Merge Test Branch into master

Merged test branch into master,
More details LatestUpdate.md
This commit is contained in:
Carlos Colaço 2021-01-17 18:26:12 +01:00
commit b5ec995f68
11 changed files with 368 additions and 99 deletions

View file

@ -13,7 +13,7 @@ assignees: ''
- [] I have read and understood the [contributors guide](https://github.com/pivpn/pivpn/blob/master/CONTRIBUTING.md). - [] I have read and understood the [contributors guide](https://github.com/pivpn/pivpn/blob/master/CONTRIBUTING.md).
- [] The issue I am reporting can be *replicated*. - [] The issue I am reporting can be *replicated*.
- [] The issue I am reporting can be *is* directly related to the pivpn installer script. - [] The issue I am reporting *is* directly related to the pivpn installer script.
- [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pivpn/pivpn/wiki/FAQ), [closed issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aclosed), and [open issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen)). - [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pivpn/pivpn/wiki/FAQ), [closed issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aclosed), and [open issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen)).
**Describe the bug** **Describe the bug**

View file

@ -4,6 +4,17 @@ This file has the objective of describing the major changes for each merge from
Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged. Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.
## Jan 17th 2021
- Issues Fixed:
- #1180 Incorrect system detection
- #1212 Confusing prompt when removing wireguard config
- #1204 Package cache update not workig
- New Features
- #1111 Possibility to turn on/off single wireguard client configs
- #1177 Possibility to change AllowedIPs
- English corrections
## Nov 4th 2020 ## Nov 4th 2020
- Official support for Ubuntu Server 20.04 on Raspberry Pi (32-bit and 64-bit). - Official support for Ubuntu Server 20.04 on Raspberry Pi (32-bit and 64-bit).

