mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-24 05:40:16 +00:00
Merge Test Branch into master
Merged test branch into master, More details LatestUpdate.md
This commit is contained in:
commit
b5ec995f68
11 changed files with 368 additions and 99 deletions
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
|
@ -13,7 +13,7 @@ assignees: ''
|
||||||
|
|
||||||
- [] I have read and understood the [contributors guide](https://github.com/pivpn/pivpn/blob/master/CONTRIBUTING.md).
|
- [] I have read and understood the [contributors guide](https://github.com/pivpn/pivpn/blob/master/CONTRIBUTING.md).
|
||||||
- [] The issue I am reporting can be *replicated*.
|
- [] The issue I am reporting can be *replicated*.
|
||||||
- [] The issue I am reporting can be *is* directly related to the pivpn installer script.
|
- [] The issue I am reporting *is* directly related to the pivpn installer script.
|
||||||
- [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pivpn/pivpn/wiki/FAQ), [closed issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aclosed), and [open issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen)).
|
- [] The issue I am reporting isn't a duplicate (see [FAQs](https://github.com/pivpn/pivpn/wiki/FAQ), [closed issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aclosed), and [open issues](https://github.com/pivpn/pivpn/issues?q=is%3Aissue+sort%3Aupdated-desc+is%3Aopen)).
|
||||||
|
|
||||||
**Describe the bug**
|
**Describe the bug**
|
||||||
|
|
|
@ -4,6 +4,17 @@ This file has the objective of describing the major changes for each merge from
|
||||||
|
|
||||||
Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.
|
Everytime Test branch is merged into master, a new entry should be created with the date and changes being merged.
|
||||||
|
|
||||||
|
## Jan 17th 2021
|
||||||
|
|
||||||
|
- Issues Fixed:
|
||||||
|
- #1180 Incorrect system detection
|
||||||
|
- #1212 Confusing prompt when removing wireguard config
|
||||||
|
- #1204 Package cache update not workig
|
||||||
|
- New Features
|
||||||
|
- #1111 Possibility to turn on/off single wireguard client configs
|
||||||
|
- #1177 Possibility to change AllowedIPs
|
||||||
|
- English corrections
|
||||||
|
|
||||||
## Nov 4th 2020
|
## Nov 4th 2020
|
||||||
|
|
||||||
- Official support for Ubuntu Server 20.04 on Raspberry Pi (32-bit and 64-bit).
|
- Official support for Ubuntu Server 20.04 on Raspberry Pi (32-bit and 64-bit).
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
# curl -L https://install.pivpn.io | bash
|
# curl -L https://install.pivpn.io | bash
|
||||||
# Make sure you have `curl` installed
|
# Make sure you have `curl` installed
|
||||||
|
|
||||||
# timestamp 2020/5/24 15:53BST
|
|
||||||
|
|
||||||
######## VARIABLES #########
|
######## VARIABLES #########
|
||||||
pivpnGitUrl="https://github.com/pivpn/pivpn.git"
|
pivpnGitUrl="https://github.com/pivpn/pivpn.git"
|
||||||
|
@ -32,7 +31,7 @@ debianOvpnUserGroup="openvpn:openvpn"
|
||||||
PKG_MANAGER="apt-get"
|
PKG_MANAGER="apt-get"
|
||||||
PKG_CACHE="/var/lib/apt/lists/"
|
PKG_CACHE="/var/lib/apt/lists/"
|
||||||
### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
|
### FIXME: quoting UPDATE_PKG_CACHE and PKG_INSTALL hangs the script, shellcheck SC2086
|
||||||
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
|
UPDATE_PKG_CACHE="${PKG_MANAGER} update -y"
|
||||||
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
|
PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
|
||||||
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
|
PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
|
||||||
|
|
||||||
|
@ -215,7 +214,7 @@ main(){
|
||||||
# Save installation setting to the final location
|
# Save installation setting to the final location
|
||||||
echo "INSTALLED_PACKAGES=(${INSTALLED_PACKAGES[*]})" >> ${tempsetupVarsFile}
|
echo "INSTALLED_PACKAGES=(${INSTALLED_PACKAGES[*]})" >> ${tempsetupVarsFile}
|
||||||
echo "::: Setupfiles copied to ${setupConfigDir}/${VPN}/${setupVarsFile}"
|
echo "::: Setupfiles copied to ${setupConfigDir}/${VPN}/${setupVarsFile}"
|
||||||
$SUDO mkdir "${setupConfigDir}/${VPN}/"
|
$SUDO mkdir -p "${setupConfigDir}/${VPN}/"
|
||||||
$SUDO cp ${tempsetupVarsFile} "${setupConfigDir}/${VPN}/${setupVarsFile}"
|
$SUDO cp ${tempsetupVarsFile} "${setupConfigDir}/${VPN}/${setupVarsFile}"
|
||||||
|
|
||||||
installScripts
|
installScripts
|
||||||
|
@ -400,24 +399,12 @@ verifyFreeDiskSpace(){
|
||||||
}
|
}
|
||||||
|
|
||||||
updatePackageCache(){
|
updatePackageCache(){
|
||||||
#Running apt-get update/upgrade with minimal output can cause some issues with
|
|
||||||
#requiring user input
|
|
||||||
|
|
||||||
#Check to see if apt-get update has already been run today
|
|
||||||
#it needs to have been run at least once on new installs!
