From 46c463d1d5a3bd206e04bfcf25a5cbb9b5453c71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=ACr0?= <32790661+Hir0-84@users.noreply.github.com> Date: Mon, 1 Jun 2020 00:39:18 +0200 Subject: [PATCH 1/2] Fix issue pivpn#281 --- scripts/openvpn/makeOVPN.sh | 105 +++++++++++++++++++----------------- scripts/openvpn/pivpn.sh | 2 + 2 files changed, 59 insertions(+), 48 deletions(-) diff --git a/scripts/openvpn/makeOVPN.sh b/scripts/openvpn/makeOVPN.sh index e9ac7fb..3c61a4e 100755 --- a/scripts/openvpn/makeOVPN.sh +++ b/scripts/openvpn/makeOVPN.sh @@ -20,7 +20,7 @@ source "${setupVars}" helpFunc() { echo "::: Create a client ovpn profile, optional nopass" echo ":::" - echo "::: Usage: pivpn <-a|add> [-n|--name ] [-p|--password ]|[nopass] [-d|--days ] [-b|--bitwarden] [-i|--iOS] [-h|--help]" + echo "::: Usage: pivpn <-a|add> [-n|--name ] [-p|--password ]|[nopass] [-d|--days ] [-b|--bitwarden] [-i|--iOS] [-c|--config-file] [-h|--help]" echo ":::" echo "::: Commands:" echo "::: [none] Interactive mode" @@ -30,6 +30,7 @@ helpFunc() { echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)" echo "::: -b,--bitwarden Create and save a client through Bitwarden" echo "::: -i,--iOS Generate a certificate that leverages iOS keychain" + echo "::: -c,--config-file Generate .ovpn configuration file for an existing client" echo "::: -h,--help Show this help dialog" } @@ -97,6 +98,10 @@ do echo "Bitwarden not found, please install bitwarden" exit 1 fi + + ;; + -c|--config-file) + GENOVPNONLY=1 ;; *) echo "Error: Got an unexpected argument '$1'" @@ -248,54 +253,58 @@ if [[ -z "${NAME}" ]]; then exit 1 fi -# Check if name is already in use -while read -r line || [ -n "${line}" ]; do - STATUS=$(echo "$line" | awk '{print $1}') - - if [ "${STATUS}" == "V" ]; then - CERT=$(echo "$line" | sed -e 's:.*/CN=::') - if [ "${CERT}" == "${NAME}" ]; then - INUSE="1" - break - fi - fi -done <${INDEX} - -if [ "${INUSE}" == "1" ]; then - printf "\n!! This name is already in use by a Valid Certificate." - printf "\nPlease choose another name or revoke this certificate first.\n" - exit 1 -fi - -# Check if name is reserved -if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ]; then - echo "Sorry, this is in use by the server and cannot be used by clients." - exit 1 -fi - -#As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example -if [ -z "${DAYS}" ]; then - read -r -e -p "How many days should the certificate last? " -i 1080 DAYS -fi - -if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then - #The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer - echo "Please input a valid number of days, between 1 and 3650 inclusive." - exit 1 - -fi - -cd /etc/openvpn/easy-rsa || exit - -if [[ "${NO_PASS}" =~ "1" ]]; then - if [[ -n "${PASSWD}" ]]; then - echo "Both nopass and password arguments passed to the script. Please use either one." - exit 1 - else - keynoPASS - fi +if [ "${GENOVPNONLY}" == "1" ]; then + # Generate .ovpn configuration file + cd /etc/openvpn/easy-rsa/pki || exit else - keyPASS + # Check if name is already in use + while read -r line || [ -n "${line}" ]; do + STATUS=$(echo "$line" | awk '{print $1}') + + if [ "${STATUS}" == "V" ]; then + CERT=$(echo "$line" | sed -e 's:.*/CN=::') + if [ "${CERT}" == "${NAME}" ]; then + INUSE="1" + break + fi + fi + done <${INDEX} + + if [ "${INUSE}" == "1" ]; then + printf "\n!! This name is already in use by a Valid Certificate." + printf "\nPlease choose another name or revoke this certificate first.