diff --git a/auto_install/install.sh b/auto_install/install.sh index 7b61241..57284b9 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -10,7 +10,6 @@ # curl -L https://install.pivpn.io | bash # Make sure you have `curl` installed -# timestamp 2020/5/24 15:53BST ######## VARIABLES ######### pivpnGitUrl="https://github.com/pivpn/pivpn.git" diff --git a/scripts/wireguard/bash-completion b/scripts/wireguard/bash-completion index a971696..ae57b41 100644 --- a/scripts/wireguard/bash-completion +++ b/scripts/wireguard/bash-completion @@ -4,8 +4,8 @@ _pivpn() COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" prev="${COMP_WORDS[COMP_CWORD-1]}" - dashopts="-a -c -d -l -qr -r -h -u -up -bk" - opts="add clients debug list qrcode remove help uninstall update backup" + dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on" + opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on" if [ "${#COMP_WORDS[@]}" -eq 2 ] then if [[ ${cur} == -* ]] ; then diff --git a/scripts/wireguard/clientSTAT.sh b/scripts/wireguard/clientSTAT.sh index 166085f..0df3664 100755 --- a/scripts/wireguard/clientSTAT.sh +++ b/scripts/wireguard/clientSTAT.sh @@ -2,6 +2,7 @@ # PiVPN: client status script CLIENTS_FILE="/etc/wireguard/configs/clients.txt" +CONF_FILE="/etc/wireguard/wg0.conf" if [ ! -s "$CLIENTS_FILE" ]; then echo "::: There are no clients to list" @@ -36,33 +37,37 @@ listClients(){ printf "\e[4mName\e[0m \t \e[4mRemote IP\e[0m \t \e[4mVirtual IP\e[0m \t \e[4mBytes Received\e[0m \t \e[4mBytes Sent\e[0m \t \e[4mLast Seen\e[0m\n" while IFS= read -r LINE; do - - PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")" - REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")" - VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")" - BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")" - BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")" - LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")" - CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')" - - if [ "$HR" = 1 ]; then - if [ "$LAST_SEEN" -ne 0 ]; then - printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" + if [ -n "${LINE}" ]; then + PUBLIC_KEY="$(awk '{ print $1 }' <<< "$LINE")" + REMOTE_IP="$(awk '{ print $3 }' <<< "$LINE")" + VIRTUAL_IP="$(awk '{ print $4 }' <<< "$LINE")" + BYTES_RECEIVED="$(awk '{ print $6 }' <<< "$LINE")" + BYTES_SENT="$(awk '{ print $7 }' <<< "$LINE")" + LAST_SEEN="$(awk '{ print $5 }' <<< "$LINE")" + CLIENT_NAME="$(grep "$PUBLIC_KEY" "$CLIENTS_FILE" | awk '{ print $1 }')" + if [ "$HR" = 1 ]; then + if [ "$LAST_SEEN" -ne 0 ]; then + printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" + else + printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)" + fi else - printf "%s \t %s \t %s \t %s \t %s \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$(hr "$BYTES_RECEIVED")" "$(hr "$BYTES_SENT")" "(not yet)" - fi - else - if [ "$LAST_SEEN" -ne 0 ]; then - printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" - else - printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)" + if [ "$LAST_SEEN" -ne 0 ]; then + printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "$(date -d @"$LAST_SEEN" '+%b %d %Y - %T')" + else + printf "%s \t %s \t %s \t %'d \t %'d \t %s\n" "$CLIENT_NAME" "$REMOTE_IP" "${VIRTUAL_IP/\/32/}" "$BYTES_RECEIVED" "$BYTES_SENT" "(not yet)" + fi fi fi - done <<< "$DUMP" printf "\n" } | column -t -s $'\t' + + cd /etc/wireguard || return + echo "::: Disabled clients :::" + grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//' + } if [[ $# -eq 0 ]]; then diff --git a/scripts/wireguard/disableCONF.sh b/scripts/wireguard/disableCONF.sh new file mode 100755 index 0000000..7d3d682 --- /dev/null +++ b/scripts/wireguard/disableCONF.sh @@ -0,0 +1,120 @@ +#!/bin/bash + +setupVars="/etc/pivpn/wireguard/setupVars.conf" + +if [ ! -f "${setupVars}" ]; then + echo "::: Missing setup vars file!" + exit 1 +fi + +source "${setupVars}" + +helpFunc(){ + echo "::: Disable client conf profiles" + echo ":::" + echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] " + echo ":::" + echo "::: Commands:" + echo "::: [none] Interactive mode" + echo "::: <client> Client" + echo "::: -y,--yes Disable client(s) without confirmation" + echo "::: -v Show disabled clients only" + echo "::: -h,--help Show this help dialog" +} + +# Parse input arguments +while test $# -gt 0 +do + _key="$1" + case "$_key" in + -h|--help) + helpFunc + exit 0 + ;; + -y|--yes) + CONFIRM=true + ;; + -v) + DISPLAY_DISABLED=true + ;; + *) + CLIENTS_TO_CHANGE+=("$1") + ;; + esac + shift +done + +cd /etc/wireguard +if [ ! -s configs/clients.txt ]; then + echo "::: There are no clients to change" + exit 1 +fi + + +if [ "$DISPLAY_DISABLED" ]; then + grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//' + exit 1 +fi + + +LIST=($(awk '{print $1}' configs/clients.txt)) +if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then + echo -e "::\e[4m Client list \e[0m::" + len=${#LIST[@]} + COUNTER=1 + while [ $COUNTER -le ${len} ]; do + printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]} + ((COUNTER++)) + done + + read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE + + if [ -z "${CLIENTS_TO_CHANGE}" ]; then + echo "::: You can not leave this blank!" + exit 1 + fi +fi + +CHANGED_COUNT=0 + +for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do + + re='^[0-9]+$' + if [[ ${CLIENT_NAME} =~ $re ]] ; then + CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]} + fi + + if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then + echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist" + elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then + echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled" + else + if [ -n "$CONFIRM" ]; then + REPLY="y" + else + read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] " + fi + + if [[ $REPLY =~ ^[Yy]$ ]]; then + + # Disable the peer section from the server config + echo "${CLIENT_NAME}" + sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf + echo "::: Updated server config" + + ((CHANGED_COUNT++)) + echo "::: Successfully disabled ${CLIENT_NAME}" + + fi + fi + +done + +# Restart WireGuard only if some clients were actually deleted +if [ "${CHANGED_COUNT}" -gt 0 ]; then + if systemctl reload wg-quick@wg0; then + echo "::: WireGuard reloaded" + else + echo "::: Failed to reload WireGuard" + fi +fi diff --git a/scripts/wireguard/enableCONF.sh b/scripts/wireguard/enableCONF.sh new file mode 100755 index 0000000..4ce0cf7 --- /dev/null +++ b/scripts/wireguard/enableCONF.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +setupVars="/etc/pivpn/wireguard/setupVars.conf" + +if [ ! -f "${setupVars}" ]; then + echo "::: Missing setup vars file!" + exit 1 +fi + +source "${setupVars}" + +helpFunc(){ + echo "::: Enables client conf profiles" + echo ":::" + echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] " + echo ":::" + echo "::: Commands:" + echo "::: [none] Interactive mode" + echo "::: <client> Client" + echo "::: -y,--yes Enable client(s) without confirmation" + echo "::: -v Show disabled clients only" + echo "::: -h,--help Show this help dialog" +} + +# Parse input arguments +while test $# -gt 0 +do + _key="$1" + case "$_key" in + -h|--help) + helpFunc + exit 0 + ;; + -y|--yes) + CONFIRM=true + ;; + -v) + DISPLAY_DISABLED=true + ;; + *) + CLIENTS_TO_CHANGE+=("$1") + ;; + esac + shift +done + +cd /etc/wireguard +if [ ! -s configs/clients.txt ]; then + echo "::: There are no clients to change" + exit 1 +fi + +if [ "$DISPLAY_DISABLED" ]; then + grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//' + exit 1 +fi + +LIST=($(awk '{print $1}' configs/clients.txt)) +if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then + echo -e "::\e[4m Client list \e[0m::" + len=${#LIST[@]} + COUNTER=1 + while [ $COUNTER -le ${len} ]; do + printf "%0${#len}s) %s\r\n" ${COUNTER} ${LIST[(($COUNTER-1))]} + ((COUNTER++)) + done + + read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE + + if [ -z "${CLIENTS_TO_CHANGE}" ]; then + echo "::: You can not leave this blank!" + exit 1 + fi +fi + +CHANGED_COUNT=0 + +for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do + + re='^[0-9]+$' + if [[ ${CLIENT_NAME} =~ $re ]] ; then + CLIENT_NAME=${LIST[$(($CLIENT_NAME -1))]} + fi + + if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then + echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist" + else + if [ -n "$CONFIRM" ]; then + REPLY="y" + else + read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] " + fi + + if [[ $REPLY =~ ^[Yy]$ ]]; then + + # Enable the peer section from the server config + echo "${CLIENT_NAME}" + sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf + echo "::: Updated server config" + + ((CHANGED_COUNT++)) + echo "::: Successfully enabled ${CLIENT_NAME}" + + fi + fi + +done + +# Restart WireGuard only if some clients were actually deleted +if [ "${CHANGED_COUNT}" -gt 0 ]; then + if systemctl reload wg-quick@wg0; then + echo "::: WireGuard reloaded" + else + echo "::: Failed to reload WireGuard" + fi +fi diff --git a/scripts/wireguard/listCONF.sh b/scripts/wireguard/listCONF.sh index 6f8e198..150eb5a 100755 --- a/scripts/wireguard/listCONF.sh +++ b/scripts/wireguard/listCONF.sh @@ -25,4 +25,9 @@ while read -r LINE; do echo -e "$CLIENT_NAME \t $PUBLIC_KEY \t $CD_FORMAT" done < clients.txt -} | column -t -s $'\t' \ No newline at end of file +} | column -t -s $'\t' + + +cd /etc/wireguard || return +echo "::: Disabled clients :::" +grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//' diff --git a/scripts/wireguard/pivpn.sh b/scripts/wireguard/pivpn.sh index ad4b0e7..4679e13 100755 --- a/scripts/wireguard/pivpn.sh +++ b/scripts/wireguard/pivpn.sh @@ -52,6 +52,18 @@ removeClient(){ exit 0 } +disableClient(){ + shift + $SUDO ${scriptdir}/${vpn}/disableCONF.sh "$@" + exit 0 +} + +enableClient(){ + shift + $SUDO ${scriptdir}/${vpn}/enableCONF.sh "$@" + exit 0 +} + uninstallServer(){ $SUDO ${scriptdir}/uninstall.sh "${vpn}" exit 0 @@ -74,16 +86,18 @@ showHelp(){ echo "::: Usage: pivpn <command> [option]" echo ":::" echo "::: Commands:" - echo "::: -a, add Create a client conf profile" - echo "::: -c, clients List any connected clients to the server" - echo "::: -d, debug Start a debugging session if having trouble" - echo "::: -l, list List all clients" - echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app" - echo "::: -r, remove Remove a client" - echo "::: -h, help Show this help dialog" - echo "::: -u, uninstall Uninstall pivpn from your system!" - echo "::: -up, update Updates PiVPN Scripts" - echo "::: -bk, backup Backup VPN configs and user profiles" + echo "::: -a, add Create a client conf profile" + echo "::: -c, clients List any connected clients to the server" + echo "::: -d, debug Start a debugging session if having trouble" + echo "::: -l, list List all clients" + echo "::: -qr, qrcode Show the qrcode of a client for use with the mobile app" + echo "::: -r, remove Remove a client" + echo "::: -off, off Disable a user" + echo "::: -on, on Enable a user" + echo "::: -h, help Show this help dialog" + echo "::: -u, uninstall Uninstall pivpn from your system!" + echo "::: -up, update Updates PiVPN Scripts" + echo "::: -bk, backup Backup VPN configs and user profiles" exit 0 } @@ -93,15 +107,17 @@ fi # Handle redirecting to specific functions based on arguments case "$1" in -"-a" | "add" ) makeConf "$@";; -"-c" | "clients" ) listConnected "$@";; -"-d" | "debug" ) debug;; -"-l" | "list" ) listClients;; -"-qr" | "qrcode" ) showQrcode "$@";; -"-r" | "remove" ) removeClient "$@";; -"-h" | "help" ) showHelp;; -"-u" | "uninstall" ) uninstallServer;; -"-up" | "update" ) updateScripts "$@" ;; -"-bk" | "backup" ) backup ;; -* ) showHelp;; +"-a" | "add" ) makeConf "$@";; +"-c" | "clients" ) listConnected "$@";; +"-d" | "debug" ) debug;; +"-l" | "list" ) listClients;; +"-qr" | "qrcode" ) showQrcode "$@";; +"-r" | "remove" ) removeClient "$@";; +"-off" | "off" ) disableClient "$@";; +"-on" | "on" ) enableClient "$@";; +"-h" | "help" ) showHelp;; +"-u" | "uninstall" ) uninstallServer;; +"-up" | "update" ) updateScripts "$@" ;; +"-bk" | "backup" ) backup ;; +* ) showHelp;; esac