|
|
||||||
timestamp=$(stat -c %Y ${PKG_CACHE})
|
|
||||||
timestampAsDate=$(date -d @"${timestamp}" "+%b %e")
|
|
||||||
today=$(date "+%b %e")
|
|
||||||
|
|
||||||
|
|
||||||
if [ ! "${today}" == "${timestampAsDate}" ]; then
|
|
||||||
#update package lists
|
#update package lists
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo -ne "::: ${PKG_MANAGER} update has not been run today. Running now...\\n"
|
echo -ne "::: Package Cache update is needed, running ${UPDATE_PKG_CACHE} ...\\n"
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
|
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
|
||||||
echo " done!"
|
echo " done!"
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
notifyPackageUpdatesAvailable(){
|
notifyPackageUpdatesAvailable(){
|
||||||
|
@ -475,31 +462,33 @@ preconfigurePackages(){
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
|
AVAILABLE_WIREGUARD="$(apt-cache policy wireguard | grep -m1 'Candidate: ' | grep -v '(none)' | awk '{print $2}')"
|
||||||
WIREGUARD_BUILTIN=0
|
|
||||||
NEED_WIREGUARD_REPO=0
|
|
||||||
|
|
||||||
if [ -n "$AVAILABLE_WIREGUARD" ]; then
|
# If a wireguard kernel object is found and is part of any installed package, then
|
||||||
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Ubuntu" ]; then
|
# it has not been build via DKMS or manually (installing via wireguard-dkms does not
|
||||||
# If a wireguard kernel object is found and is part of any installed package, then
|
# make the module part of the package since the module itself is built at install time
|
||||||
# it has not been build via DKMS or manually (installing via wireguard-dkms does not
|
# and not part of the .deb).
|
||||||
# make the module part of the package since the module itself is built at install time
|
# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
|
||||||
# and not part of the .deb).
|
WIREGUARD_BUILTIN=0
|
||||||
# Source: https://github.com/MichaIng/DietPi/blob/7bf5e1041f3b2972d7827c48215069d1c90eee07/dietpi/dietpi-software#L1807-L1815