\n" + exit 1 + fi + + # Check if name is reserved + if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ]; then + echo "Sorry, this is in use by the server and cannot be used by clients." + exit 1 + fi + + #As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example + if [ -z "${DAYS}" ]; then + read -r -e -p "How many days should the certificate last? " -i 1080 DAYS + fi + + if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then + #The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer + echo "Please input a valid number of days, between 1 and 3650 inclusive." + exit 1 + fi + + cd /etc/openvpn/easy-rsa || exit + + if [[ "${NO_PASS}" =~ "1" ]]; then + if [[ -n "${PASSWD}" ]]; then + echo "Both nopass and password arguments passed to the script. Please use either one." + exit 1 + else + keynoPASS + fi + else + keyPASS + fi fi #1st Verify that clients Public Key Exists diff --git a/scripts/openvpn/pivpn.sh b/scripts/openvpn/pivpn.sh index 0b7feb7..81d75b9 100755 --- a/scripts/openvpn/pivpn.sh +++ b/scripts/openvpn/pivpn.sh @@ -73,6 +73,7 @@ function helpFunc { echo "::: -c, clients List any connected clients to the server" echo "::: -d, debug Start a debugging session if having trouble" echo "::: -l, list List all valid and revoked certificates" + echo "::: -o, ovpn Generate a .ovpn config file for an existing client" echo "::: -r, revoke Revoke a client ovpn profile" echo "::: -h, help Show this help dialog" echo "::: -u, uninstall Uninstall PiVPN from your system!" @@ -91,6 +92,7 @@ case "$1" in "-c" | "clients" ) listClientsFunc "$@";; "-d" | "debug" ) debugFunc;; "-l" | "list" ) listOVPNFunc;; +"-o" | "ovpn" ) makeOVPNFunc "$@" -c;; "-r" | "revoke" ) removeOVPNFunc "$@";; "-h" | "help" ) helpFunc;; "-u" | "uninstall" ) uninstallFunc;; From e7df6752cd50a7b810c7f9de27f837394b65846d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=ACr0?= <32790661+Hir0-84@users.noreply.github.com> Date: Sun, 7 Jun 2020 16:09:55 +0200 Subject: [PATCH 2/2] #281 CHANGED Minor changes after cross-check --- scripts/openvpn/makeOVPN.sh | 6 +++--- scripts/openvpn/pivpn.sh | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/scripts/openvpn/makeOVPN.sh b/scripts/openvpn/makeOVPN.sh index 3c61a4e..5300a2b 100755 --- a/scripts/openvpn/makeOVPN.sh +++ b/scripts/openvpn/makeOVPN.sh @@ -20,7 +20,7 @@ source "${setupVars}" helpFunc() { echo "::: Create a client ovpn profile, optional nopass" echo ":::" - echo "::: Usage: pivpn <-a|add> [-n|--name ] [-p|--password ]|[nopass] [-d|--days ] [-b|--bitwarden] [-i|--iOS] [-c|--config-file] [-h|--help]" + echo "::: Usage: pivpn <-a|add> [-n|--name ] [-p|--password ]|[nopass] [-d|--days ] [-b|--bitwarden] [-i|--iOS] [-o|--ovpn] [-h|--help]" echo ":::" echo "::: Commands:" echo "::: [none] Interactive mode" @@ -30,7 +30,7 @@ helpFunc() { echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)" echo "::: -b,--bitwarden Create and save a client through Bitwarden" echo "::: -i,--iOS Generate a certificate that leverages iOS keychain" - echo "::: -c,--config-file Generate .ovpn configuration file for an existing client" + echo "::: -o,--ovpn Regenerate a .ovpn config file for an existing client" echo "::: -h,--help Show this help dialog" } @@ -100,7 +100,7 @@ do fi ;; - -c|--config-file) + -o|--ovpn) GENOVPNONLY=1 ;; *) diff --git a/scripts/openvpn/pivpn.sh b/scripts/openvpn/pivpn.sh index 81d75b9..0b7feb7 100755 --- a/scripts/openvpn/pivpn.sh +++ b/scripts/openvpn/pivpn.sh @@ -73,7 +73,6 @@ function helpFunc { echo "::: -c, clients List any connected clients to the server" echo "::: -d, debug Start a debugging session if having trouble" echo "::: -l, list List all valid and revoked certificates" - echo "::: -o, ovpn Generate a .ovpn config file for an existing client" echo "::: -r, revoke Revoke a client ovpn profile" echo "::: -h, help Show this help dialog" echo "::: -u, uninstall Uninstall PiVPN from your system!" @@ -92,7 +91,6 @@ case "$1" in "-c" | "clients" ) listClientsFunc "$@";; "-d" | "debug" ) debugFunc;; "-l" | "list" ) listOVPNFunc;; -"-o" | "ovpn" ) makeOVPNFunc "$@" -c;; "-r" | "revoke" ) removeOVPNFunc "$@";; "-h" | "help" ) helpFunc;; "-u" | "uninstall" ) uninstallFunc;;