Issues Introduced with lastest commits:

Install script not creating ovpns dir, and throwing error:

```
cp: cannot stat '/tmp/OLD_UFW': No such file or directory
mkdir: cannot create directory ‘/root\n/usr/sbin\n/bin\n/dev\n/bin\n/usr/games\n/var/cache/man\n/var/spool/lpd\n/var/mail\n/var/spool/news\n/var/spool/uucp\n/bin\n/var/www\n/var/backups\n/var/list\n/var/run/ircd\n/var/lib/gnats\n/nonexistent\n/nonexistent\n/run/systemd\n/run/systemd\n/run/systemd\n/nonexistent\n/run/sshd\n/\n/home/pivpntest/ovpns’: No such file or directory
chmod: cannot access '/root'$'\n''/usr/sbin'$'\n''/bin'$'\n''/dev'$'\n''/bin'$'\n''/usr/games'$'\n''/var/cache/man'$'\n''/var/spool/lpd'$'\n''/var/mail'$'\n''/var/spool/news'$'\n''/var/spool/uucp'$'\n''/bin'$'\n''/var/www'$'\n''/var/backups'$'\n''/var/list'$'\n''/var/run/ircd'$'\n''/var/lib/gnats'$'\n''/nonexistent'$'\n''/nonexistent'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/run/systemd'$'\n''/nonexistent'$'\n''/run/sshd'$'\n''/'$'\n''/home/pivpntest/ovpns': No such file or directory
```

Found incosistencies in instalation user var/files namings, to have it consistend and easy to understand and considering everyone is more familiar with INSTALL_USER

Changed $pivpnUser to INSTALL_USER
Changed pivpnUSR to INSTALL_USER

Removed PiVPN Secure Notes from PiVPN ADD introduced with PR #794
	- Notes not being pushed to BW Vault
	- OVPN files not going to ovpns dir
	- Needs investigation
This commit is contained in:
4s3ti 2019-09-01 19:39:37 +02:00
parent ad466f8728
commit a884d22cbc
2 changed files with 24 additions and 40 deletions