View file

@ -10,7 +10,6 @@
# curl -L https://install.pivpn.io | bash # curl -L https://install.pivpn.io | bash
# Make sure you have `curl` installed # Make sure you have `curl` installed
# timestamp 2020/5/24 15:53BST
######## VARIABLES ######### ######## VARIABLES #########
pivpnGitUrl="https://github.com/pivpn/pivpn.git" pivpnGitUrl="https://github.com/pivpn/pivpn.git"
@ -32,7 +31,7 @@ debianOvpnUserGroup="openvpn:openvpn"
PKG_MANAGER="apt-get" PKG_MANAGER="apt-get"
PKG_CACHE="/var/lib/apt/lists/" PKG_CACHE="/var/lib/apt/lists/"
### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086 ### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
UPDATE_PKG_CACHE="${PKG_MANAGER} update" UPDATE_PKG_CACHE="${PKG_MANAGER} update -y"
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install" PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
@ -215,7 +214,7 @@ main(){
# Save installation setting to the final location # Save installation setting to the final location
echo "INSTALLED_PACKAGES=(${INSTALLED_PACKAGES[*]})" >> ${tempsetupVarsFile} echo "INSTALLED_PACKAGES=(${INSTALLED_PACKAGES[*]})" >> ${tempsetupVarsFile}
echo "::: Setupfiles copied to ${setupConfigDir}/${VPN}/${setupVarsFile}" echo "::: Setupfiles copied to ${setupConfigDir}/${VPN}/${setupVarsFile}"
$SUDO mkdir "${setupConfigDir}/${VPN}/" $SUDO mkdir -p "${setupConfigDir}/${VPN}/"
$SUDO cp ${tempsetupVarsFile} "${setupConfigDir}/${VPN}/${setupVarsFile}" $SUDO cp ${tempsetupVarsFile} "${setupConfigDir}/${VPN}/${setupVarsFile}"
installScripts installScripts
@ -400,24 +399,12 @@ verifyFreeDiskSpace(){
} }
updatePackageCache(){ updatePackageCache(){
#Running apt-get update/upgrade with minimal output can cause some issues with
#requiring user input
#Check to see if apt-get update has already been run today
#it needs to have been run at least once on new installs!
timestamp=$(stat -c %Y ${PKG_CACHE})
timestampAsDate=$(date -d @"${timestamp}" "+%b %e")
today=$(date "+%b %e")
if [ ! "${today}" == "${timestampAsDate}" ]; then
#update package lists #update package lists
echo ":::" echo ":::"
echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n" echo -ne "::: Package Cache update is needed, running ${UPDATE_PKG_CACHE} ...\\n"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! $SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
echo " done!" echo " done!"
fi
} }
notifyPackageUpdatesAvailable(){ notifyPackageUpdatesAvailable(){
@ -475,31 +462,33 @@ preconfigurePackages(){
fi fi
AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')" AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
WIREGUARD_BUILTIN=0
NEED_WIREGUARD_REPO=0
if [ -n "$AVAILABLE_WIREGUARD" ]; then # If a wireguard kernel object is found and is part of any installed package, then
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then # it has not been build via DKMS or manually (installing via wireguard-dkms does not
# If a wireguard kernel object is found and is part of any installed package, then # make the module part of the package since the module itself is built at install time
# it has not been build via DKMS or manually (installing via wireguard-dkms does not # and not part of the .deb).
# make the module part of the package since the module itself is built at install time # Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
# and not part of the .deb). WIREGUARD_BUILTIN=0
# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815 for i in /lib/modules/**/wireguard.ko; do
for i in /lib/modules/**/wireguard.ko; do [[ -f $i ]] || continue
[[ -f $i ]] || continue dpkg-query -S "$i" &> /dev/null || continue
dpkg-query -S "$i" &> /dev/null || continue WIREGUARD_BUILTIN=1
WIREGUARD_BUILTIN=1 break
break done
done
fi if
# If the module is builtin and the package available, we only need to install wireguard-tools.
[[ $WIREGUARD_BUILTIN == 1 && -n $AVAILABLE_WIREGUARD ]] ||
# If the package is not available, on Debian and Raspbian we can add it via Bullseye repository.
[[ $WIREGUARD_BUILTIN == 1 && ( $PLAT == 'Debian' || $PLAT == 'Raspbian' ) ]] ||
# If the module is not builtin, on Raspbian we know the headers package: raspberrypi-kernel-headers
[[ $PLAT == 'Raspbian' ]] ||
# On Debian (and Ubuntu), we can only reliably assume the headers package for amd64: linux-image-amd64
[[ $PLAT == 'Debian' && $DPKG_ARCH == 'amd64' ]] ||
# On Ubuntu, additionally the WireGuard package needs to be available, since we didn't test mixing Ubuntu repositories.
[[ $PLAT == 'Ubuntu' && $DPKG_ARCH == 'amd64' && -n $AVAILABLE_WIREGUARD ]]
then
WIREGUARD_SUPPORT=1 WIREGUARD_SUPPORT=1
else
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then
NEED_WIREGUARD_REPO=1
WIREGUARD_SUPPORT=1
else
WIREGUARD_SUPPORT=0
fi
fi fi
if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
@ -546,7 +535,7 @@ installDependentPackages(){
fi fi
done done
local APTLOGFILE="$(mktemp)" local APTLOGFILE="$($SUDO mktemp)"
if command -v debconf-apt-progress > /dev/null; then if command -v debconf-apt-progress > /dev/null; then
# shellcheck disable=SC2086 # shellcheck disable=SC2086
@ -570,7 +559,7 @@ installDependentPackages(){
done done
if [ "$FAILED" -gt 0 ]; then if [ "$FAILED" -gt 0 ]; then