|
for i in /lib/modules/**/wireguard.ko; do
|
||||||
for i in /lib/modules/**/wireguard.ko; do
|
[[ -f $i ]] || continue
|
||||||
[[ -f $i ]] || continue
|
dpkg-query -S "$i" &> /dev/null || continue
|
||||||
dpkg-query -S "$i" &> /dev/null || continue
|
WIREGUARD_BUILTIN=1
|
||||||
WIREGUARD_BUILTIN=1
|
break
|
||||||
break
|
done
|
||||||
done
|
|
||||||
fi
|
if
|
||||||
|
# If the module is builtin and the package available, we only need to install wireguard-tools.
|
||||||
|
[[ $WIREGUARD_BUILTIN == 1 && -n $AVAILABLE_WIREGUARD ]] ||
|
||||||
|
# If the package is not available, on Debian and Raspbian we can add it via Bullseye repository.
|
||||||
|
[[ $WIREGUARD_BUILTIN == 1 && ( $PLAT == 'Debian' || $PLAT == 'Raspbian' ) ]] ||
|
||||||
|
# If the module is not builtin, on Raspbian we know the headers package: raspberrypi-kernel-headers
|
||||||
|
[[ $PLAT == 'Raspbian' ]] ||
|
||||||
|
# On Debian (and Ubuntu), we can only reliably assume the headers package for amd64: linux-image-amd64
|
||||||
|
[[ $PLAT == 'Debian' && $DPKG_ARCH == 'amd64' ]] ||
|
||||||
|
# On Ubuntu, additionally the WireGuard package needs to be available, since we didn't test mixing Ubuntu repositories.
|
||||||
|
[[ $PLAT == 'Ubuntu' && $DPKG_ARCH == 'amd64' && -n $AVAILABLE_WIREGUARD ]]
|
||||||
|
then
|
||||||
WIREGUARD_SUPPORT=1
|
WIREGUARD_SUPPORT=1
|
||||||
else
|
|
||||||
if [ "$PLAT" = "Debian" ] || [ "$PLAT" = "Raspbian" ]; then
|
|
||||||
NEED_WIREGUARD_REPO=1
|
|
||||||
WIREGUARD_SUPPORT=1
|
|
||||||
else
|
|
||||||
WIREGUARD_SUPPORT=0
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
|
if [ "$OPENVPN_SUPPORT" -eq 0 ] && [ "$WIREGUARD_SUPPORT" -eq 0 ]; then
|
||||||
|
@ -546,7 +535,7 @@ installDependentPackages(){
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
local APTLOGFILE="$(mktemp)"
|
local APTLOGFILE="$($SUDO mktemp)"
|
||||||
|
|
||||||
if command -v debconf-apt-progress > /dev/null; then
|
if command -v debconf-apt-progress > /dev/null; then
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
|
@ -570,7 +559,7 @@ installDependentPackages(){
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "$FAILED" -gt 0 ]; then
|
if [ "$FAILED" -gt 0 ]; then
|
||||||
cat "${APTLOGFILE}"
|
$SUDO cat "${APTLOGFILE}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -991,7 +980,7 @@ chooseUser(){
|
||||||
isRepo(){
|
isRepo(){
|
||||||
# If the directory does not have a .git folder it is not a repo
|
# If the directory does not have a .git folder it is not a repo
|
||||||
echo -n "::: Checking $1 is a repo..."
|
echo -n "::: Checking $1 is a repo..."
|
||||||
cd "${1}" &> /dev/null || return 1
|
cd "${1}" &> /dev/null || { echo " not found!"; return 1; }
|
||||||
$SUDO git status &> /dev/null && echo " OK!"; return 0 || echo " not found!"; return 1
|
$SUDO git status &> /dev/null && echo " OK!"; return 0 || echo " not found!"; return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1094,6 +1083,9 @@ installPiVPN(){
|
||||||
pivpnDEV="wg0"
|
pivpnDEV="wg0"
|
||||||
pivpnNET="10.6.0.0"
|
pivpnNET="10.6.0.0"
|
||||||
vpnGw="${pivpnNET/.0.0/.0.1}"
|
vpnGw="${pivpnNET/.0.0/.0.1}"
|
||||||
|
# Forward all traffic through PiVPN (i.e. full-tunnel), may be modified by
|
||||||
|
# the user after the installation.
|
||||||
|
ALLOWED_IPS="0.0.0.0/0, ::0/0"
|
||||||
CUSTOMIZE=0
|
CUSTOMIZE=0
|
||||||
|
|
||||||
installWireGuard
|
installWireGuard
|
||||||
|
@ -1110,6 +1102,7 @@ installPiVPN(){
|
||||||
echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile}
|
echo "pivpnDEV=${pivpnDEV}" >> ${tempsetupVarsFile}
|
||||||
echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile}
|
echo "pivpnNET=${pivpnNET}" >> ${tempsetupVarsFile}
|
||||||
echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile}
|
echo "subnetClass=${subnetClass}" >> ${tempsetupVarsFile}
|
||||||
|
echo "ALLOWED_IPS=\"${ALLOWED_IPS}\"" >> ${tempsetupVarsFile}
|
||||||
}
|
}
|
||||||
|
|
||||||
askWhichVPN(){
|
askWhichVPN(){
|
||||||
|
@ -1201,7 +1194,7 @@ installOpenVPN(){
|
||||||
|
|
||||||
echo "::: Updating package cache..."
|
echo "::: Updating package cache..."
