Merge Test Branch into master

Merged test branch into master, More details LatestUpdate.md
2024-12-19 19:30:16 +00:00 · 2021-01-17 18:26:12 +01:00 · 2021-01-17 18:26:12 +01:00 · b5ec995f68
commit b5ec995f68
parent 75acaf97ae 5a81da9912
11 changed files with 368 additions and 99 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -13,7 +13,7 @@ assignees: ''

 - [] I have read and understood the [contributors guide](https://github.com/pivpn/pivpn/blob/master/CONTRIBUTING.md).
 - [] The issue I am reporting can be *replicated*.
- [] The issue I am reporting can be *is* directly related to the pivpn installer script.
+- [] The issue I am reporting *is* directly related to the pivpn installer script.
 - [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pivpn/pivpn/wiki/FAQ), [closed issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aclosed), and [open issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen)).

 **Describe the bug**
--- a/LatestUpdate.md
+++ b/LatestUpdate.md
@ -4,6 +4,17 @@ This file has the objective of describing the major changes for each merge from

 Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.

+## Jan 17th 2021
+
+- Issues Fixed:
+  - #1180 Incorrect system detection
+  - #1212 Confusing prompt when removing wireguard config
+  - #1204 Package cache update not workig
+- New Features
+  - #1111 Possibility to turn on/off single wireguard client configs
+  - #1177 Possibility to change AllowedIPs 
+- English corrections
+
 ## Nov 4th 2020

 - Official support for Ubuntu Server 20.04 on Raspberry Pi (32-bit and 64-bit).
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -10,7 +10,6 @@
 # curl -L https://install.pivpn.io | bash
 # Make sure you have `curl` installed

-# timestamp 2020/5/24 15:53BST

 ######## VARIABLES #########
 pivpnGitUrl="https://github.com/pivpn/pivpn.git"
@ -32,7 +31,7 @@ debianOvpnUserGroup="openvpn:openvpn"
 PKG_MANAGER="apt-get"
 PKG_CACHE="/var/lib/apt/lists/"
 ### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
-UPDATE_PKG_CACHE="${PKG_MANAGER} update"
+UPDATE_PKG_CACHE="${PKG_MANAGER} update -y"
 PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
 PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"

@ -215,7 +214,7 @@ main(){
 	# Save installation setting to the final location
 	echo "INSTALLED_PACKAGES=(${INSTALLED_PACKAGES[*]})" >> ${tempsetupVarsFile}
        echo "::: Setupfiles copied to ${setupConfigDir}/${VPN}/${setupVarsFile}"
-        $SUDO mkdir "${setupConfigDir}/${VPN}/"
+        $SUDO mkdir -p "${setupConfigDir}/${VPN}/"
 	$SUDO cp ${tempsetupVarsFile} "${setupConfigDir}/${VPN}/${setupVarsFile}"

 	installScripts
@ -400,24 +399,12 @@ verifyFreeDiskSpace(){
 }

 updatePackageCache(){
-	#Running apt-get update/upgrade with minimal output can cause some issues with
-	#requiring user input
-
-	#Check to see if apt-get update has already been run today
-	#it needs to have been run at least once on new installs!
-	timestamp=$(stat -c %Y ${PKG_CACHE})
-	timestampAsDate=$(date -d @"${timestamp}" "+%b %e")
-	today=$(date "+%b %e")
-
-
-	 if [ ! "${today}" == "${timestampAsDate}" ]; then
 		#update package lists
 		echo ":::"
-		echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
+		echo -ne "::: Package Cache update is needed, running ${UPDATE_PKG_CACHE} ...\\n"
        # shellcheck disable=SC2086
 		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
 		echo " done!"
-	fi
 }

 notifyPackageUpdatesAvailable(){
@ -475,31 +462,33 @@ preconfigurePackages(){
 	fi

 	AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
-	WIREGUARD_BUILTIN=0
-	NEED_WIREGUARD_REPO=0