View file

@ -187,9 +187,9 @@ chooseUser() {
chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty) chooseUserOptions=$("${chooseUserCmd[@]}" "${userArray[@]}" 2>&1 >/dev/tty)
if [[ $? = 0 ]]; then if [[ $? = 0 ]]; then
for desiredUser in ${chooseUserOptions}; do for desiredUser in ${chooseUserOptions}; do
pivpnUser=${desiredUser} INSTALL_USER=${desiredUser}
echo "::: Using User: $pivpnUser" echo "::: Using User: $INSTALL_USER"
echo "${pivpnUser}" > /tmp/pivpnUSR echo "${INSTALL_USER}" > /tmp/INSTALL_USER
done done
else else
echo "::: Cancel selected, exiting...." echo "::: Cancel selected, exiting...."
@ -398,7 +398,7 @@ installScripts() {
$SUDO echo -n "::: Installing scripts to /opt/pivpn..." $SUDO echo -n "::: Installing scripts to /opt/pivpn..."
if [ ! -d /opt/pivpn ]; then if [ ! -d /opt/pivpn ]; then
$SUDO mkdir /opt/pivpn $SUDO mkdir /opt/pivpn
$SUDO chown "$pivpnUser":root /opt/pivpn $SUDO chown "$INSTALL_USER":root /opt/pivpn
$SUDO chmod 0755 /opt/pivpn $SUDO chmod 0755 /opt/pivpn
fi fi
$SUDO cp /etc/.pivpn/scripts/makeOVPN.sh /opt/pivpn/makeOVPN.sh $SUDO cp /etc/.pivpn/scripts/makeOVPN.sh /opt/pivpn/makeOVPN.sh
@ -1074,7 +1074,7 @@ confOVPN() {
exit 1 exit 1
fi fi
fi fi
$SUDO cp /tmp/pivpnUSR /etc/pivpn/INSTALL_USER $SUDO cp /tmp/INSTALL_USER /etc/pivpn/INSTALL_USER
$SUDO cp /tmp/DET_PLATFORM /etc/pivpn/DET_PLATFORM $SUDO cp /tmp/DET_PLATFORM /etc/pivpn/DET_PLATFORM
$SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt $SUDO cp /etc/.pivpn/Default.txt /etc/openvpn/easy-rsa/pki/Default.txt
@ -1132,10 +1132,10 @@ confOVPN() {
$SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/pki/Default.txt $SUDO sed -i "s/SRVRNAME/${SERVER_NAME}/" /etc/openvpn/easy-rsa/pki/Default.txt
INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6) INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6)
if [ ! -d "$INSTALL_HOME/ovpns" ]; then if [ ! -d "$INSTALL_HOME/ovpns" ]; then
$SUDO mkdir "$INSTALL_HOME/ovpns" $SUDO mkdir "$INSTALL_HOME/ovpns"
fi fi
$SUDO chmod 0750 -R "$INSTALL_HOME/ovpns" $SUDO chmod 0750 "$INSTALL_HOME/ovpns"
} }
confLogging() { confLogging() {
@ -1170,10 +1170,10 @@ if \$programname == 'ovpn-server' then stop" | $SUDO tee /etc/rsyslog.d/30-openv
finalExports() { finalExports() {
# Update variables in setupVars.conf file # Update variables in setupVars.conf file
if [ -e "${setupVars}" ]; then if [ -e "${setupVars}" ]; then
$SUDO sed -i.update.bak '/pivpnUser/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}" $SUDO sed -i.update.bak '/INSTALL_USER/d;/UNATTUPG/d;/pivpnInterface/d;/IPv4dns/d;/IPv4addr/d;/IPv4gw/d;/pivpnProto/d;/PORT/d;/ENCRYPT/d;/DOWNLOAD_DH_PARAM/d;/PUBLICDNS/d;/OVPNDNS1/d;/OVPNDNS2/d;' "${setupVars}"
fi fi
{ {
echo "pivpnUser=${pivpnUser}" echo "INSTALL_USER=${INSTALL_USER}"
echo "UNATTUPG=${UNATTUPG}" echo "UNATTUPG=${UNATTUPG}"
echo "pivpnInterface=${pivpnInterface}" echo "pivpnInterface=${pivpnInterface}"
echo "IPv4dns=${IPv4dns}" echo "IPv4dns=${IPv4dns}"
@ -1197,7 +1197,7 @@ finalExports() {
# # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break. # # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break.
# #
# # Refactoring of install script has changed the name of a couple of variables. Sort them out here. # # Refactoring of install script has changed the name of a couple of variables. Sort them out here.
# sed -i 's/pivpnUser/PIVPN_USER/g' ${setupVars} # sed -i 's/INSTALL_USER/PIVPN_USER/g' ${setupVars}
# #sed -i 's/UNATTUPG/UNATTUPG/g' ${setupVars} # #sed -i 's/UNATTUPG/UNATTUPG/g' ${setupVars}
# sed -i 's/pivpnInterface/PIVPN_INTERFACE/g' ${setupVars} # sed -i 's/pivpnInterface/PIVPN_INTERFACE/g' ${setupVars}
# sed -i 's/IPv4dns/IPV4_DNS/g' ${setupVars} # sed -i 's/IPv4dns/IPV4_DNS/g' ${setupVars}
@ -1415,8 +1415,8 @@ main() {
echo "${IPv4addr%/*}" > /tmp/pivpnIP echo "${IPv4addr%/*}" > /tmp/pivpnIP
echo "::: Using interface: $pivpnInterface" echo "::: Using interface: $pivpnInterface"
echo "${pivpnInterface}" > /tmp/pivpnINT echo "${pivpnInterface}" > /tmp/pivpnINT
echo "::: Using User: $pivpnUser" echo "::: Using User: $INSTALL_USER"
echo "${pivpnUser}" > /tmp/pivpnUSR echo "${INSTALL_USER}" > /tmp/INSTALL_USER
echo "::: Using protocol: $pivpnProto" echo "::: Using protocol: $pivpnProto"
echo "${pivpnProto}" > /tmp/pivpnPROTO echo "${pivpnProto}" > /tmp/pivpnPROTO
echo "::: Using port: $PORT" echo "::: Using port: $PORT"