cat "${APTLOGFILE}" $SUDO cat "${APTLOGFILE}"
exit 1 exit 1
fi fi
} }
@ -991,7 +980,7 @@ chooseUser(){
isRepo(){ isRepo(){
# If the directory does not have a .git folder it is not a repo # If the directory does not have a .git folder it is not a repo
echo -n "::: Checking $1 is a repo..." echo -n "::: Checking $1 is a repo..."
cd "${1}" &> /dev/null || return 1 cd "${1}" &> /dev/null || { echo " not found!"; return 1; }
$SUDO git status &> /dev/null && echo " OK!"; return 0 || echo " not found!"; return 1 $SUDO git status &> /dev/null && echo " OK!"; return 0 || echo " not found!"; return 1
} }
@ -1094,6 +1083,9 @@ installPiVPN(){
pivpnDEV="wg0" pivpnDEV="wg0"
pivpnNET="10.6.0.0" pivpnNET="10.6.0.0"
vpnGw="${pivpnNET/.0.0/.0.1}" vpnGw="${pivpnNET/.0.0/.0.1}"
# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
# the user after the installation.
ALLOWED_IPS="0.0.0.0/0, ::0/0"
CUSTOMIZE=0 CUSTOMIZE=0
installWireGuard installWireGuard
@ -1110,6 +1102,7 @@ installPiVPN(){
echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile} echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile}
echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile} echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile}
echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile} echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile}
echo "ALLOWED_IPS=\"${ALLOWED_IPS}\"" >> ${tempsetupVarsFile}
} }
askWhichVPN(){ askWhichVPN(){
@ -1201,7 +1194,7 @@ installOpenVPN(){
echo "::: Updating package cache..." echo "::: Updating package cache..."
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! updatePackageCache
fi fi
# grepcidr is used to redact IPs in the debug log whereas expect is used # grepcidr is used to redact IPs in the debug log whereas expect is used
@ -1260,7 +1253,7 @@ installWireGuard(){
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then if [ -z "$AVAILABLE_WIREGUARD" ]; then
echo "::: Adding Raspbian repository... " echo "::: Adding Raspbian repository... "
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
@ -1269,7 +1262,7 @@ installWireGuard(){
echo "::: Updating package cache..." echo "::: Updating package cache..."
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! updatePackageCache
fi fi
# qrencode is used to generate qrcodes from config file, for use with mobile clients # qrencode is used to generate qrcodes from config file, for use with mobile clients
@ -1280,7 +1273,7 @@ installWireGuard(){
echo "::: Installing WireGuard from Debian package... " echo "::: Installing WireGuard from Debian package... "
if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then if [ -z "$AVAILABLE_WIREGUARD" ]; then
echo "::: Adding Debian repository... " echo "::: Adding Debian repository... "
echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
@ -1288,7 +1281,7 @@ installWireGuard(){
echo "::: Updating package cache..." echo "::: Updating package cache..."
# shellcheck disable=SC2086 # shellcheck disable=SC2086
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $! updatePackageCache
fi fi
PIVPN_DEPS=(wireguard-tools qrencode) PIVPN_DEPS=(wireguard-tools qrencode)
@ -2003,7 +1996,7 @@ confOVPN(){
confWireGuard(){ confWireGuard(){
# Reload job type is not yet available in wireguard-tools shipped with Ubuntu 20.04 # Reload job type is not yet available in wireguard-tools shipped with Ubuntu 20.04
if ! grep -q 'ExecReload' /usr/lib/systemd/system/wg-quick@.service; then if ! grep -q 'ExecReload' /lib/systemd/system/wg-quick@.service; then
echo "::: Adding additional reload job type for wg-quick unit" echo "::: Adding additional reload job type for wg-quick unit"
$SUDO install -D -m 644 "${pivpnFilesDir}"/files/etc/systemd/system/wg-quick@.service.d/override.conf /etc/systemd/system/wg-quick@.service.d/override.conf $SUDO install -D -m 644 "${pivpnFilesDir}"/files/etc/systemd/system/wg-quick@.service.d/override.conf /etc/systemd/system/wg-quick@.service.d/override.conf
$SUDO systemctl daemon-reload $SUDO systemctl daemon-reload
@ -2284,13 +2277,13 @@ installScripts(){
# Unlink the protocol specific pivpn script and symlink the common # Unlink the protocol specific pivpn script and symlink the common
# script to the location instead # script to the location instead
$SUDO unlink /usr/local/bin/pivpn $SUDO unlink /usr/local/bin/pivpn
$SUDO ln -s -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn $SUDO ln -sf -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn
else else
# Only one protocol is installed, symlink bash completion, the pivpn script # Only one protocol is installed, symlink bash completion, the pivpn script
# and the script directory # and the script directory
$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn $SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn
$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn $SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn
$SUDO ln -s "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}" $SUDO ln -sf "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}"
# shellcheck disable=SC1091 # shellcheck disable=SC1091
. /etc/bash_completion.d/pivpn . /etc/bash_completion.d/pivpn
fi fi