-	if [ -n "$AVAILABLE_WIREGUARD" ]; then
-		if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
-			# If a wireguard kernel object is found and is part of any installed package, then
-			# it has not been build via DKMS or manually (installing via wireguard-dkms does not
-			# make the module part of the package since the module itself is built at install time
-			# and not part of the .deb).
-			# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
-			for i in /lib/modules/**/wireguard.ko; do
-				[[ -f $i ]] || continue
-				dpkg-query -S "$i" &> /dev/null || continue
-				WIREGUARD_BUILTIN=1
-				break
-			done
-		fi
+	# If a wireguard kernel object is found and is part of any installed package, then
+	# it has not been build via DKMS or manually (installing via wireguard-dkms does not
+	# make the module part of the package since the module itself is built at install time
+	# and not part of the .deb).
+	# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
+	WIREGUARD_BUILTIN=0
+	for i in /lib/modules/**/wireguard.ko; do
+		[[ -f $i ]] || continue
+		dpkg-query -S "$i" &> /dev/null || continue
+		WIREGUARD_BUILTIN=1
+		break
+	done
+
+	if
+		# If the module is builtin and the package available, we only need to install wireguard-tools.
+		[[ $WIREGUARD_BUILTIN == 1 && -n $AVAILABLE_WIREGUARD ]] ||
+		# If the package is not available, on Debian and Raspbian we can add it via Bullseye repository.
+		[[ $WIREGUARD_BUILTIN == 1 && ( $PLAT == 'Debian' || $PLAT == 'Raspbian' ) ]] ||
+		# If the module is not builtin, on Raspbian we know the headers package: raspberrypi-kernel-headers
+		[[ $PLAT == 'Raspbian' ]] ||
+		# On Debian (and Ubuntu), we can only reliably assume the headers package for amd64: linux-image-amd64
+		[[ $PLAT == 'Debian' && $DPKG_ARCH == 'amd64' ]] ||
+		# On Ubuntu, additionally the WireGuard package needs to be available, since we didn't test mixing Ubuntu repositories.
+		[[ $PLAT == 'Ubuntu' && $DPKG_ARCH == 'amd64' && -n $AVAILABLE_WIREGUARD ]]
+	then
 		WIREGUARD_SUPPORT=1
-	else
-		if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then
-			NEED_WIREGUARD_REPO=1
-			WIREGUARD_SUPPORT=1
-		else
-			WIREGUARD_SUPPORT=0
-		fi
 	fi

 	if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
@ -546,7 +535,7 @@ installDependentPackages(){
 		fi
 	done

-	local APTLOGFILE="$(mktemp)"
+	local APTLOGFILE="$($SUDO mktemp)"

 	if command -v debconf-apt-progress > /dev/null; then
        # shellcheck disable=SC2086
@ -570,7 +559,7 @@ installDependentPackages(){
 	done

 	if [ "$FAILED" -gt 0 ]; then
-		cat "${APTLOGFILE}"
+		$SUDO cat "${APTLOGFILE}"
 		exit 1
 	fi
 }
@ -991,7 +980,7 @@ chooseUser(){
 isRepo(){
 	# If the directory does not have a .git folder it is not a repo
 	echo -n ":::    Checking $1 is a repo..."
-	cd "${1}" &> /dev/null || return 1
+	cd "${1}" &> /dev/null || { echo " not found!"; return 1; }
 	$SUDO git status &> /dev/null && echo " OK!"; return 0 || echo " not found!"; return 1
 }

@ -1094,6 +1083,9 @@ installPiVPN(){
 		pivpnDEV="wg0"
 		pivpnNET="10.6.0.0"
 		vpnGw="${pivpnNET/.0.0/.0.1}"
+		# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
+		# the user after the installation.
+		ALLOWED_IPS="0.0.0.0/0, ::0/0"
 		CUSTOMIZE=0

 		installWireGuard
@ -1110,6 +1102,7 @@ installPiVPN(){
 	echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile}
 	echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile}
 	echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile}
+	echo "ALLOWED_IPS=\"${ALLOWED_IPS}\"" >> ${tempsetupVarsFile}
 }

 askWhichVPN(){
@ -1201,7 +1194,7 @@ installOpenVPN(){

 		echo "::: Updating package cache..."
 		# shellcheck disable=SC2086
-		$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
+		updatePackageCache
 	fi

 	# grepcidr is used to redact IPs in the debug log whereas expect is used
@ -1260,7 +1253,7 @@ installWireGuard(){

 		echo "::: Installing WireGuard from Debian package... "