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
|
updatePackageCache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# grepcidr is used to redact IPs in the debug log whereas expect is used
|
# grepcidr is used to redact IPs in the debug log whereas expect is used
|
||||||
|
@ -1260,7 +1253,7 @@ installWireGuard(){
|
||||||
|
|
||||||
echo "::: Installing WireGuard from Debian package... "
|
echo "::: Installing WireGuard from Debian package... "
|
||||||
|
|
||||||
if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
|
if [ -z "$AVAILABLE_WIREGUARD" ]; then
|
||||||
echo "::: Adding Raspbian repository... "
|
echo "::: Adding Raspbian repository... "
|
||||||
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
|
echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
|
||||||
|
|
||||||
|
@ -1269,7 +1262,7 @@ installWireGuard(){
|
||||||
|
|
||||||
echo "::: Updating package cache..."
|
echo "::: Updating package cache..."
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
|
updatePackageCache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# qrencode is used to generate qrcodes from config file, for use with mobile clients
|
# qrencode is used to generate qrcodes from config file, for use with mobile clients
|
||||||
|
@ -1280,7 +1273,7 @@ installWireGuard(){
|
||||||
|
|
||||||
echo "::: Installing WireGuard from Debian package... "
|
echo "::: Installing WireGuard from Debian package... "
|
||||||
|
|
||||||
if [ "$NEED_WIREGUARD_REPO" -eq 1 ]; then
|
if [ -z "$AVAILABLE_WIREGUARD" ]; then
|
||||||
echo "::: Adding Debian repository... "
|
echo "::: Adding Debian repository... "
|
||||||
echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
|
echo "deb https://deb.debian.org/debian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/pivpn-bullseye-repo.list > /dev/null
|
||||||
|
|
||||||
|
@ -1288,7 +1281,7 @@ installWireGuard(){
|
||||||
|
|
||||||
echo "::: Updating package cache..."
|
echo "::: Updating package cache..."
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
$SUDO ${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
|
updatePackageCache
|
||||||
fi
|
fi
|
||||||
|
|
||||||
PIVPN_DEPS=(wireguard-tools qrencode)
|
PIVPN_DEPS=(wireguard-tools qrencode)
|
||||||
|
@ -2003,7 +1996,7 @@ confOVPN(){
|
||||||
|
|
||||||
confWireGuard(){
|
confWireGuard(){
|
||||||
# Reload job type is not yet available in wireguard-tools shipped with Ubuntu 20.04
|
# Reload job type is not yet available in wireguard-tools shipped with Ubuntu 20.04
|
||||||
if ! grep -q 'ExecReload' /usr/lib/systemd/system/wg-quick@.service; then
|
if ! grep -q 'ExecReload' /lib/systemd/system/wg-quick@.service; then
|
||||||
echo "::: Adding additional reload job type for wg-quick unit"
|
echo "::: Adding additional reload job type for wg-quick unit"
|
||||||
$SUDO install -D -m 644 "${pivpnFilesDir}"/files/etc/systemd/system/wg-quick@.service.d/override.conf /etc/systemd/system/wg-quick@.service.d/override.conf
|
$SUDO install -D -m 644 "${pivpnFilesDir}"/files/etc/systemd/system/wg-quick@.service.d/override.conf /etc/systemd/system/wg-quick@.service.d/override.conf
|
||||||
$SUDO systemctl daemon-reload
|
$SUDO systemctl daemon-reload
|
||||||
|
@ -2284,13 +2277,13 @@ installScripts(){
|
||||||
# Unlink the protocol specific pivpn script and symlink the common
|
# Unlink the protocol specific pivpn script and symlink the common
|
||||||
# script to the location instead
|
# script to the location instead
|
||||||
$SUDO unlink /usr/local/bin/pivpn
|
$SUDO unlink /usr/local/bin/pivpn
|
||||||
$SUDO ln -s -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn
|
$SUDO ln -sf -T "${pivpnFilesDir}/scripts/pivpn" /usr/local/bin/pivpn
|
||||||
else
|
else
|
||||||
# Only one protocol is installed, symlink bash completion, the pivpn script
|
# Only one protocol is installed, symlink bash completion, the pivpn script
|
||||||
# and the script directory
|
