mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-26 23:00:16 +00:00
35f07b2147
Both wireguard and openvpn can be installed together (Issue #968)
131 lines
4.1 KiB
Bash
Executable file
131 lines
4.1 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
setupVars="/etc/pivpn/wireguard/setupVars.conf"
|
|
|
|
if [ ! -f "${setupVars}" ]; then
|
|
echo "::: Missing setup vars file!"
|
|
exit 1
|
|
fi
|
|
|
|
source "${setupVars}"
|
|
|
|
helpFunc(){
|
|
echo "::: Remove a client conf profile"
|
|
echo ":::"
|
|
echo "::: Usage: pivpn <-r|remove> [-h|--help] [<client-1>] ... [<client-n>] ..."
|
|
echo ":::"
|
|
echo "::: Commands:"
|
|
echo "::: [none] Interactive mode"
|
|
echo "::: <client> Client(s) to remove"
|
|
echo "::: -h,--help Show this help dialog"
|
|
}
|
|
|
|
# Parse input arguments
|
|
while test $# -gt 0
|
|
do
|
|
_key="$1"
|
|
case "$_key" in
|
|
-h|--help)
|
|
helpFunc
|
|
exit 0
|
|
;;
|
|
*)
|
|
CLIENTS_TO_REMOVE+=("$1")
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
cd /etc/wireguard
|
|
if [ ! -s configs/clients.txt ]; then
|
|
echo "::: There are no clients to remove"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "${#CLIENTS_TO_REMOVE[@]}" -eq 0 ]; then
|
|
|
|
echo -e "::\e[4m Client list \e[0m::"
|
|
LIST=($(awk '{print $1}' configs/clients.txt))
|
|
COUNTER=1
|
|
while [ $COUNTER -le ${#LIST[@]} ]; do
|
|
echo "• ${LIST[(($COUNTER-1))]}"
|
|
((COUNTER++))
|
|
done
|
|
|
|
read -r -p "Please enter the Name of the Client to be removed from the list above: " CLIENTS_TO_REMOVE
|
|
|
|
if [ -z "${CLIENTS_TO_REMOVE}" ]; then
|
|
echo "::: You can not leave this blank!"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
DELETED_COUNT=0
|
|
|
|
for CLIENT_NAME in "${CLIENTS_TO_REMOVE[@]}"; do
|
|
|
|
if ! grep -qw "${CLIENT_NAME}" configs/clients.txt; then
|
|
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
|
|
else
|
|
REQUESTED="$(sha256sum "configs/${CLIENT_NAME}.conf" | cut -c 1-64)"
|
|
read -r -p "Do you really want to delete $CLIENT_NAME? [Y/n] "
|
|
|
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
|
|
# Grab the least significant octed of the client IP address
|
|
COUNT=$(grep "${CLIENT_NAME}" configs/clients.txt | awk '{print $4}')
|
|
# The creation date of the client
|
|
CREATION_DATE="$(grep "${CLIENT_NAME}" configs/clients.txt | awk '{print $3}')"
|
|
# And its public key
|
|
PUBLIC_KEY="$(grep "${CLIENT_NAME}" configs/clients.txt | awk '{print $2}')"
|
|
|
|
# Then remove the client matching the variables above
|
|
sed "\#${CLIENT_NAME} ${PUBLIC_KEY} ${CREATION_DATE} ${COUNT}#d" -i configs/clients.txt
|
|
|
|
# Remove the peer section from the server config
|
|
sed "/# begin ${CLIENT_NAME}/,/# end ${CLIENT_NAME}/d" -i wg0.conf
|
|
echo "::: Updated server config"
|
|
|
|
rm "configs/${CLIENT_NAME}.conf"
|
|
echo "::: Client config for ${CLIENT_NAME} removed"
|
|
|
|
rm "keys/${CLIENT_NAME}_priv"
|
|
rm "keys/${CLIENT_NAME}_pub"
|
|
rm "keys/${CLIENT_NAME}_psk"
|
|
echo "::: Client Keys for ${CLIENT_NAME} removed"
|
|
|
|
# Find all .conf files in the home folder of the user matching the checksum of the
|
|
# config and delete them. '-maxdepth 3' is used to avoid traversing too many folders.
|
|
find "${install_home}" -maxdepth 3 -type f -name '*.conf' -print0 | while IFS= read -r -d '' CONFIG; do
|
|
if sha256sum -c <<< "${REQUESTED} ${CONFIG}" &> /dev/null; then
|
|
rm "${CONFIG}"
|
|
fi
|
|
done
|
|
|
|
((DELETED_COUNT++))
|
|
echo "::: Successfully deleted ${CLIENT_NAME}"
|
|
|
|
# If using Pi-hole, remove the client from the hosts file
|
|
if [ -f /etc/pivpn/hosts.wireguard ]; then
|
|
NET_REDUCED="${pivpnNET::-2}"
|
|
sed "\#${NET_REDUCED}.${COUNT} ${CLIENT_NAME}.pivpn#d" -i /etc/pivpn/hosts.wireguard
|
|
if killall -SIGHUP pihole-FTL; then
|
|
echo "::: Updated hosts file for Pi-hole"
|
|
else
|
|
echo "::: Failed to reload pihole-FTL configuration"
|
|
fi
|
|
fi
|
|
|
|
fi
|
|
fi
|
|
|
|
done
|
|
|
|
# Restart WireGuard only if some clients were actually deleted
|
|
if [ "${DELETED_COUNT}" -gt 0 ]; then
|
|
if systemctl restart wg-quick@wg0; then
|
|
echo "::: WireGuard restarted"
|
|
else
|
|
echo "::: Failed to restart WireGuard"
|
|
fi
|
|
fi
|