-		if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
+		if [ -z "$AVAILABLE_WIREGUARD" ]; then
 			echo "::: Adding Raspbian repository... "
 			echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null

@ -1269,7 +1262,7 @@ installWireGuard(){

 			echo "::: Updating package cache..."
 			# shellcheck disable=SC2086
-			$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
+			updatePackageCache
 		fi

 		# qrencode is used to generate qrcodes from config file, for use with mobile clients
@ -1280,7 +1273,7 @@ installWireGuard(){

 		echo "::: Installing WireGuard from Debian package... "

-		if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
+		if [ -z "$AVAILABLE_WIREGUARD" ]; then
 			echo "::: Adding Debian repository... "
 			echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null

@ -1288,7 +1281,7 @@ installWireGuard(){

 			echo "::: Updating package cache..."
 			# shellcheck disable=SC2086
-			$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
+			updatePackageCache
 		fi

 		PIVPN_DEPS=(wireguard-tools qrencode)
@ -2003,7 +1996,7 @@ confOVPN(){

 confWireGuard(){
 	# Reload job type is not yet available in wireguard-tools shipped with Ubuntu 20.04
-	if ! grep -q 'ExecReload' /usr/lib/systemd/system/wg-quick@.service; then
+	if ! grep -q 'ExecReload' /lib/systemd/system/wg-quick@.service; then
 		echo "::: Adding additional reload job type for wg-quick unit"
 		$SUDO install -D -m 644 "${pivpnFilesDir}"/files/etc/systemd/system/wg-quick@.service.d/override.conf /etc/systemd/system/wg-quick@.service.d/override.conf
 		$SUDO systemctl daemon-reload
@ -2284,13 +2277,13 @@ installScripts(){
 		# Unlink the protocol specific pivpn script and symlink the common
 		# script to the location instead
 		$SUDO unlink /usr/local/bin/pivpn
-		$SUDO ln -s -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn
+		$SUDO ln -sf -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn
 	else
 		# Only one protocol is installed, symlink bash completion, the pivpn script
 		# and the script directory
-		$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn
-		$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn
-		$SUDO ln -s "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}"
+		$SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn
+		$SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn
+		$SUDO ln -sf "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}"
 		# shellcheck disable=SC1091
 		. /etc/bash_completion.d/pivpn
 	fi
--- a/scripts/wireguard/bash-completion
+++ b/scripts/wireguard/bash-completion
@ -4,8 +4,8 @@ _pivpn()
    COMPREPLY=()
    cur="${COMP_WORDS[COMP_CWORD]}"
    prev="${COMP_WORDS[COMP_CWORD-1]}"
-    dashopts="-a -c -d -l -qr -r -h -u -up -bk"
-    opts="add clients debug list qrcode remove help uninstall update backup"
+    dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
+    opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
    if [ "${#COMP_WORDS[@]}" -eq 2 ]
    then
        if [[ ${cur} == -* ]] ; then
--- a/scripts/wireguard/clientSTAT.sh
+++ b/scripts/wireguard/clientSTAT.sh
@ -2,6 +2,7 @@
 # PiVPN: client status script

 CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
+CONF_FILE="/etc/wireguard/wg0.conf"

 if [ ! -s "$CLIENTS_FILE" ]; then
    echo "::: There are no clients to list"
@ -36,33 +37,37 @@ listClients(){
    printf "\e[4mName\e[0m  \t  \e[4mRemote IP\e[0m  \t  \e[4mVirtual IP\e[0m  \t  \e[4mBytes Received\e[0m  \t  \e[4mBytes Sent\e[0m  \t  \e[4mLast Seen\e[0m\n"

