Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1091 from gi8lino/master

Browse source 
add parameter to force remove profile
This commit is contained in:
Orazio 2020-07-21 15:15:22 +02:00 committed by GitHub
commit ed12e5f14c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 44 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
scripts/openvpn/removeOVPN.sh
View file

@ -14,11 +14,12 @@ source "${setupVars}"
helpFunc() { helpFunc() {
echo "::: Revoke a client ovpn profile" echo "::: Revoke a client ovpn profile"
echo ":::" echo ":::"
echo "::: Usage: pivpn <-r|revoke> [-h|--help] [<client-1>] ... [<client-n>] ..." echo "::: Usage: pivpn <-r|revoke> [-y|--yes] [-h|--help] [<client-1>] ... [<client-n>] ..."
echo ":::" echo ":::"
echo "::: Commands:" echo "::: Commands:"
echo "::: [none] Interactive mode" echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to to revoke" echo "::: <client> Client(s) to to revoke"
echo "::: -y,--yes Remove Client(s) without confirmation"
echo "::: -h,--help Show this help dialog" echo "::: -h,--help Show this help dialog"
} }
@ -31,6 +32,9 @@ do
helpFunc helpFunc
exit 0 exit 0
;; ;;
-y|--yes)
CONFIRM=true
;;
*) *)
CERTS_TO_REVOKE+=("$1") CERTS_TO_REVOKE+=("$1")
;; ;;
@ -111,31 +115,38 @@ fi
cd /etc/openvpn/easy-rsa || exit cd /etc/openvpn/easy-rsa || exit
for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do for (( ii = 0; ii < ${#CERTS_TO_REVOKE[@]}; ii++)); do
printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}" if [ -n "$CONFIRM" ]; then
./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}" REPLY="y"
./easyrsa gen-crl else
printf "\n::: Certificate revoked, and CRL file updated.\n" read -r -p "Do you really want to revoke ${CERTS_TO_REVOKE[ii]}? [Y/n] "
printf "::: Removing certs and client configuration for this profile.\n" fi
rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req" if [[ $REPLY =~ ^[Yy]$ ]]; then
rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key" printf "\n::: Revoking certificate '"%s"'.\n" "${CERTS_TO_REVOKE[ii]}"
rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt" ./easyrsa --batch revoke "${CERTS_TO_REVOKE[ii]}"
./easyrsa gen-crl
printf "\n::: Certificate revoked, and CRL file updated.\n"
printf "::: Removing certs and client configuration for this profile.\n"
rm -rf "pki/reqs/${CERTS_TO_REVOKE[ii]}.req"
rm -rf "pki/private/${CERTS_TO_REVOKE[ii]}.key"
rm -rf "pki/issued/${CERTS_TO_REVOKE[ii]}.crt"
# Grab the client IP address # Grab the client IP address
NET_REDUCED="${pivpnNET::-2}" NET_REDUCED="${pivpnNET::-2}"
STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}") STATIC_IP=$(grep -v "^#" /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" | grep -w ifconfig-push | grep -oE "${NET_REDUCED}\.[0-9]{1,3}")
rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}" rm -rf /etc/openvpn/ccd/"${CERTS_TO_REVOKE[ii]}"
rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "${install_home}/ovpns/${CERTS_TO_REVOKE[ii]}.ovpn"
rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn" rm -rf "/etc/openvpn/easy-rsa/pki/${CERTS_TO_REVOKE[ii]}.ovpn"
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# If using Pi-hole, remove the client from the hosts file # If using Pi-hole, remove the client from the hosts file
if [ -f /etc/pivpn/hosts.openvpn ]; then if [ -f /etc/pivpn/hosts.openvpn ]; then
sed "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" -i /etc/pivpn/hosts.openvpn sed "\#${STATIC_IP} ${CERTS_TO_REVOKE[ii]}.pivpn#d" -i /etc/pivpn/hosts.openvpn
if killall -SIGHUP pihole-FTL; then if killall -SIGHUP pihole-FTL; then
echo "::: Updated hosts file for Pi-hole" echo "::: Updated hosts file for Pi-hole"
else else
echo "::: Failed to reload pihole-FTL configuration" echo "::: Failed to reload pihole-FTL configuration"
fi
fi fi
fi fi
done done

12
scripts/wireguard/removeCONF.sh
View file

@ -12,11 +12,12 @@ source "${setupVars}"
helpFunc(){ helpFunc(){
echo "::: Remove a client conf profile" echo "::: Remove a client conf profile"
echo ":::" echo ":::"
echo "::: Usage: pivpn <-r|remove> [-h|--help] [<client-1>] ... [<client-n>] ..." echo "::: Usage: pivpn <-r|remove> [-y|--yes] [-h|--help] [<client-1>] ... [<client-n>] ..."
echo ":::" echo ":::"
echo "::: Commands:" echo "::: Commands:"
echo "::: [none] Interactive mode" echo "::: [none] Interactive mode"
echo "::: <client> Client(s) to remove" echo "::: <client> Client(s) to remove"
echo "::: -y,--yes Remove Client(s) without confirmation"
echo "::: -h,--help Show this help dialog" echo "::: -h,--help Show this help dialog"
} }
@ -29,6 +30,9 @@ do
helpFunc helpFunc
exit 0 exit 0
;; ;;
-y|--yes)
CONFIRM=true
;;
*) *)
CLIENTS_TO_REMOVE+=("$1") CLIENTS_TO_REMOVE+=("$1")
;; ;;
@ -68,7 +72,11 @@ for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist" echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else else
REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)" REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] " if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then