# and the script directory
|
||||||
$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn
|
$SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/bash-completion" /etc/bash_completion.d/pivpn
|
||||||
$SUDO ln -s -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn
|
$SUDO ln -sf -T "${pivpnFilesDir}/scripts/${VPN}/pivpn.sh" /usr/local/bin/pivpn
|
||||||
$SUDO ln -s "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}"
|
$SUDO ln -sf "${pivpnFilesDir}/scripts/" "${pivpnScriptDir}"
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
. /etc/bash_completion.d/pivpn
|
. /etc/bash_completion.d/pivpn
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -4,8 +4,8 @@ _pivpn()
|
||||||
COMPREPLY=()
|
COMPREPLY=()
|
||||||
cur="${COMP_WORDS[COMP_CWORD]}"
|
cur="${COMP_WORDS[COMP_CWORD]}"
|
||||||
prev="${COMP_WORDS[COMP_CWORD-1]}"
|
prev="${COMP_WORDS[COMP_CWORD-1]}"
|
||||||
dashopts="-a -c -d -l -qr -r -h -u -up -bk"
|
dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
|
||||||
opts="add clients debug list qrcode remove help uninstall update backup"
|
opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
|
||||||
if [ "${#COMP_WORDS[@]}" -eq 2 ]
|
if [ "${#COMP_WORDS[@]}" -eq 2 ]
|
||||||
then
|
then
|
||||||
if [[ ${cur} == -* ]] ; then
|
if [[ ${cur} == -* ]] ; then
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
# PiVPN: client status script
|
# PiVPN: client status script
|
||||||
|
|
||||||
CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
|
CLIENTS_FILE="/etc/wireguard/configs/clients.txt"
|
||||||
|
CONF_FILE="/etc/wireguard/wg0.conf"
|
||||||
|
|
||||||
if [ ! -s "$CLIENTS_FILE" ]; then
|
if [ ! -s "$CLIENTS_FILE" ]; then
|
||||||
echo "::: There are no clients to list"
|
echo "::: There are no clients to list"
|
||||||
|
@ -36,33 +37,37 @@ listClients(){
|
||||||
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
|
printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n"
|
||||||
|
|
||||||
while IFS= read -r LINE; do
|
while IFS= read -r LINE; do
|
||||||
|
if [ -n "${LINE}" ]; then
|
||||||
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
|
PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")"
|
||||||
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
|
REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")"
|
||||||
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
|
VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")"
|
||||||
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
|
BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")"
|
||||||
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
|
BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")"
|
||||||
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
|
LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")"
|
||||||
CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
|
CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')"
|
||||||
|
if [ "$HR" = 1 ]; then
|
||||||
if [ "$HR" = 1 ]; then
|
if [ "$LAST_SEEN" -ne 0 ]; then
|
||||||
if [ "$LAST_SEEN" -ne 0 ]; then
|
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
|
||||||
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
|
else
|
||||||
|
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)"
|
if [ "$LAST_SEEN" -ne 0 ]; then
|
||||||
fi
|
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
|
||||||
else
|
else
|
||||||
if [ "$LAST_SEEN" -ne 0 ]; then
|
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
|
||||||
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')"
|
fi
|
||||||
else
|
|
||||||
printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done <<< "$DUMP"
|
done <<< "$DUMP"
|
||||||
|
|
||||||
printf "\n"
|
printf "\n"
|
||||||
} | column -t -s $'\t'
|
} | column -t -s $'\t'
|
||||||
|
|
||||||
|
cd /etc/wireguard || return
|
||||||
|
echo "::: Disabled clients :::"
|
||||||
|