    while IFS= read -r LINE; do
-
-        PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
-        REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
-        VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
-        BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
-        BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
-        LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
-        CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
-
-        if [ "$HR" = 1 ]; then
-            if [ "$LAST_SEEN" -ne 0 ]; then
-                printf "%s  \t  %s  \t  %s  \t  %s  \t  %s  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
+        if [ -n "${LINE}" ]; then
+            PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
+            REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
+            VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
+            BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
+            BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
+            LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
+            CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
+            if [ "$HR" = 1 ]; then
+                if [ "$LAST_SEEN" -ne 0 ]; then
+                    printf "%s  \t  %s  \t  %s  \t  %s  \t  %s  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
+                else
+                    printf "%s  \t  %s  \t  %s  \t  %s  \t  %s  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
+                fi
            else
-                printf "%s  \t  %s  \t  %s  \t  %s  \t  %s  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
-            fi
-        else
-            if [ "$LAST_SEEN" -ne 0 ]; then
-                printf "%s  \t  %s  \t  %s  \t  %'d  \t  %'d  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
-            else
-                printf "%s  \t  %s  \t  %s  \t  %'d  \t  %'d  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
+                if [ "$LAST_SEEN" -ne 0 ]; then
+                    printf "%s  \t  %s  \t  %s  \t  %'d  \t  %'d  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
+                else
+                    printf "%s  \t  %s  \t  %s  \t  %'d  \t  %'d  \t  %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
+                fi
            fi
        fi
-
    done <<< "$DUMP"

    printf "\n"
    } | column -t -s $'\t'
+
+    cd /etc/wireguard || return
+    echo "::: Disabled clients :::"
+    grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
+
 }

