mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-18 19:00:15 +00:00
Merge pull request #1065 from Hir0-84/enhancement/issue_no281
Fix issue pivpn#281
This commit is contained in:
commit
b829bc09f1
1 changed files with 57 additions and 48 deletions
|
@ -20,7 +20,7 @@ source "${setupVars}"
|
||||||
helpFunc() {
|
helpFunc() {
|
||||||
echo "::: Create a client ovpn profile, optional nopass"
|
echo "::: Create a client ovpn profile, optional nopass"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-d|--days <number>] [-b|--bitwarden] [-i|--iOS] [-h|--help]"
|
echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password <arg>]|[nopass] [-d|--days <number>] [-b|--bitwarden] [-i|--iOS] [-o|--ovpn] [-h|--help]"
|
||||||
echo ":::"
|
echo ":::"
|
||||||
echo "::: Commands:"
|
echo "::: Commands:"
|
||||||
echo "::: [none] Interactive mode"
|
echo "::: [none] Interactive mode"
|
||||||
|
@ -30,6 +30,7 @@ helpFunc() {
|
||||||
echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)"
|
echo "::: -d,--days Expire the certificate after specified number of days (default: 1080)"
|
||||||
echo "::: -b,--bitwarden Create and save a client through Bitwarden"
|
echo "::: -b,--bitwarden Create and save a client through Bitwarden"
|
||||||
echo "::: -i,--iOS Generate a certificate that leverages iOS keychain"
|
echo "::: -i,--iOS Generate a certificate that leverages iOS keychain"
|
||||||
|
echo "::: -o,--ovpn Regenerate a .ovpn config file for an existing client"
|
||||||
echo "::: -h,--help Show this help dialog"
|
echo "::: -h,--help Show this help dialog"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -97,6 +98,10 @@ do
|
||||||
echo "Bitwarden not found, please install bitwarden"
|
echo "Bitwarden not found, please install bitwarden"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
;;
|
||||||
|
-o|--ovpn)
|
||||||
|
GENOVPNONLY=1
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Error: Got an unexpected argument '$1'"
|
echo "Error: Got an unexpected argument '$1'"
|
||||||
|
@ -248,54 +253,58 @@ if [[ -z "${NAME}" ]]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if name is already in use
|
if [ "${GENOVPNONLY}" == "1" ]; then
|
||||||
while read -r line || [ -n "${line}" ]; do
|
# Generate .ovpn configuration file
|
||||||
STATUS=$(echo "$line" | awk '{print $1}')
|
cd /etc/openvpn/easy-rsa/pki || exit
|
||||||
|
|
||||||
if [ "${STATUS}" == "V" ]; then
|
|
||||||
CERT=$(echo "$line" | sed -e 's:.*/CN=::')
|
|
||||||
if [ "${CERT}" == "${NAME}" ]; then
|
|
||||||
INUSE="1"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done <${INDEX}
|
|
||||||
|
|
||||||
if [ "${INUSE}" == "1" ]; then
|
|
||||||
printf "\n!! This name is already in use by a Valid Certificate."
|
|
||||||
printf "\nPlease choose another name or revoke this certificate first.\n"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if name is reserved
|
|
||||||
if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ]; then
|
|
||||||
echo "Sorry, this is in use by the server and cannot be used by clients."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example
|
|
||||||
if [ -z "${DAYS}" ]; then
|
|
||||||
read -r -e -p "How many days should the certificate last? " -i 1080 DAYS
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then
|
|
||||||
#The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer
|
|
||||||
echo "Please input a valid number of days, between 1 and 3650 inclusive."
|
|
||||||
exit 1
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
cd /etc/openvpn/easy-rsa || exit
|
|
||||||
|
|
||||||
if [[ "${NO_PASS}" =~ "1" ]]; then
|
|
||||||
if [[ -n "${PASSWD}" ]]; then
|
|
||||||
echo "Both nopass and password arguments passed to the script. Please use either one."
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
keynoPASS
|
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
keyPASS
|
# Check if name is already in use
|
||||||
|
while read -r line || [ -n "${line}" ]; do
|
||||||
|
STATUS=$(echo "$line" | awk '{print $1}')
|
||||||
|
|
||||||
|
if [ "${STATUS}" == "V" ]; then
|
||||||
|
CERT=$(echo "$line" | sed -e 's:.*/CN=::')
|
||||||
|
if [ "${CERT}" == "${NAME}" ]; then
|
||||||
|
INUSE="1"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done <${INDEX}
|
||||||
|
|
||||||
|
if [ "${INUSE}" == "1" ]; then
|
||||||
|
printf "\n!! This name is already in use by a Valid Certificate."
|
||||||
|
printf "\nPlease choose another name or revoke this certificate first.\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if name is reserved
|
||||||
|
if [ "${NAME}" == "ta" ] || [ "${NAME}" == "server" ] || [ "${NAME}" == "ca" ]; then
|
||||||
|
echo "Sorry, this is in use by the server and cannot be used by clients."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#As of EasyRSA 3.0.6, by default certificates last 1080 days, see https://github.com/OpenVPN/easy-rsa/blob/6b7b6bf1f0d3c9362b5618ad18c66677351cacd1/easyrsa3/vars.example
|
||||||
|
if [ -z "${DAYS}" ]; then
|
||||||
|
read -r -e -p "How many days should the certificate last? " -i 1080 DAYS
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! "$DAYS" =~ ^[0-9]+$ ]] || [ "$DAYS" -lt 1 ] || [ "$DAYS" -gt 3650 ]; then
|
||||||
|
#The CRL lasts 3650 days so it doesn't make much sense that certificates would last longer
|
||||||
|
echo "Please input a valid number of days, between 1 and 3650 inclusive."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd /etc/openvpn/easy-rsa || exit
|
||||||
|
|
||||||
|
if [[ "${NO_PASS}" =~ "1" ]]; then
|
||||||
|
if [[ -n "${PASSWD}" ]]; then
|
||||||
|
echo "Both nopass and password arguments passed to the script. Please use either one."
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
keynoPASS
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
keyPASS
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#1st Verify that clients Public Key Exists
|
#1st Verify that clients Public Key Exists
|
||||||
|
|
Loading…
Reference in a new issue