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if [[ $# -eq 0 ]]; then
|
if [[ $# -eq 0 ]]; then
|
||||||
|
|
120
scripts/wireguard/disableCONF.sh
Executable file
120
scripts/wireguard/disableCONF.sh
Executable file
|
@ -0,0 +1,120 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
setupVars="/etc/pivpn/wireguard/setupVars.conf"
|
||||||
|
|
||||||
|
if [ ! -f "${setupVars}" ]; then
|
||||||
|
echo "::: Missing setup vars file!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
source "${setupVars}"
|
||||||
|
|
||||||
|
helpFunc(){
|
||||||
|
echo "::: Disable client conf profiles"
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Commands:"
|
||||||
|
echo "::: [none] Interactive mode"
|
||||||
|
echo "::: <client> Client"
|
||||||
|
echo "::: -y,--yes Disable client(s) without confirmation"
|
||||||
|
echo "::: -v Show disabled clients only"
|
||||||
|
echo "::: -h,--help Show this help dialog"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Parse input arguments
|
||||||
|
while test $# -gt 0
|
||||||
|
do
|
||||||
|
_key="$1"
|
||||||
|
case "$_key" in
|
||||||
|
-h|--help)
|
||||||
|
helpFunc
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-y|--yes)
|
||||||
|
CONFIRM=true
|
||||||
|
;;
|
||||||
|
-v)
|
||||||
|
DISPLAY_DISABLED=true
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
CLIENTS_TO_CHANGE+=("$1")
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
cd /etc/wireguard
|
||||||
|
if [ ! -s configs/clients.txt ]; then
|
||||||
|
echo "::: There are no clients to change"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$DISPLAY_DISABLED" ]; then
|
||||||
|
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
LIST=($(awk '{print $1}' configs/clients.txt))
|
||||||
|
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
|
||||||
|
echo -e "::\e[4m Client list \e[0m::"
|
||||||
|
len=${#LIST[@]}
|
||||||
|
COUNTER=1
|
||||||
|
while [ $COUNTER -le ${len} ]; do
|
||||||
|
printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
|
||||||
|
((COUNTER++))
|
||||||
|
done
|
||||||
|
|
||||||
|
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
|
||||||
|
|
||||||
|
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
|
||||||
|
echo "::: You can not leave this blank!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
CHANGED_COUNT=0
|
||||||
|
|
||||||
|
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
|
||||||
|
|
||||||
|
re='^[0-9]+$'
|
||||||
|
if [[ ${CLIENT_NAME} =~ $re ]] ; then
|
||||||
|
CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
|
||||||
|
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
|
||||||
|
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
|
||||||
|
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
|
||||||
|
else
|
||||||
|
if [ -n "$CONFIRM" ]; then
|
||||||
|
REPLY="y"
|
||||||
|
else
|
||||||
|
read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
|
|
||||||
|
# Disable the peer section from the server config
|
||||||
|
echo "${CLIENT_NAME}"
|
||||||
|
sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
|
||||||
|
echo "::: Updated server config"
|
||||||
|
|
||||||
|
((CHANGED_COUNT++))
|
||||||
|
echo "::: Successfully disabled ${CLIENT_NAME}"
|
||||||
|
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
# Restart WireGuard only if some clients were actually deleted
|
||||||
|
if [ "${CHANGED_COUNT}" -gt 0 ]; then
|
||||||
|
if systemctl reload wg-quick@wg0; then
|
||||||
|
echo "::: WireGuard reloaded"
|
||||||
|
else
|
||||||
|
echo "::: Failed to reload WireGuard"
|
||||||
|
fi
|
||||||
|
fi
|
116
scripts/wireguard/enableCONF.sh
Executable file
116
scripts/wireguard/enableCONF.sh
Executable file
|
@ -0,0 +1,116 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
setupVars="/etc/pivpn/wireguard/setupVars.conf"
|
||||||
|
|
||||||
|
if [ ! -f "${setupVars}" ]; then
|
||||||
|
echo "::: Missing setup vars file!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
source "${setupVars}"
|
||||||
|
|
||||||
|
helpFunc(){
|
||||||
|
echo "::: Enables client conf profiles"
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
|
||||||
|
echo ":::"
|
||||||
|
echo "::: Commands:"
|
||||||
|
echo "::: [none] Interactive mode"
|
||||||
|
echo "::: <client> Client"
|
||||||
|
echo "::: -y,--yes Enable client(s) without confirmation"
|
||||||
|
echo "::: -v Show disabled clients only"
|
||||||
|
echo "::: -h,--help Show this help dialog"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Parse input arguments
|
||||||
|
while test $# -gt 0
|
||||||
|
do
|
||||||
|
_key="$1"
|
||||||
|
case "$_key" in
|
||||||
|
-h|--help)
|
||||||
|
helpFunc
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
-y|--yes)
|
||||||
|
CONFIRM=true
|
||||||
|
;;
|
||||||
|
-v)
|
||||||
|
DISPLAY_DISABLED=true
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
CLIENTS_TO_CHANGE+=("$1")
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
cd /etc/wireguard
|
||||||
|
if [ ! -s configs/clients.txt ]; then
|
||||||
|
echo "::: There are no clients to change"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$DISPLAY_DISABLED" ]; then
|
||||||
|
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
LIST=($(awk '{print $1}' configs/clients.txt))
|
||||||
|
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
|
||||||
|
echo -e "::\e[4m Client list \e[0m::"
|
||||||
|
len=${#LIST[@]}
|
||||||
|
COUNTER=1
|
||||||
|
while [ $COUNTER -le ${len} ]; do
|
||||||
|
printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]}
|
||||||
|
((COUNTER++))
|
||||||
|
done
|
||||||
|
|
||||||
|
read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
|
||||||
|
|
||||||
|
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
|
||||||
|
echo "::: You can not leave this blank!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
CHANGED_COUNT=0
|
||||||
|
|
||||||
|
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
|
||||||
|
|
||||||
|
re='^[0-9]+$'
|
||||||
|
if [[ ${CLIENT_NAME} =~ $re ]] ; then
|
||||||
|
CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
|
||||||
|
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
|
||||||
|
else
|
||||||
|
if [ -n "$CONFIRM" ]; then
|
||||||
|
REPLY="y"
|
||||||
|
else
|
||||||
|
read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
|
|
||||||
|
# Enable the peer section from the server config
|
||||||
|
echo "${CLIENT_NAME}"
|
||||||
|
sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
|
||||||
|
echo "::: Updated server config"
|
||||||
|
|
||||||
|
((CHANGED_COUNT++))
|
||||||
|
echo "::: Successfully enabled ${CLIENT_NAME}"
|
||||||
|
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
# Restart WireGuard only if some clients were actually deleted
|
||||||
|
if [ "${CHANGED_COUNT}" -gt 0 ]; then
|
||||||
|
if systemctl reload wg-quick@wg0; then
|
||||||
|
echo "::: WireGuard reloaded"
|
||||||
|
else
|
||||||
|
echo "::: Failed to reload WireGuard"
|
||||||
|
fi
|
||||||
|
fi
|
|
@ -25,4 +25,9 @@ while read -r LINE; do
|
||||||
echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT"
|
echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT"
|
||||||
done < clients.txt
|
done < clients.txt
|
||||||
|
|
||||||
} | column -t -s $'\t'
|
} | column -t -s $'\t'
|
||||||
|
|
||||||
|
|
||||||
|
cd /etc/wireguard || return
|
||||||
|
echo "::: Disabled clients :::"
|
||||||
|
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
|
||||||
|
|
|
@ -110,7 +110,7 @@ echo "[Peer]
|
||||||
PublicKey = $(cat keys/server_pub)
|
PublicKey = $(cat keys/server_pub)
|
||||||
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
|
PresharedKey = $(cat "keys/${CLIENT_NAME}_psk")
|
||||||
Endpoint = ${pivpnHOST}:${pivpnPORT}
|
Endpoint = ${pivpnHOST}:${pivpnPORT}
|
||||||
AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
|
AllowedIPs = ${ALLOWED_IPS}" >> "configs/${CLIENT_NAME}.conf"
|
||||||