 if [[ $# -eq 0 ]]; then
--- a/scripts/wireguard/disableCONF.sh
+++ b/scripts/wireguard/disableCONF.sh
@ -0,0 +1,120 @@
+#!/bin/bash
+
+setupVars="/etc/pivpn/wireguard/setupVars.conf"
+
+if [ ! -f "${setupVars}" ]; then
+    echo "::: Missing setup vars file!"
+    exit 1
+fi
+
+source "${setupVars}"
+
+helpFunc(){
+    echo "::: Disable client conf profiles"
+    echo ":::"
+    echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
+    echo ":::"
+    echo "::: Commands:"
+    echo ":::  [none]               Interactive mode"
+    echo ":::  <client>             Client"
+    echo ":::  -y,--yes             Disable client(s) without confirmation"
+    echo ":::  -v                   Show disabled clients only"
+    echo ":::  -h,--help            Show this help dialog"
+}
+
+# Parse input arguments
+while test $# -gt 0
+do
+    _key="$1"
+    case "$_key" in
+        -h|--help)
+            helpFunc
+            exit 0
+            ;;
+        -y|--yes)
+            CONFIRM=true
+            ;;
+        -v)
+            DISPLAY_DISABLED=true
+            ;;
+	*)
+            CLIENTS_TO_CHANGE+=("$1")
+            ;;
+    esac
+    shift
+done
+
+cd /etc/wireguard
+if [ ! -s configs/clients.txt ]; then
+    echo "::: There are no clients to change"
+    exit 1
+fi
+
+
+if [ "$DISPLAY_DISABLED" ]; then
+    grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
+    exit 1
+fi
+
+
+LIST=($(awk '{print $1}' configs/clients.txt))
+if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
+    echo -e "::\e[4m  Client list  \e[0m::"
+    len=${#LIST[@]}
+    COUNTER=1
+    while [ $COUNTER -le ${len} ]; do
+        printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
+        ((COUNTER++))
+    done
+
+    read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
+
+    if [ -z "${CLIENTS_TO_CHANGE}" ]; then
+        echo "::: You can not leave this blank!"
+        exit 1
+    fi
+fi
+
+CHANGED_COUNT=0
+
+for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
+
+    re='^[0-9]+$'
+    if [[ ${CLIENT_NAME} =~ $re ]] ; then
+        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+    fi
+
+    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
+        echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
+    elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
+        echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
+    else
+        if [ -n "$CONFIRM" ]; then
+            REPLY="y"
+        else
+            read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
+        fi
+
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+
+            # Disable the peer section from the server config
+	    echo "${CLIENT_NAME}"
+            sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
+            echo "::: Updated server config"
+
+            ((CHANGED_COUNT++))
+            echo "::: Successfully disabled ${CLIENT_NAME}"
+
+        fi
+    fi
+
+done
+
+# Restart WireGuard only if some clients were actually deleted
+if [ "${CHANGED_COUNT}" -gt 0 ]; then
+    if systemctl reload wg-quick@wg0; then
+        echo "::: WireGuard reloaded"
+    else
+        echo "::: Failed to reload WireGuard"
+    fi
+fi
--- a/scripts/wireguard/enableCONF.sh
+++ b/scripts/wireguard/enableCONF.sh
@ -0,0 +1,116 @@
+#!/bin/bash
+
+setupVars="/etc/pivpn/wireguard/setupVars.conf"
+
+if [ ! -f "${setupVars}" ]; then
+    echo "::: Missing setup vars file!"
+    exit 1
+fi
+
+source "${setupVars}"
+
+helpFunc(){
+    echo "::: Enables client conf profiles"
+    echo ":::"
+    echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
+    echo ":::"
+    echo "::: Commands:"
+    echo ":::  [none]               Interactive mode"
+    echo ":::  <client>             Client"
+    echo ":::  -y,--yes             Enable client(s) without confirmation"
+    echo ":::  -v                   Show disabled clients only"
+    echo ":::  -h,--help            Show this help dialog"
+}
+
+# Parse input arguments
+while test $# -gt 0
+do
+    _key="$1"
+    case "$_key" in
+        -h|--help)
+            helpFunc
+            exit 0
+            ;;
+        -y|--yes)
+            CONFIRM=true
+            ;;
+        -v)
+            DISPLAY_DISABLED=true
+            ;;
+	*)
+            CLIENTS_TO_CHANGE+=("$1")
+            ;;
+    esac
+    shift
+done
+
+cd /etc/wireguard
+if [ ! -s configs/clients.txt ]; then
+    echo "::: There are no clients to change"
+    exit 1
+fi
+
+if [ "$DISPLAY_DISABLED" ]; then
+    grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
+    exit 1
+fi
+
+LIST=($(awk '{print $1}' configs/clients.txt))
+if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
+    echo -e "::\e[4m  Client list  \e[0m::"
+    len=${#LIST[@]}
+    COUNTER=1
+    while [ $COUNTER -le ${len} ]; do
+        printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
+        ((COUNTER++))
+    done
+
+    read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
+
+    if [ -z "${CLIENTS_TO_CHANGE}" ]; then
+        echo "::: You can not leave this blank!"
+        exit 1
+    fi
+fi
+
+CHANGED_COUNT=0
+
+for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
+
+    re='^[0-9]+$'
+    if [[ ${CLIENT_NAME} =~ $re ]] ; then
+        CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
+    fi
+
+    if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
+        echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
+    else
+        if [ -n "$CONFIRM" ]; then
+            REPLY="y"
+        else
+            read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
+        fi
+
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+
+            # Enable the peer section from the server config
+	    echo "${CLIENT_NAME}" 
+            sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
+            echo "::: Updated server config"
+
+            ((CHANGED_COUNT++))
+            echo "::: Successfully enabled ${CLIENT_NAME}"
+
+        fi
+    fi
+
+done
+
+# Restart WireGuard only if some clients were actually deleted
+if [ "${CHANGED_COUNT}" -gt 0 ]; then
+    if systemctl reload wg-quick@wg0; then
+        echo "::: WireGuard reloaded"
+    else
+        echo "::: Failed to reload WireGuard"
+    fi
+fi
--- a/scripts/wireguard/listCONF.sh
+++ b/scripts/wireguard/listCONF.sh
@ -25,4 +25,9 @@ while read -r LINE; do
    echo -e "$CLIENT_NAME  \t  $PUBLIC_KEY  \t  $CD_FORMAT"
 done < clients.txt

-} | column -t -s $'\t'
+} | column -t -s $'\t'
+
+
+cd /etc/wireguard || return
+echo "::: Disabled clients :::"
+grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
--- a/scripts/wireguard/makeCONF.sh
+++ b/scripts/wireguard/makeCONF.sh
@ -110,7 +110,7 @@ echo "[Peer]
 PublicKey = $(cat keys/server_pub)
 PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
 Endpoint = ${pivpnHOST}:${pivpnPORT}
-AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
+AllowedIPs = ${ALLOWED_IPS}" >> "configs/${CLIENT_NAME}.conf"
 echo "::: Client config generated"

 echo "### begin ${CLIENT_NAME} ###
--- a/scripts/wireguard/pivpn.sh
+++ b/scripts/wireguard/pivpn.sh
@ -52,6 +52,18 @@ removeClient(){
    exit 0
 }