View file

@ -4,8 +4,8 @@ _pivpn()
COMPREPLY=() COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}" cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}" prev="${COMP_WORDS[COMP_CWORD-1]}"
dashopts="-a -c -d -l -qr -r -h -u -up -bk" dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
opts="add clients debug list qrcode remove help uninstall update backup" opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
if [ "${#COMP_WORDS[@]}" -eq 2 ] if [ "${#COMP_WORDS[@]}" -eq 2 ]
then then
if [[ ${cur} == -* ]] ; then if [[ ${cur} == -* ]] ; then

View file

@ -2,6 +2,7 @@
# PiVPN: client status script # PiVPN: client status script
CLIENTS_FILE="/etc/wireguard/configs/clients.txt" CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
CONF_FILE="/etc/wireguard/wg0.conf"
if [ ! -s "$CLIENTS_FILE" ]; then if [ ! -s "$CLIENTS_FILE" ]; then
echo "::: There are no clients to list" echo "::: There are no clients to list"
@ -36,33 +37,37 @@ listClients(){
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n" printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
while IFS= read -r LINE; do while IFS= read -r LINE; do
if [ -n "${LINE}" ]; then
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")" PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")" REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")" VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")" BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")" BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")" LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')" CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
if [ "$HR" = 1 ]; then
if [ "$HR" = 1 ]; then if [ "$LAST_SEEN" -ne 0 ]; then
if [ "$LAST_SEEN" -ne 0 ]; then printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" else
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
fi
else else
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)" if [ "$LAST_SEEN" -ne 0 ]; then
fi printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
else else
if [ "$LAST_SEEN" -ne 0 ]; then printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" fi
else
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
fi fi
fi fi
done <<< "$DUMP" done <<< "$DUMP"
printf "\n" printf "\n"
} | column -t -s $'\t' } | column -t -s $'\t'
cd /etc/wireguard || return
echo "::: Disabled clients :::"
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
} }
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then

120
scripts/wireguard/disableCONF.sh Executable file
View file

@ -0,0 +1,120 @@
#!/bin/bash
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
fi
source "${setupVars}"
helpFunc(){
echo "::: Disable client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Disable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
done
cd /etc/wireguard
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
LIST=($(awk '{print $1}' configs/clients.txt))
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le ${len} ]; do
printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Disable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully disabled ${CLIENT_NAME}"
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi

116
scripts/wireguard/enableCONF.sh Executable file
View file

@ -0,0 +1,116 @@
#!/bin/bash
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
fi
source "${setupVars}"
helpFunc(){
echo "::: Enables client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Enable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
done
cd /etc/wireguard
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
LIST=($(awk '{print $1}' configs/clients.txt))
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le ${len} ]; do
printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Enable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully enabled ${CLIENT_NAME}"
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi

View file

@ -25,4 +25,9 @@ while read -r LINE; do
echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT" echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT"
done < clients.txt done < clients.txt
} | column -t -s $'\t' } | column -t -s $'\t'
cd /etc/wireguard || return
echo "::: Disabled clients :::"
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'

View file

@ -110,7 +110,7 @@ echo "[Peer]
PublicKey = $(cat keys/server_pub) PublicKey = $(cat keys/server_pub)
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk") PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
Endpoint = ${pivpnHOST}:${pivpnPORT} Endpoint = ${pivpnHOST}:${pivpnPORT}
AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf" AllowedIPs = ${ALLOWED_IPS}" >> "configs/${CLIENT_NAME}.conf"
echo "::: Client config generated" echo "::: Client config generated"
echo "### begin ${CLIENT_NAME} ### echo "### begin ${CLIENT_NAME} ###

View file

@ -52,6 +52,18 @@ removeClient(){
exit 0 exit 0
} }
disableClient(){
shift
$SUDO ${scriptdir}/${vpn}/disableCONF.sh "$@"
exit 0
}
enableClient(){
shift
$SUDO ${scriptdir}/${vpn}/enableCONF.sh "$@"
exit 0
}
uninstallServer(){ uninstallServer(){
$SUDO ${scriptdir}/uninstall.sh "${vpn}" $SUDO ${scriptdir}/uninstall.sh "${vpn}"
exit 0 exit 0
@ -74,16 +86,18 @@ showHelp(){
echo "::: Usage: pivpn <command> [option]" echo "::: Usage: pivpn <command> [option]"
echo ":::" echo ":::"
echo "::: Commands:" echo "::: Commands:"
echo "::: -a, add Create a client conf profile" echo "::: -a, add Create a client conf profile"
echo "::: -c, clients List any connected clients to the server" echo "::: -c, clients List any connected clients to the server"
echo "::: -d, debug Start a debugging session if having trouble" echo "::: -d, debug Start a debugging session if having trouble"
echo "::: -l, list List all clients" echo "::: -l, list List all clients"
echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app" echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app"
echo "::: -r, remove Remove a client" echo "::: -r, remove Remove a client"
echo "::: -h, help Show this help dialog" echo "::: -off, off Disable a user"
echo "::: -u, uninstall Uninstall pivpn from your system!" echo "::: -on, on Enable a user"
echo "::: -up, update Updates PiVPN Scripts" echo "::: -h, help Show this help dialog"
echo "::: -bk, backup Backup VPN configs and user profiles" echo "::: -u, uninstall Uninstall pivpn from your system!"
echo "::: -up, update Updates PiVPN Scripts"
echo "::: -bk, backup Backup VPN configs and user profiles"
exit 0 exit 0
} }
@ -93,15 +107,17 @@ fi
# Handle redirecting to specific functions based on arguments # Handle redirecting to specific functions based on arguments
case "$1" in case "$1" in
"-a" | "add" ) makeConf "$@";; "-a" | "add" ) makeConf "$@";;
"-c" | "clients" ) listConnected "$@";; "-c" | "clients" ) listConnected "$@";;
"-d" | "debug" ) debug;; "-d" | "debug" ) debug;;
"-l" | "list" ) listClients;; "-l" | "list" ) listClients;;
"-qr" | "qrcode" ) showQrcode "$@";; "-qr" | "qrcode" ) showQrcode "$@";;
"-r" | "remove" ) removeClient "$@";; "-r" | "remove" ) removeClient "$@";;
"-h" | "help" ) showHelp;; "-off" | "off" ) disableClient "$@";;
"-u" | "uninstall" ) uninstallServer;; "-on" | "on" ) enableClient "$@";;
"-up" | "update" ) updateScripts "$@" ;; "-h" | "help" ) showHelp;;
"-bk" | "backup" ) backup ;; "-u" | "uninstall" ) uninstallServer;;
* ) showHelp;; "-up" | "update" ) updateScripts "$@" ;;
"-bk" | "backup" ) backup ;;
* ) showHelp;;
esac esac

View file

@ -80,7 +80,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
if [ -n "$CONFIRM" ]; then if [ -n "$CONFIRM" ]; then
REPLY="y" REPLY="y"
else else
read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] " read -r -p "Do you really want to delete $CLIENT_NAME? [y/N] "
fi fi
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
@ -129,6 +129,9 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
fi fi
fi fi
else
echo "Aborting operation"
exit 1
fi fi
fi fi