_USER}" echo "UNATTUPG=${UNATTUPG}" echo "pivpnInterface=${pivpnInterface}" echo "IPv4dns=${IPv4dns}" @@ -1197,7 +1197,7 @@ finalExports() { # # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break. # # # Refactoring of install script has changed the name of a couple of variables. Sort them out here. -# sed -i 's/pivpnUser/PIVPN_USER/g' ${setupVars} +# sed -i 's/INSTALL_USER/PIVPN_USER/g' ${setupVars} # #sed -i 's/UNATTUPG/UNATTUPG/g' ${setupVars} # sed -i 's/pivpnInterface/PIVPN_INTERFACE/g' ${setupVars} # sed -i 's/IPv4dns/IPV4_DNS/g' ${setupVars} @@ -1415,8 +1415,8 @@ main() { echo "${IPv4addr%/*}" > /tmp/pivpnIP echo "::: Using interface: $pivpnInterface" echo "${pivpnInterface}" > /tmp/pivpnINT - echo "::: Using User: $pivpnUser" - echo "${pivpnUser}" > /tmp/pivpnUSR + echo "::: Using User: $INSTALL_USER" + echo "${INSTALL_USER}" > /tmp/INSTALL_USER echo "::: Using protocol: $pivpnProto" echo "${pivpnProto}" > /tmp/pivpnPROTO echo "::: Using port: $PORT" diff --git a/scripts/makeOVPN.sh b/scripts/makeOVPN.sh index 2ec45b2..75d2618 100755 --- a/scripts/makeOVPN.sh +++ b/scripts/makeOVPN.sh @@ -9,6 +9,7 @@ CA="ca.crt" TA="ta.key" INDEX="/etc/openvpn/easy-rsa/pki/index.txt" INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) +INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) helpFunc() { echo "::: Create a client ovpn profile, optional nopass" @@ -22,7 +23,7 @@ helpFunc() { echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)" echo "::: -n,--name Name for the Client (default: '"$(hostname)"')" echo "::: -p,--password Password for the Client (no default)" - echo "::: -i,--iOS Generate a certificate that leverages iOS keychain" + echo "::: -i,--iOS Generate a certificate that leverages iOS keychain" echo "::: -h,--help Show this help dialog" } @@ -62,9 +63,9 @@ do DAYS="$_val" ;; -i|--iOS) - iOS=1 - ;; - -h|--help) + iOS=1 + ;; + -h|--help) helpFunc exit 0 ;; @@ -191,7 +192,13 @@ EOF } -# bitWarden first +#make sure ovpns dir exists +if [ ! -d "$INSTALL_HOME/ovpns" ]; then + mkdir "$INSTALL_HOME/ovpns" + chmod 0750 "$INSTALL_HOME/ovpns" +fi + +#bitWarden if [[ "${BITWARDEN}" =~ "2" ]]; then useBitwarden fi @@ -379,31 +386,8 @@ else fi -if [ ! -d "/home/$INSTALL_USER/ovpns" ]; then - mkdir "/home/$INSTALL_USER/ovpns" - chmod 0750 "/home/$INSTALL_USER/ovpns" -fi - -# If user is using Bitwarden, have them login again to submit their .ovpn file to their vault -printf "Would you like to export your .ovpn file to your Bitwarden vault? (y or n)" -read -r RESPONSE -if [ $RESPONSE == "y" ] || [ $RESPONSE == "Y" ]; then - $OVPN_FILE="$(< "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT")" - # Login to Bitwarden - printf "****Bitwarden Login****" - printf "\n" - SESSION_KEY=`bw login --raw` - export BW_SESSION=$SESSION_KEY - printf "Successfully Logged in!" - printf "\n" - # Create a Bitwarden secure note to export the .ovpn file - bw get template item | jq '.name = "PiVPN OVPN File"' | jq '.type = 2' | jq -r --arg VAL "$OVPN_FILE" '.notes = $VAL' | jq ".secureNote = $(bw get template item.secureNote)" | bw encode | bw create item - bw logout - exit - fi # Copy the .ovpn profile to the home directory for convenient remote access -INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chown "$INSTALL_USER" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chmod 640 "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT"