Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2025-04-26 09:10:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Reformatted the code

Browse source
This commit is contained in:
Giulio Coa 2022-07-27 14:53:36 +02:00
parent 47e8908489
commit af20461590
24 changed files with 2655 additions and 2021 deletions
Download patch file Download diff file Expand all files Collapse all files

32
scripts/wireguard/bash-completion
View file

@ -1,18 +1,22 @@
#!/bin/bash
_pivpn()
{
local cur opts
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
if [ "${#COMP_WORDS[@]}" -eq 2 ]; then
if [[ ${cur} == -* ]] ; then
COMPREPLY=( "$(compgen -W "${dashopts}" -- "${cur}")" )
else
COMPREPLY=( "$(compgen -W "${opts}" -- "${cur}")" )
fi
_pivpn() {
local cur opts
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
opts="add clients debug list qrcode remove help uninstall update"
opts="${opts} backup (temp) off (temp) on"
if [[ "${#COMP_WORDS[@]}" -eq 2 ]]; then
if [[ "${cur}" == -* ]]; then
COMPREPLY=("$(compgen -W "${dashopts}" -- "${cur}")")
else
COMPREPLY=("$(compgen -W "${opts}" -- "${cur}")")
fi
return 0
fi
return 0
}
complete -F _pivpn pivpn

156
scripts/wireguard/clientSTAT.sh
View file

@ -1,94 +1,108 @@
#!/usr/bin/env bash
#!/bin/bash
# PiVPN: client status script
CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
if [ ! -s "$CLIENTS_FILE" ]; then
echo "::: There are no clients to list"
exit 0
if [[ ! -s "${CLIENTS_FILE}" ]]; then
err "::: There are no clients to list"
exit 0
fi
scriptusage(){
echo "::: List any connected clients to the server"
echo ":::"
echo "::: Usage: pivpn <-c|clients> [-b|bytes]"
echo ":::"
echo "::: Commands:"
echo "::: [none] List clients with human readable format"
echo "::: -b, bytes List clients with dotted decimal notation"
echo "::: -h, help Show this usage dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
hr(){
numfmt --to=iec-i --suffix=B "$1"
scriptusage() {
echo "::: List any connected clients to the server"
echo ":::"
echo "::: Usage: pivpn <-c|clients> [-b|bytes]"
echo ":::"
echo "::: Commands:"
echo "::: [none] List clients with human readable format"
echo "::: -b, bytes List clients with dotted decimal notation"
echo "::: -h, help Show this usage dialog"
}
listClients(){
if DUMP="$(wg show wg0 dump)"; then
DUMP="$(tail -n +2 <<< "$DUMP")"
else
exit 1
fi
hr() {
numfmt --to=iec-i --suffix=B "${1}"
}
printf "\e[1m::: Connected Clients List :::\e[0m\n"
listClients() {
if DUMP="$(wg show wg0 dump)"; then
DUMP="$(tail -n +2 <<< "${DUMP}")"
else
exit 1
fi
{
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
printf "\e[1m::: Connected Clients List :::\e[0m\n"
{
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m"
printf "\t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m "
printf "\t \e[4mLast Seen\e[0m\n"
while IFS= read -r LINE; do
if [ -n "${LINE}" ]; then
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
if [ "$HR" = 1 ]; then
if [ "$LAST_SEEN" -ne 0 ]; then
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
fi
else
if [ "$LAST_SEEN" -ne 0 ]; then
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
fi
fi
if [[ -n "${LINE}" ]]; then
PUBLIC_KEY="$(awk '{ print $1 }' <<< "${LINE}")"
REMOTE_IP="$(awk '{ print $3 }' <<< "${LINE}")"
VIRTUAL_IP="$(awk '{ print $4 }' <<< "${LINE}")"
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "${LINE}")"
BYTES_SENT="$(awk '{ print $7 }' <<< "${LINE}")"
LAST_SEEN="$(awk '{ print $5 }' <<< "${LINE}")"
CLIENT_NAME="$(grep "${PUBLIC_KEY}" "${CLIENTS_FILE}" |
awk '{ print $1 }')"
printf "%s \t %s \t %s \t " \
"${CLIENT_NAME}" \
"${REMOTE_IP}" \
"${VIRTUAL_IP/\/32/}"
if [[ "${HR}" == 1 ]]; then
printf "%s \t %s \t " \
"$(hr "${BYTES_RECEIVED}")" \
"$(hr "${BYTES_SENT}")"
else
printf "%s \t %s \t " "${BYTES_RECEIVED}" "${BYTES_SENT}"
fi
done <<< "$DUMP"
if [[ "${LAST_SEEN}" -ne 0 ]]; then
printf "%s" "$(date -d @"${LAST_SEEN}" '+%b %d %Y - %T')"
else
printf "(not yet)"
fi
printf "\n"
fi
done <<< "${DUMP}"
printf "\n"
} | column -t -s $'\t'
} | column -ts $'\t'
cd /etc/wireguard || return
echo "::: Disabled clients :::"
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
cd /etc/wireguard || return
echo "::: Disabled clients :::"
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
}
if [[ $# -eq 0 ]]; then
HR=1
listClients
if [[ "$#" -eq 0 ]]; then
HR=1
listClients
else
while true; do
case "$1" in
-b|bytes)
HR=0
listClients
exit 0
;;
-h|help)
scriptusage
exit 0
;;
*)
HR=0
listClients
exit 0
;;
esac
done
while true; do
case "${1}" in
-b | bytes)
HR=0
listClients
exit 0
;;
-h | help)
scriptusage
exit 0
;;
*)
HR=0
listClients
exit 0
;;
esac
done
fi

196
scripts/wireguard/disableCONF.sh
View file

@ -2,127 +2,137 @@
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
if [[ ! -f "${setupVars}" ]]; then
err "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Disable client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Disable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
helpFunc() {
echo "::: Disable client conf profiles"
echo ":::"
echo -n "::: Usage: pivpn <-off|off> [-h|--help] [-v] "
echo "[<client-1> ... [<client-2>] ...]"
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Disable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
while [[ "$#" -gt 0 ]]; do
_key="${1}"
case "${_key}" in
-h | --help)
helpFunc
exit 0
;;
-y | --yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("${1}")
;;
esac
shift
done
cd /etc/wireguard || exit
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
if [[ ! -s configs/clients.txt ]]; then
err "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
if [[ "${DISPLAY_DISABLED}" ]]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
if [[ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]]; then
echo -e "::\e[4m Client list \e[0m::"
len="${#LIST[@]}"
COUNTER=1
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
while [[ "${COUNTER}" -le "${len}" ]]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER - 1))]}"
((COUNTER++))
done
echo -n "Please enter the Index/Name of the Client to be removed "
echo -n "from the list above: "
read -r CLIENTS_TO_CHANGE
if [[ -z "${CLIENTS_TO_CHANGE}" ]]; then
err "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
if [[ "${CLIENT_NAME}" =~ $re ]]; then
CLIENT_NAME="${LIST[$((CLIENT_NAME - 1))]}"
fi
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
else
if [[ -n "${CONFIRM}" ]]; then
REPLY="y"
else
read -r -p "Confirm you want to disable ${CLIENT_NAME}? [Y/n] "
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
fi
if [[ "${REPLY}" =~ ^[Yy]$ ]]; then
# Disable the peer section from the server config
echo "${CLIENT_NAME}"
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Disable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully disabled ${CLIENT_NAME}"
fi
fi
sed_pattern="/### begin ${CLIENT_NAME}/,"
sed_pattern="${sed_pattern}/end ${CLIENT_NAME}/ s/^/#\[disabled\] /"
sed -e "${sed_pattern}" -i wg0.conf
unset sed_pattern
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully disabled ${CLIENT_NAME}"
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
if [[ "${CHANGED_COUNT}" -gt 0 ]]; then
if [[ "${PLAT}" == 'Alpine' ]]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
fi
fi

189
scripts/wireguard/enableCONF.sh
View file

@ -2,123 +2,136 @@
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
if [[ ! -f "${setupVars}" ]]; then
err "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Enables client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Enable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
helpFunc() {
echo "::: Enables client conf profiles"
echo ":::"
echo -n "::: Usage: pivpn <-on|on> [-h|--help] [-v] "
echo "[<client-1> ... [<client-2>] ...]"
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Enable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
while [[ "$#" -gt 0 ]]; do
_key="${1}"
case "${_key}" in
-h | --help)
helpFunc
exit 0
;;
-y | --yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("${1}")
;;
esac
shift
done
cd /etc/wireguard || exit
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
if [[ ! -s configs/clients.txt ]]; then
err "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
if [[ "${DISPLAY_DISABLED}" ]]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
if [[ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]]; then
echo -e "::\e[4m Client list \e[0m::"
len="${#LIST[@]}"
COUNTER=1
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
while [[ "${COUNTER}" -le "${len}" ]]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER - 1))]}"
((COUNTER++))
done
echo -n "Please enter the Index/Name of the Client to be enabled "
echo -n "from the list above: "
read -r CLIENTS_TO_CHANGE
if [[ -z "${CLIENTS_TO_CHANGE}" ]]; then
err "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if [[ "${CLIENT_NAME}" =~ $re ]]; then
CLIENT_NAME="${LIST[$((CLIENT_NAME - 1))]}"
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
if [[ -n "${CONFIRM}" ]]; then
REPLY="y"
else
read -r -p "Confirm you want to enable ${CLIENT_NAME}? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
if [[ "${REPLY}" =~ ^[Yy]$ ]]; then
# Enable the peer section from the server config
echo "${CLIENT_NAME}"
# Enable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully enabled ${CLIENT_NAME}"
fi
fi
sed_pattern="/begin ${CLIENT_NAME}/,"
sed_pattern="${sed_pattern}/end ${CLIENT_NAME}/ s/#\[disabled\] //"
sed -e "${sed_pattern}" -i wg0.conf
unset sed_pattern
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully enabled ${CLIENT_NAME}"
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
if [[ "${CHANGED_COUNT}" -gt 0 ]]; then
if [[ "${PLAT}" == 'Alpine' ]]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
fi
fi

35
scripts/wireguard/listCONF.sh
View file

@ -1,33 +1,34 @@
#!/bin/bash
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
cd /etc/wireguard/configs || exit
if [ ! -s clients.txt ]; then
echo "::: There are no clients to list"
exit 1
if [[ ! -s clients.txt ]]; then
err "::: There are no clients to list"
exit 1
fi
printf "\e[1m::: Clients Summary :::\e[0m\n"
# Present the user with a summary of the clients, fetching info from dates.
{
echo -e "\e[4mClient\e[0m \t \e[4mPublic key\e[0m \t \e[4mCreation date\e[0m"
while read -r LINE; do
CLIENT_NAME="$(awk '{print $1}' <<< "$LINE")"
PUBLIC_KEY="$(awk '{print $2}' <<< "$LINE")"
CREATION_DATE="$(awk '{print $3}' <<< "$LINE")"
echo -ne "\e[4mClient\e[0m \t \e[4mPublic key\e[0m \t "
echo -e "\e[4mCreation date\e[0m"
while read -r LINE; do
CLIENT_NAME="$(awk '{print $1}' <<< "${LINE}")"
PUBLIC_KEY="$(awk '{print $2}' <<< "${LINE}")"
CREATION_DATE="$(awk '{print $3}' <<< "${LINE}")"
# Dates are converted from UNIX time to human readable.
CD_FORMAT="$(date -d @"$CREATION_DATE" +'%d %b %Y, %H:%M, %Z')"
echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT"
done < clients.txt
CD_FORMAT="$(date -d @"${CREATION_DATE}" +'%d %b %Y, %H:%M, %Z')"
echo -e "${CLIENT_NAME} \t ${PUBLIC_KEY} \t ${CD_FORMAT}"
done < clients.txt
} | column -t -s $'\t'
cd /etc/wireguard || return
echo "::: Disabled clients :::"
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'

288
scripts/wireguard/makeCONF.sh
View file

@ -1,108 +1,113 @@
#!/bin/bash
######## Some vars that might be empty
# but need to be defined for checks
# Some vars that might be empty but need to be defined for checks
pivpnPERSISTENTKEEPALIVE=""
pivpnDNS2=""
setupVars="/etc/pivpn/wireguard/setupVars.conf"
# shellcheck disable=SC2154
userGroup="${install_user}:${install_user}"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
if [[ ! -f "${setupVars}" ]]; then
err "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Create a client conf profile"
echo ":::"
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-h|--help]"
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: -n,--name Name for the Client (default: '$HOSTNAME')"
echo "::: -h,--help Show this help dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
helpFunc() {
echo "::: Create a client conf profile"
echo ":::"
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-h|--help]"
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: -n,--name Name for the Client (default: '${HOSTNAME}')"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0; do
_key="$1"
case "$_key" in
-n|--name|--name=*)
_val="${_key##--name=}"
if test "$_val" = "$_key"; then
test $# -lt 2 && echo "::: Missing value for the optional argument '$_key'." && exit 1
_val="$2"
shift
fi
CLIENT_NAME="$_val"
;;
-h|--help)
helpFunc
exit 0
;;
*)
echo "::: Error: Got an unexpected argument '$1'"
helpFunc
exit 1
;;
esac
shift
while [[ "$#" -gt 0 ]]; do
_key="${1}"
case "${_key}" in
-n | --name | --name=*)
_val="${_key##--name=}"
if [[ "${_val}" == "${_key}" ]]; then
[[ "$#" -lt 2 ]] &&
err "::: Missing value for the optional argument '${_key}'." &&
exit 1
_val="${2}"
shift
fi
CLIENT_NAME="${_val}"
;;
-h | --help)
helpFunc
exit 0
;;
*)
err "::: Error: Got an unexpected argument '${1}'"
helpFunc
exit 1
;;
esac
shift
done
# Disabling SC2154, variables sourced externaly
# shellcheck disable=SC2154
# The home folder variable was sourced from the settings file.
if [ ! -d "${install_home}/configs" ]; then
mkdir "${install_home}/configs"
chown "${install_user}":"${install_user}" "${install_home}/configs"
chmod 0750 "${install_home}/configs"
if [[ ! -d "${install_home}/configs" ]]; then
mkdir "${install_home}/configs"
chown "${userGroup}" "${install_home}/configs"
chmod 0750 "${install_home}/configs"
fi
cd /etc/wireguard || exit
if [ -z "${CLIENT_NAME}" ]; then
read -r -p "Enter a Name for the Client: " CLIENT_NAME
if [[ -z "${CLIENT_NAME}" ]]; then
read -r -p "Enter a Name for the Client: " CLIENT_NAME
elif [[ "${CLIENT_NAME}" =~ [^a-zA-Z0-9.@_-] ]]; then
err "Name can only contain alphanumeric characters and these symbols (.-@_)."
exit 1
elif [[ "${CLIENT_NAME:0:1}" == "-" ]]; then
err "Name cannot start with -"
exit 1
elif [[ "${CLIENT_NAME}" =~ ^[0-9]+$ ]]; then
err "Names cannot be integers."
exit 1
elif [[ -z "${CLIENT_NAME}" ]]; then
err "::: You cannot leave the name blank."
exit 1
elif [[ -f "configs/${CLIENT_NAME}.conf" ]]; then
err "::: A client with this name already exists"
exit 1
fi
if [[ "${CLIENT_NAME}" =~ [^a-zA-Z0-9.@_-] ]]; then
echo "Name can only contain alphanumeric characters and these characters (.-@_)."
exit 1
fi
if [[ "${CLIENT_NAME:0:1}" == "-" ]]; then
echo "Name cannot start with -"
exit 1
fi
if [[ "${CLIENT_NAME}" =~ ^[0-9]+$ ]]; then
echo "Names cannot be integers."
exit 1
fi
if [ -z "${CLIENT_NAME}" ]; then
echo "::: You cannot leave the name blank."
exit 1
fi
if [ -f "configs/${CLIENT_NAME}.conf" ]; then
echo "::: A client with this name already exists"
exit 1
fi
wg genkey | tee "keys/${CLIENT_NAME}_priv" | wg pubkey > "keys/${CLIENT_NAME}_pub"
wg genkey |
tee "keys/${CLIENT_NAME}_priv" |
wg pubkey > "keys/${CLIENT_NAME}_pub"
wg genpsk | tee "keys/${CLIENT_NAME}_psk" &> /dev/null
echo "::: Client Keys generated"
# Find an unused number for the last octet of the client IP
for i in {2..254}; do
if ! grep -q " $i$" configs/clients.txt; then
COUNT="$i"
echo "${CLIENT_NAME} $(<keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" >> configs/clients.txt
break
fi
if ! grep -q " ${i}$" configs/clients.txt; then
COUNT="${i}"
echo "${CLIENT_NAME} $(< keys/"${CLIENT_NAME}"_pub) $(date +%s) ${COUNT}" |
tee -a configs/clients.txt > /dev/null
break
fi
done
# Disabling SC2154, variables sourced externaly
@ -110,88 +115,95 @@ done
NET_REDUCED="${pivpnNET::-2}"
# shellcheck disable=SC2154
if [ "$pivpnenableipv6" == "1" ]; then
echo "[Interface]
PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")
Address = ${NET_REDUCED}.${COUNT}/${subnetClass},${pivpnNETv6}${COUNT}/${subnetClassv6}" > "configs/${CLIENT_NAME}.conf"
else
echo "[Interface]
PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")
Address = ${NET_REDUCED}.${COUNT}/${subnetClass}" > "configs/${CLIENT_NAME}.conf"
fi
{
echo '[Interface]'
echo "PrivateKey = $(cat "keys/${CLIENT_NAME}_priv")"
echo -n "Address = ${NET_REDUCED}.${COUNT}/${subnetClass}"
# shellcheck disable=SC2154
echo -n "DNS = ${pivpnDNS1}" >> "configs/${CLIENT_NAME}.conf"
if [ -n "${pivpnDNS2}" ]; then
echo ", ${pivpnDNS2}" >> "configs/${CLIENT_NAME}.conf"
else
echo >> "configs/${CLIENT_NAME}.conf"
fi
echo >> "configs/${CLIENT_NAME}.conf"
if [[ "${pivpnenableipv6}" == 1 ]]; then
echo ",${pivpnNETv6}${COUNT}/${subnetClassv6}"
else
echo
fi
# shellcheck disable=SC2154
echo "[Peer]
PublicKey = $(cat keys/server_pub)
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
Endpoint = ${pivpnHOST}:${pivpnPORT}
AllowedIPs = ${ALLOWED_IPS}" >> "configs/${CLIENT_NAME}.conf"
echo -n "DNS = ${pivpnDNS1}"
if [[ -n "${pivpnDNS2}" ]]; then
echo ", ${pivpnDNS2}"
else
echo
fi
echo
echo '[Peer]'
echo "PublicKey = $(cat keys/server_pub)"
echo "PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")"
echo "Endpoint = ${pivpnHOST}:${pivpnPORT}"
echo "AllowedIPs = ${ALLOWED_IPS}"
if [[ -n "${pivpnPERSISTENTKEEPALIVE}" ]]; then
echo "PersistentKeepalive = ${pivpnPERSISTENTKEEPALIVE}"
fi
} > "configs/${CLIENT_NAME}.conf"
if [ -n "${pivpnPERSISTENTKEEPALIVE}" ]; then
echo "PersistentKeepalive = ${pivpnPERSISTENTKEEPALIVE}" >> "configs/${CLIENT_NAME}.conf"
fi
echo "::: Client config generated"
if [ "$pivpnenableipv6" == "1" ]; then
echo "### begin ${CLIENT_NAME} ###
[Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
AllowedIPs = ${NET_REDUCED}.${COUNT}/32,${pivpnNETv6}${COUNT}/128
### end ${CLIENT_NAME} ###" >> wg0.conf
else
echo "### begin ${CLIENT_NAME} ###
[Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
AllowedIPs = ${NET_REDUCED}.${COUNT}/32
### end ${CLIENT_NAME} ###" >> wg0.conf
fi
{
echo "### begin ${CLIENT_NAME} ###"
echo '[Peer]'
echo "PublicKey = $(cat "keys/${CLIENT_NAME}_pub")"
echo "PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")"
echo -n "AllowedIPs = ${NET_REDUCED}.${COUNT}/32"
if [[ "${pivpnenableipv6}" == 1 ]]; then
echo ",${pivpnNETv6}${COUNT}/128"
else
echo
fi
echo "### end ${CLIENT_NAME} ###"
} >> wg0.conf
echo "::: Updated server config"
if [ -f /etc/pivpn/hosts.wireguard ]; then
echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" >> /etc/pivpn/hosts.wireguard
if [ "$pivpnenableipv6" == "1" ]; then
echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" >> /etc/pivpn/hosts.wireguard
fi
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
if [[ -f /etc/pivpn/hosts.wireguard ]]; then
echo "${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn" |
tee -a /etc/pivpn/hosts.wireguard > /dev/null
if [[ "${pivpnenableipv6}" == 1 ]]; then
echo "${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn" |
tee -a /etc/pivpn/hosts.wireguard > /dev/null
fi
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
err "::: Failed to reload pihole-FTL configuration"
fi
fi
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
if [[ "${PLAT}" == 'Alpine' ]]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
fi
cp "configs/${CLIENT_NAME}.conf" "${install_home}/configs/${CLIENT_NAME}.conf"
chown "${install_user}":"${install_user}" "${install_home}/configs/${CLIENT_NAME}.conf"
chown "${userGroup}" "${install_home}/configs/${CLIENT_NAME}.conf"
chmod 640 "${install_home}/configs/${CLIENT_NAME}.conf"
echo "======================================================================"
echo -e "::: Done! \e[1m${CLIENT_NAME}.conf successfully created!\e[0m"
echo "::: ${CLIENT_NAME}.conf was copied to ${install_home}/configs for easy transfer."
echo -n "::: ${CLIENT_NAME}.conf was copied to ${install_home}/configs for easy"
echo "transfer."
echo "::: Please use this profile only on one device and create additional"
echo -e "::: profiles for other devices. You can also use \e[1mpivpn -qr\e[0m"
echo "::: to generate a QR Code you can scan with the mobile app."

207
scripts/wireguard/pivpn.sh
View file

@ -3,127 +3,160 @@
CHECK_PKG_INSTALLED='dpkg-query -s'
if grep -qsEe "^NAME\=['\"]?Alpine[a-zA-Z ]*['\"]?$" /etc/os-release; then
CHECK_PKG_INSTALLED='apk --no-cache info -e'
CHECK_PKG_INSTALLED='apk --no-cache info -e'
fi
# Must be root to use this tool
if [ $EUID -ne 0 ]; then
if eval "${CHECK_PKG_INSTALLED} sudo" &> /dev/null; then
export SUDO="sudo"
else
echo "::: Please install sudo or run this as root."
exit 1
if [[ "${EUID}" -ne 0 ]]; then
if ${CHECK_PKG_INSTALLED} sudo &> /dev/null; then
export SUDO="sudo"
else
err "::: Please install sudo or run this as root."
exit 1
fi
fi
scriptdir="/opt/pivpn"
vpn="wireguard"
makeConf(){
shift
$SUDO ${scriptdir}/${vpn}/makeCONF.sh "$@"
exit "$?"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
listConnected(){
shift
$SUDO ${scriptdir}/${vpn}/clientSTAT.sh "$@"
exit "$?"
makeConf() {
shift
${SUDO} "${scriptdir}/${vpn}/makeCONF.sh" "$@"
exit "${?}"
}
debug(){
echo "::: Generating Debug Output"
$SUDO ${scriptdir}/${vpn}/pivpnDEBUG.sh | tee /tmp/debug.log
echo "::: "
echo "::: Debug output completed above."
echo "::: Copy saved to /tmp/debug.log"
echo "::: "
exit "$?"
listConnected() {
shift
${SUDO} "${scriptdir}/${vpn}/clientSTAT.sh" "$@"
exit "${?}"
}
listClients(){
$SUDO ${scriptdir}/${vpn}/listCONF.sh
exit "$?"
debug() {
echo "::: Generating Debug Output"
${SUDO} "${scriptdir}/${vpn}/pivpnDEBUG.sh" | tee /tmp/debug.log
echo "::: "
echo "::: Debug output completed above."
echo "::: Copy saved to /tmp/debug.log"
echo "::: "
exit "${?}"
}
showQrcode(){
shift
$SUDO ${scriptdir}/${vpn}/qrcodeCONF.sh "$@"
exit "$?"
listClients() {
${SUDO} "${scriptdir}/${vpn}/listCONF.sh"
exit "${?}"
}
removeClient(){
shift
$SUDO ${scriptdir}/${vpn}/removeCONF.sh "$@"
exit "$?"
showQrcode() {
shift
${SUDO} "${scriptdir}/${vpn}/qrcodeCONF.sh" "$@"
exit "${?}"
}
disableClient(){
shift
$SUDO ${scriptdir}/${vpn}/disableCONF.sh "$@"
exit "$?"
removeClient() {
shift
${SUDO} "${scriptdir}/${vpn}/removeCONF.sh" "$@"
exit "${?}"
}
enableClient(){
shift
$SUDO ${scriptdir}/${vpn}/enableCONF.sh "$@"
exit "$?"
disableClient() {
shift
${SUDO} "${scriptdir}/${vpn}/disableCONF.sh" "$@"
exit "${?}"
}
uninstallServer(){
$SUDO ${scriptdir}/uninstall.sh "${vpn}"
exit "$?"
enableClient() {
shift
${SUDO} "${scriptdir}/${vpn}/enableCONF.sh" "$@"
exit "${?}"
}
updateScripts(){
shift
$SUDO ${scriptdir}/update.sh "$@"
exit "$?"
uninstallServer() {
${SUDO} "${scriptdir}/uninstall.sh" "${vpn}"
exit "${?}"
}
backup(){
$SUDO ${scriptdir}/backup.sh "${vpn}"
exit "$?"
updateScripts() {
shift
${SUDO} "${scriptdir}/update.sh" "$@"
exit "${?}"
}
showHelp(){
echo "::: Control all PiVPN specific functions!"
echo ":::"
echo "::: Usage: pivpn <command> [option]"
echo ":::"
echo "::: Commands:"
echo "::: -a, add Create a client conf profile"
echo "::: -c, clients List any connected clients to the server"
echo "::: -d, debug Start a debugging session if having trouble"
echo "::: -l, list List all clients"
echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app"
echo "::: -r, remove Remove a client"
echo "::: -off, off Disable a client"
echo "::: -on, on Enable a client"
echo "::: -h, help Show this help dialog"
echo "::: -u, uninstall Uninstall pivpn from your system!"
echo "::: -up, update Updates PiVPN Scripts"
echo "::: -bk, backup Backup VPN configs and user profiles"
exit 0
backup() {
${SUDO} "${scriptdir}/backup.sh" "${vpn}"
exit "${?}"
}
if [ $# = 0 ]; then
showHelp
showHelp() {
echo "::: Control all PiVPN specific functions!"
echo ":::"
echo "::: Usage: pivpn <command> [option]"
echo ":::"
echo "::: Commands:"
echo "::: -a, add Create a client conf profile"
echo "::: -c, clients List any connected clients to the server"
echo "::: -d, debug Start a debugging session if having trouble"
echo "::: -l, list List all clients"
echo -n "::: -qr, qrcode Show the qrcode of a client for use "
echo "with the mobile app"
echo "::: -r, remove Remove a client"
echo "::: -off, off Disable a client"
echo "::: -on, on Enable a client"
echo "::: -h, help Show this help dialog"
echo "::: -u, uninstall Uninstall pivpn from your system!"
echo "::: -up, update Updates PiVPN Scripts"
echo "::: -bk, backup Backup VPN configs and user profiles"
exit 0
}
if [[ "$#" == 0 ]]; then
showHelp
fi
# Handle redirecting to specific functions based on arguments
case "$1" in
"-a" | "add" ) makeConf "$@";;
"-c" | "clients" ) listConnected "$@";;
"-d" | "debug" ) debug;;
"-l" | "list" ) listClients;;
"-qr" | "qrcode" ) showQrcode "$@";;
"-r" | "remove" ) removeClient "$@";;
"-off" | "off" ) disableClient "$@";;
"-on" | "on" ) enableClient "$@";;
"-h" | "help" ) showHelp;;
"-u" | "uninstall" ) uninstallServer;;
"-up" | "update" ) updateScripts "$@" ;;
"-bk" | "backup" ) backup ;;
* ) showHelp;;
case "${1}" in
"-a" | "add")
makeConf "$@"
;;
"-c" | "clients")
listConnected "$@"
;;
"-d" | "debug")
debug
;;
"-l" | "list")
listClients
;;
"-qr" | "qrcode")
showQrcode "$@"
;;
"-r" | "remove")
removeClient "$@"
;;
"-off" | "off")
disableClient "$@"
;;
"-on" | "on")
enableClient "$@"
;;
"-h" | "help")
showHelp
;;
"-u" | "uninstall")
uninstallServer
;;
"-up" | "update")
updateScripts "$@"
;;
"-bk" | "backup")
backup
;;
*)
showHelp
;;
esac

71
scripts/wireguard/pivpnDEBUG.sh
View file

@ -1,11 +1,15 @@
#!/usr/bin/env bash
#!/bin/bash
# This scripts runs as root
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
if [[ ! -f "${setupVars}" ]]; then
err "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
@ -15,51 +19,76 @@ echo -e "::::\t\t\e[4mPiVPN debug\e[0m\t\t ::::"
printf "=============================================\n"
echo -e "::::\t\t\e[4mLatest commit\e[0m\t\t ::::"
echo -n "Branch: "
git --git-dir /usr/local/src/pivpn/.git rev-parse --abbrev-ref HEAD
git --git-dir /usr/local/src/pivpn/.git log -n 1 --format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s'
git \
--git-dir /usr/local/src/pivpn/.git log \
-n 1 \
--format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s'
printf "=============================================\n"
echo -e "::::\t \e[4mInstallation settings\e[0m \t ::::"
# Disabling SC2154 warning, variable is sourced externaly and may vary
# shellcheck disable=SC2154
sed "s/$pivpnHOST/REDACTED/" < ${setupVars}
sed "s/${pivpnHOST}/REDACTED/" < "${setupVars}"
printf "=============================================\n"
echo -e ":::: \e[4mServer configuration shown below\e[0m ::::"
cd /etc/wireguard/keys || exit
cp ../wg0.conf ../wg0.tmp
# Replace every key in the server configuration with just its file name
for k in *; do
sed "s#$(<"$k")#$k#" -i ../wg0.tmp
sed "s#$(< "${k}")#${k}#" -i ../wg0.tmp
done
cat ../wg0.tmp
rm ../wg0.tmp
printf "=============================================\n"
echo -e ":::: \e[4mClient configuration shown below\e[0m ::::"
EXAMPLE="$(head -1 /etc/wireguard/configs/clients.txt | awk '{print $1}')"
if [ -n "$EXAMPLE" ]; then
cp ../configs/"$EXAMPLE".conf ../configs/"$EXAMPLE".tmp
for k in *; do
sed "s#$(<"$k")#$k#" -i ../configs/"$EXAMPLE".tmp
done
sed "s/$pivpnHOST/REDACTED/" < ../configs/"$EXAMPLE".tmp
rm ../configs/"$EXAMPLE".tmp
if [[ -n "${EXAMPLE}" ]]; then
cp ../configs/"${EXAMPLE}".conf ../configs/"${EXAMPLE}".tmp
for k in *; do
sed "s#$(< "${k}")#${k}#" -i ../configs/"${EXAMPLE}".tmp
done
sed "s/${pivpnHOST}/REDACTED/" < ../configs/"${EXAMPLE}".tmp
rm ../configs/"${EXAMPLE}".tmp
else
echo "::: There are no clients yet"
echo "::: There are no clients yet"
fi
printf "=============================================\n"
echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::\n::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::"
echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::"
echo -e "::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::"
ls -LR /etc/wireguard
printf "=============================================\n"
echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::"
/opt/pivpn/self_check.sh "${VPN}"
printf "=============================================\n"
echo -e ":::: Having trouble connecting? Take a look at the FAQ:"
echo -e ":::: \e[1mhttps://docs.pivpn.io/faq\e[0m"
printf "=============================================\n"
echo -e ":::: \e[1mWARNING\e[0m: This script should have automatically masked sensitive ::::"
echo -e ":::: information, however, still make sure that \e[4mPrivateKey\e[0m, \e[4mPublicKey\e[0m ::::"
echo -e ":::: and \e[4mPresharedKey\e[0m are masked before reporting an issue. An example key ::::"
echo ":::: that you should NOT see in this log looks like this: ::::"
echo ":::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::"
echo -ne ":::: \e[1mWARNING\e[0m: This script should have "
echo -e "automatically masked sensitive ::::"
echo -ne ":::: information, however, still make sure that "
echo -e "\e[4mPrivateKey\e[0m, \e[4mPublicKey\e[0m ::::"
echo -ne ":::: and \e[4mPresharedKey\e[0m are masked before "
echo -e "reporting an issue. An example key ::::"
echo -n ":::: that you should NOT see in this log looks like this:"
echo " ::::"
echo -n ":::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe"
echo " ::::"
printf "=============================================\n"
echo -e "::::\t\t\e[4mDebug complete\e[0m\t\t ::::"

129
scripts/wireguard/qrcodeCONF.sh
View file

@ -1,76 +1,91 @@
#!/bin/bash
helpFunc(){
echo "::: Show the qrcode of a client for use with the mobile app"
echo ":::"
echo "::: Usage: pivpn <-qr|qrcode> [-h|--help] [Options] [<client-1>] ... [<client-n>] ..."
echo ":::"
echo "::: Options:"
echo "::: -a256|ansi256 Shows QR Code in ansi256 characters"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to show"
echo "::: -h,--help Show this help dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
helpFunc() {
echo "::: Show the qrcode of a client for use with the mobile app"
echo ":::"
echo -n "::: Usage: pivpn <-qr|qrcode> [-h|--help] [Options] "
echo "[<client-1> ... [<client-2>] ...]"
echo ":::"
echo "::: Options:"
echo "::: -a256|ansi256 Shows QR Code in ansi256 characters"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to show"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
encoding="ansiutf8"
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-a256|--ansi256)
encoding="ansi256"
;;
*)
CLIENTS_TO_SHOW+=("$1")
;;
esac
shift
while [[ "$#" -gt 0 ]]; do
_key="${1}"
case "${_key}" in
-h | --help)
helpFunc
exit 0
;;
-a256 | --ansi256)
encoding="ansi256"
;;
*)
CLIENTS_TO_SHOW+=("${1}")
;;
esac
shift
done
cd /etc/wireguard/configs || exit
if [ ! -s clients.txt ]; then
echo "::: There are no clients to show"
exit 1
if [[ ! -s clients.txt ]]; then
err "::: There are no clients to show"
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' clients.txt)
if [ "${#CLIENTS_TO_SHOW[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
if [[ "${#CLIENTS_TO_SHOW[@]}" -eq 0 ]]; then
echo -e "::\e[4m Client list \e[0m::"
len="${#LIST[@]}"
COUNTER=1
read -r -p "Please enter the Index/Name of the Client to show: " CLIENTS_TO_SHOW
while [[ "${COUNTER}" -le "${len}" ]]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER - 1))]}"
((COUNTER++))
done
if [ -z "${CLIENTS_TO_SHOW}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
echo -n "Please enter the Index/Name of the Client to show: "
read -r CLIENTS_TO_SHOW
if [[ -z "${CLIENTS_TO_SHOW}" ]]; then
err "::: You can not leave this blank!"
exit 1
fi
fi
for CLIENT_NAME in "${CLIENTS_TO_SHOW[@]}"; do
re='^[0-9]+$'
if [[ ${CLIENT_NAME:0:1} == "-" ]]; then
echo "${CLIENT_NAME} is not a valid client name or option"
exit 1
elif [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if grep -qw "${CLIENT_NAME}" clients.txt; then
echo -e "::: Showing client \e[1m${CLIENT_NAME}\e[0m below"
echo "====================================================================="
qrencode -t "${encoding}" < "${CLIENT_NAME}.conf"
echo "====================================================================="
else
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
fi
re='^[0-9]+$'
if [[ "${CLIENT_NAME:0:1}" == "-" ]]; then
err "${CLIENT_NAME} is not a valid client name or option"
exit 1
elif [[ "${CLIENT_NAME}" =~ $re ]]; then
CLIENT_NAME="${LIST[$((CLIENT_NAME - 1))]}"
fi
if grep -qw "${CLIENT_NAME}" clients.txt; then
echo -e "::: Showing client \e[1m${CLIENT_NAME}\e[0m below"
echo "====================================================================="
qrencode -t "${encoding}" < "${CLIENT_NAME}.conf"
echo "====================================================================="
else
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
fi
done

276
scripts/wireguard/removeCONF.sh
View file

@ -2,159 +2,187 @@
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
if [[ ! -f "${setupVars}" ]]; then
err "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Remove a client conf profile"
echo ":::"
echo "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] [<client-1>] ... [<client-n>] ..."
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to remove"
echo "::: -y,--yes Remove Client(s) without confirmation"
echo "::: -h,--help Show this help dialog"
err() {
echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}
helpFunc() {
echo "::: Remove a client conf profile"
echo ":::"
echo -n "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] "
echo "[<client-1> ... [<client-2>] ...]"
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to remove"
echo "::: -y,--yes Remove Client(s) without confirmation"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
*)
CLIENTS_TO_REMOVE+=("$1")
;;
esac
shift
while [[ "$#" -gt 0 ]]; do
_key="${1}"
case "${_key}" in
-h | --help)
helpFunc
exit 0
;;
-y | --yes)
CONFIRM=true
;;
*)
CLIENTS_TO_REMOVE+=("${1}")
;;
esac
shift
done
cd /etc/wireguard || exit
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to remove"
exit 1
if [[ ! -s configs/clients.txt ]]; then
err "::: There are no clients to remove"
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
if [ "${#CLIENTS_TO_REMOVE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_REMOVE
if [[ "${#CLIENTS_TO_REMOVE[@]}" -eq 0 ]]; then
echo -e "::\e[4m Client list \e[0m::"
len="${#LIST[@]}"
COUNTER=1
if [ -z "${CLIENTS_TO_REMOVE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
while [[ "${COUNTER}" -le "${len}" ]]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER - 1))]}"
((COUNTER++))
done
echo -n "Please enter the Index/Name of the Client to be removed "
echo -n "from the list above: "
read -r CLIENTS_TO_REMOVE
if [[ -z "${CLIENTS_TO_REMOVE}" ]]; then
err "::: You can not leave this blank!"
exit 1
fi
fi
DELETED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
re='^[0-9]+$'
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if [[ "${CLIENT_NAME}" =~ $re ]]; then
CLIENT_NAME="${LIST[$((CLIENT_NAME - 1))]}"
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
if [[ -n "${CONFIRM}" ]]; then
REPLY="y"
else
REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Do you really want to delete $CLIENT_NAME? [y/N] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Grab the least significant octed of the client IP address
COUNT=$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')
# The creation date of the client
CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $3}')"
# And its public key
PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $2}')"
# Then remove the client matching the variables above
sed "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${COUNT}#d" -i configs/clients.txt
# Remove the peer section from the server config
sed "/### begin ${CLIENT_NAME} ###/,/### end ${CLIENT_NAME} ###/d" -i wg0.conf
echo "::: Updated server config"
rm "configs/${CLIENT_NAME}.conf"
echo "::: Client config for ${CLIENT_NAME} removed"
rm "keys/${CLIENT_NAME}_priv"
rm "keys/${CLIENT_NAME}_pub"
rm "keys/${CLIENT_NAME}_psk"
echo "::: Client Keys for ${CLIENT_NAME} removed"
# Find all .conf files in the home folder of the user matching the checksum of the
# config and delete them. '-maxdepth 3' is used to avoid traversing too many folders.
# Disabling SC2154, variable sourced externaly and may vary
# shellcheck disable=SC2154
find "${install_home}" -maxdepth 3 -type f -name '*.conf' -print0 | while IFS= read -r -d '' CONFIG; do
if sha256sum -c <<< "${REQUESTED} ${CONFIG}" &> /dev/null; then
rm "${CONFIG}"
fi
done
((DELETED_COUNT++))
echo "::: Successfully deleted ${CLIENT_NAME}"
# If using Pi-hole, remove the client from the hosts file
# Disabling SC2154, variable sourced externaly and may vary
# shellcheck disable=SC2154
if [ -f /etc/pivpn/hosts.wireguard ]; then
NET_REDUCED="${pivpnNET::-2}"
sed -e "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" -e "\#${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
echo "::: Failed to reload pihole-FTL configuration"
fi
fi
else
echo "Aborting operation"
exit 1
fi
read -r -p "Do you really want to delete ${CLIENT_NAME}? [y/N] "
fi
if [[ "${REPLY}" =~ ^[Yy]$ ]]; then
# Grab the least significant octed of the client IP address
COUNT="$(grep "^${CLIENT_NAME} " configs/clients.txt | awk '{print $4}')"
# The creation date of the client
CREATION_DATE="$(grep "^${CLIENT_NAME} " configs/clients.txt |
awk '{print $3}')"
# And its public key
PUBLIC_KEY="$(grep "^${CLIENT_NAME} " configs/clients.txt |
awk '{print $2}')"
# Then remove the client matching the variables above
sed \
-e "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${COUNT}#d" \
-i \
configs/clients.txt
# Remove the peer section from the server config
sed_pattern="/### begin ${CLIENT_NAME} ###/,"
sed_pattern="${sed_pattern}/### end ${CLIENT_NAME} ###/d"
sed -e "${sed_pattern}" -i wg0.conf
echo "::: Updated server config"
rm "configs/${CLIENT_NAME}.conf"
echo "::: Client config for ${CLIENT_NAME} removed"
rm "keys/${CLIENT_NAME}_priv"
rm "keys/${CLIENT_NAME}_pub"
rm "keys/${CLIENT_NAME}_psk"
echo "::: Client Keys for ${CLIENT_NAME} removed"
# Find all .conf files in the home folder of the user matching the
# checksum of the config and delete them. '-maxdepth 3' is used to
# avoid traversing too many folders.
# Disabling SC2154, variable sourced externaly and may vary
# shellcheck disable=SC2154
while IFS= read -r -d '' CONFIG; do
if sha256sum -c <<< "${REQUESTED} ${CONFIG}" &> /dev/null; then
rm "${CONFIG}"
fi
done < <(find "${install_home}" \
-maxdepth 3 \
-type f \
-name '*.conf' \
-print0)
((DELETED_COUNT++))
echo "::: Successfully deleted ${CLIENT_NAME}"
# If using Pi-hole, remove the client from the hosts file
# Disabling SC2154, variable sourced externaly and may vary
# shellcheck disable=SC2154
if [[ -f /etc/pivpn/hosts.wireguard ]]; then
NET_REDUCED="${pivpnNET::-2}"
sed \
-e "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" \
-e "\#${pivpnNETv6}${COUNT} ${CLIENT_NAME}.pivpn#d" \
-i \
/etc/pivpn/hosts.wireguard
if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole"
else
err "::: Failed to reload pihole-FTL configuration"
fi
fi
unset sed_pattern
else
err "Aborting operation"
exit 1
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${DELETED_COUNT}" -gt 0 ]; then
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
if [[ "${DELETED_COUNT}" -gt 0 ]]; then
if [[ "${PLAT}" == 'Alpine' ]]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
err "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
err "::: Failed to reload WireGuard"
fi
fi
fi