View file

@ -9,6 +9,7 @@ CA="ca.crt"
TA="ta.key" TA="ta.key"
INDEX="/etc/openvpn/easy-rsa/pki/index.txt" INDEX="/etc/openvpn/easy-rsa/pki/index.txt"
INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER) INSTALL_USER=$(cat /etc/pivpn/INSTALL_USER)
INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6)
helpFunc() { helpFunc() {
echo "::: Create a client ovpn profile, optional nopass" echo "::: Create a client ovpn profile, optional nopass"
@ -22,7 +23,7 @@ helpFunc() {
echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)" echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)"
echo "::: -n,--name Name for the Client (default: '"$(hostname)"')" echo "::: -n,--name Name for the Client (default: '"$(hostname)"')"
echo "::: -p,--password Password for the Client (no default)" echo "::: -p,--password Password for the Client (no default)"
echo "::: -i,--iOS Generate a certificate that leverages iOS keychain" echo "::: -i,--iOS Generate a certificate that leverages iOS keychain"
echo "::: -h,--help Show this help dialog" echo "::: -h,--help Show this help dialog"
} }
@ -62,9 +63,9 @@ do
DAYS="$_val" DAYS="$_val"
;; ;;
-i|--iOS) -i|--iOS)
iOS=1 iOS=1
;; ;;
-h|--help) -h|--help)
helpFunc helpFunc
exit 0 exit 0
;; ;;
@ -191,7 +192,13 @@ EOF
} }
# bitWarden first #make sure ovpns dir exists
if [ ! -d "$INSTALL_HOME/ovpns" ]; then
mkdir "$INSTALL_HOME/ovpns"
chmod 0750 "$INSTALL_HOME/ovpns"
fi
#bitWarden
if [[ "${BITWARDEN}" =~ "2" ]]; then if [[ "${BITWARDEN}" =~ "2" ]]; then
useBitwarden useBitwarden
fi fi
@ -379,31 +386,8 @@ else
fi fi
if [ ! -d "/home/$INSTALL_USER/ovpns" ]; then
mkdir "/home/$INSTALL_USER/ovpns"
chmod 0750 "/home/$INSTALL_USER/ovpns"
fi
# If user is using Bitwarden, have them login again to submit their .ovpn file to their vault
printf "Would you like to export your .ovpn file to your Bitwarden vault? (y or n)"
read -r RESPONSE
if [ $RESPONSE == "y" ] || [ $RESPONSE == "Y" ]; then
$OVPN_FILE="$(< "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT")"
# Login to Bitwarden
printf "****Bitwarden Login****"
printf "\n"
SESSION_KEY=`bw login --raw`
export BW_SESSION=$SESSION_KEY
printf "Successfully Logged in!"
printf "\n"
# Create a Bitwarden secure note to export the .ovpn file
bw get template item | jq '.name = "PiVPN OVPN File"' | jq '.type = 2' | jq -r --arg VAL "$OVPN_FILE" '.notes = $VAL' | jq ".secureNote = $(bw get template item.secureNote)" | bw encode | bw create item
bw logout
exit
fi
# Copy the .ovpn profile to the home directory for convenient remote access # Copy the .ovpn profile to the home directory for convenient remote access
INSTALL_HOME=$(cat /etc/passwd | grep "$INSTALL_USER" | cut -d: -f6)
cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" cp "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" "$INSTALL_HOME/ovpns/$NAME$FILEEXT"
chown "$INSTALL_USER" "$INSTALL_HOME/ovpns/$NAME$FILEEXT" chown "$INSTALL_USER" "$INSTALL_HOME/ovpns/$NAME$FILEEXT"
chmod 640 "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT" chmod 640 "/etc/openvpn/easy-rsa/pki/$NAME$FILEEXT"