+ When estimating $INSTALL_HOME, assure grep can only match user names, to avoid possible wrong multi-line value
+ Remove possible trailing slash from $INSTALL_HOME, to avoid double slash in "$INSTALL_HOME/ovpns"
+ Avoid "cat <file> | grep <pattern>", since grep can process files directly
+ Avoid "VAR=$(cat file)", since "VAR=$(<file)" has the same result without using a slow external command
Signed-off-by: MichaIng <micha@dietpi.com>
Code assumes that the specified user directory is under /home. This code parses the /etc/passwd file in order to determine what that user's proper home directory is.
Added new step to create an .ovpn12 file that can be stored on iOS keychain
This step is more secure method and does not require the end-user to keep entering passwords, or storing the client private cert where it can be easily tampered based on documentation located:
https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/
Someone can improve upon this by adding a parameter (possibly -i|--iOS) and then generating the original .ovpn file to not contain the client private certificate.
As @fyellin There is some chatter on other groups that some
OpenVPN implementations cannot handle client keys that are
encrypted with RSA.
If the client key is encrypted, we might re-encrypting the
current client key using 3DES.
This commit will convert user client key to 3DES in command
`pivpn -a`
P/S: All credits to @fyellin. Many thanks to him.
::: Create a client ovpn profile, optional nopass
:::
::: Usage: pivpn <-a|add> [-n|--name <arg>] [-p|--password
<arg>]|[nopass] [-h|--help]
:::
::: Commands:
::: nopass Create a client without a password
::: -n,--name Name for the Client (default: 'raspberrypi')
::: -p,--password Password for the Client (no default)
::: -h,--help Show this help dialog