+disableClient(){
+    shift
+    $SUDO ${scriptdir}/${vpn}/disableCONF.sh "$@"
+    exit 0
+}
+
+enableClient(){
+    shift
+    $SUDO ${scriptdir}/${vpn}/enableCONF.sh "$@"
+    exit 0
+}
+
 uninstallServer(){
    $SUDO ${scriptdir}/uninstall.sh "${vpn}"
    exit 0
@ -74,16 +86,18 @@ showHelp(){
    echo "::: Usage: pivpn <command> [option]"
    echo ":::"
    echo "::: Commands:"
-    echo ":::  -a,  add              Create a client conf profile"
-    echo ":::  -c,  clients          List any connected clients to the server"
-    echo ":::  -d,  debug            Start a debugging session if having trouble"
-    echo ":::  -l,  list             List all clients"
-    echo ":::  -qr, qrcode           Show the qrcode of a client for use with the mobile app"
-    echo ":::  -r,  remove           Remove a client"
-    echo ":::  -h,  help             Show this help dialog"
-    echo ":::  -u,  uninstall        Uninstall pivpn from your system!"
-    echo ":::  -up, update           Updates PiVPN Scripts"
-    echo ":::  -bk, backup           Backup VPN configs and user profiles"
+    echo ":::    -a, add              Create a client conf profile"
+    echo ":::    -c, clients          List any connected clients to the server"
+    echo ":::    -d, debug            Start a debugging session if having trouble"
+    echo ":::    -l, list             List all clients"
+    echo ":::   -qr, qrcode           Show the qrcode of a client for use with the mobile app"
+    echo ":::    -r, remove           Remove a client"
+    echo ":::  -off, off              Disable a user"
+    echo ":::   -on, on               Enable a user"
+    echo ":::    -h, help             Show this help dialog"
+    echo ":::    -u, uninstall        Uninstall pivpn from your system!"
+    echo ":::   -up, update           Updates PiVPN Scripts"
+    echo ":::   -bk, backup           Backup VPN configs and user profiles"
    exit 0
 }

@ -93,15 +107,17 @@ fi

 # Handle redirecting to specific functions based on arguments
 case "$1" in
-"-a"  | "add"                ) makeConf "$@";;
-"-c"  | "clients"            ) listConnected "$@";;
-"-d"  | "debug"              ) debug;;
-"-l"  | "list"               ) listClients;;
-"-qr" | "qrcode"             ) showQrcode "$@";;
-"-r"  | "remove"             ) removeClient "$@";;
-"-h"  | "help"               ) showHelp;;
-"-u"  | "uninstall"          ) uninstallServer;;
-"-up" | "update"             ) updateScripts "$@" ;;
-"-bk" | "backup"             ) backup ;;
-*                            ) showHelp;;
+"-a"   | "add"                ) makeConf "$@";;
+"-c"   | "clients"            ) listConnected "$@";;
+"-d"   | "debug"              ) debug;;
+"-l"   | "list"               ) listClients;;
+"-qr"  | "qrcode"             ) showQrcode "$@";;
+"-r"   | "remove"             ) removeClient "$@";;
+"-off" | "off"                ) disableClient "$@";;
+"-on"  | "on"                 ) enableClient "$@";;
+"-h"   | "help"               ) showHelp;;
+"-u"   | "uninstall"          ) uninstallServer;;
+"-up"  | "update"             ) updateScripts "$@" ;;
+"-bk"  | "backup"             ) backup ;;
+*                             ) showHelp;;
 esac
--- a/scripts/wireguard/removeCONF.sh
+++ b/scripts/wireguard/removeCONF.sh
@ -80,7 +80,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
        if [ -n "$CONFIRM" ]; then
            REPLY="y"
        else
-            read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] "
+            read -r -p "Do you really want to delete $CLIENT_NAME? [y/N] "
        fi

        if [[ $REPLY =~ ^[Yy]$ ]]; then
@ -129,6 +129,9 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
                fi
            fi

+        else
+            echo "Aborting operation"
+            exit 1
        fi
    fi