echo "::: Client config generated"
|
echo "::: Client config generated"
|
||||||
|
|
||||||
echo "### begin ${CLIENT_NAME} ###
|
echo "### begin ${CLIENT_NAME} ###
|
||||||
|
|
|
@ -52,6 +52,18 @@ removeClient(){
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
disableClient(){
|
||||||
|
shift
|
||||||
|
$SUDO ${scriptdir}/${vpn}/disableCONF.sh "$@"
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
|
enableClient(){
|
||||||
|
shift
|
||||||
|
$SUDO ${scriptdir}/${vpn}/enableCONF.sh "$@"
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
uninstallServer(){
|
uninstallServer(){
|
||||||
$SUDO ${scriptdir}/uninstall.sh "${vpn}"
|
$SUDO ${scriptdir}/uninstall.sh "${vpn}"
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -74,16 +86,18 @@ showHelp(){
|
||||||
echo "::: Usage: pivpn <command> [option]"
|
echo "::: Usage: pivpn <command> [option]"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Commands:"
|
echo "::: Commands:"
|
||||||
echo "::: -a, add Create a client conf profile"
|
echo "::: -a, add Create a client conf profile"
|
||||||
echo "::: -c, clients List any connected clients to the server"
|
echo "::: -c, clients List any connected clients to the server"
|
||||||
echo "::: -d, debug Start a debugging session if having trouble"
|
echo "::: -d, debug Start a debugging session if having trouble"
|
||||||
echo "::: -l, list List all clients"
|
echo "::: -l, list List all clients"
|
||||||
echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app"
|
echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app"
|
||||||
echo "::: -r, remove Remove a client"
|
echo "::: -r, remove Remove a client"
|
||||||
echo "::: -h, help Show this help dialog"
|
echo "::: -off, off Disable a user"
|
||||||
echo "::: -u, uninstall Uninstall pivpn from your system!"
|
echo "::: -on, on Enable a user"
|
||||||
echo "::: -up, update Updates PiVPN Scripts"
|
echo "::: -h, help Show this help dialog"
|
||||||
echo "::: -bk, backup Backup VPN configs and user profiles"
|
echo "::: -u, uninstall Uninstall pivpn from your system!"
|
||||||
|
echo "::: -up, update Updates PiVPN Scripts"
|
||||||
|
echo "::: -bk, backup Backup VPN configs and user profiles"
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,15 +107,17 @@ fi
|
||||||
|
|
||||||
# Handle redirecting to specific functions based on arguments
|
# Handle redirecting to specific functions based on arguments
|
||||||
case "$1" in
|
case "$1" in
|
||||||
"-a" | "add" ) makeConf "$@";;
|
"-a" | "add" ) makeConf "$@";;
|
||||||
"-c" | "clients" ) listConnected "$@";;
|
"-c" | "clients" ) listConnected "$@";;
|
||||||
"-d" | "debug" ) debug;;
|
"-d" | "debug" ) debug;;
|
||||||
"-l" | "list" ) listClients;;
|
"-l" | "list" ) listClients;;
|
||||||
"-qr" | "qrcode" ) showQrcode "$@";;
|
"-qr" | "qrcode" ) showQrcode "$@";;
|
||||||
"-r" | "remove" ) removeClient "$@";;
|
"-r" | "remove" ) removeClient "$@";;
|
||||||
"-h" | "help" ) showHelp;;
|
"-off" | "off" ) disableClient "$@";;
|
||||||
"-u" | "uninstall" ) uninstallServer;;
|
"-on" | "on" ) enableClient "$@";;
|
||||||
"-up" | "update" ) updateScripts "$@" ;;
|
"-h" | "help" ) showHelp;;
|
||||||
"-bk" | "backup" ) backup ;;
|
"-u" | "uninstall" ) uninstallServer;;
|
||||||
* ) showHelp;;
|
"-up" | "update" ) updateScripts "$@" ;;
|
||||||
|
"-bk" | "backup" ) backup ;;
|
||||||
|
* ) showHelp;;
|
||||||
esac
|
esac
|
||||||
|
|
|
@ -80,7 +80,7 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
||||||
if [ -n "$CONFIRM" ]; then
|
if [ -n "$CONFIRM" ]; then
|
||||||
REPLY="y"
|
REPLY="y"
|
||||||
else
|
else
|
||||||
read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] "
|
read -r -p "Do you really want to delete $CLIENT_NAME? [y/N] "
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||||
|
@ -129,6 +129,9 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Aborting operation"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue