mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 23:46:07 +03:00
Code Issues Projects Releases Wiki Activity

add option for users to allow duplicate certificate/key files

Browse Source 
add exit status code
This commit is contained in:
Hoang Huynh 2014-03-06 12:42:03 +07:00
parent c3189eacb4
commit 5f39d8c469
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
openvpn-install.sh
View File

@ -8,13 +8,13 @@
if [ $USER != 'root' ]; then if [ $USER != 'root' ]; then
echo "Sorry, you need to run this as root" echo "Sorry, you need to run this as root"
exit exit 1
fi fi
if [ ! -e /dev/net/tun ]; then if [ ! -e /dev/net/tun ]; then
echo "TUN/TAP is not available, please enable it first (contact your provider if you don't know how)" echo "TUN/TAP is not available, please enable it first (contact your provider if you don't know how)"
exit exit 1
fi fi
@ -41,7 +41,7 @@ if [ -e /etc/openvpn/server.conf ]; then
echo "" echo ""
read -p "Select an option [1-4]: " option read -p "Select an option [1-4]: " option
case $option in case $option in
1) 1)
echo "" echo ""
echo "Tell me a name for the client cert" echo "Tell me a name for the client cert"
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters"
@ -68,7 +68,7 @@ if [ -e /etc/openvpn/server.conf ]; then
rm -rf ovpn-$CLIENT rm -rf ovpn-$CLIENT
echo "" echo ""
echo "Client $CLIENT added, certs available at ~/ovpn-$CLIENT.tar.gz" echo "Client $CLIENT added, certs available at ~/ovpn-$CLIENT.tar.gz"
exit exit 0
;; ;;
2) 2)
echo "" echo ""
@ -87,9 +87,9 @@ if [ -e /etc/openvpn/server.conf ]; then
echo "" echo ""
echo "Certificate for client $CLIENT revoked" echo "Certificate for client $CLIENT revoked"
fi fi
exit exit 0
;; ;;
3) 3)
apt-get remove --purge -y openvpn openvpn-blacklist apt-get remove --purge -y openvpn openvpn-blacklist
rm -rf /etc/openvpn rm -rf /etc/openvpn
rm -rf /usr/share/doc/openvpn rm -rf /usr/share/doc/openvpn
@ -97,9 +97,9 @@ if [ -e /etc/openvpn/server.conf ]; then
sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0/d' /etc/rc.local sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0/d' /etc/rc.local
echo "" echo ""
echo "OpenVPN removed!" echo "OpenVPN removed!"
exit exit 0
;; ;;
4) exit;; 4) exit 0;;
esac esac
done done
else else
@ -120,6 +120,10 @@ else
echo "This can be useful to connect under restrictive networks" echo "This can be useful to connect under restrictive networks"
read -p "Listen at port 53 [y/n]: " -e -i n ALTPORT read -p "Listen at port 53 [y/n]: " -e -i n ALTPORT
echo "" echo ""
echo "Do you want to allow multiple clients to connect with the same"
echo "certificate/key files? This is recommended only for trusted clients."
read -p "Duplicate certificate [y/n]: " -e -i n DUPLICATE_CN
echo ""
echo "Finally, tell me your name for the client cert" echo "Finally, tell me your name for the client cert"
echo "Please, use one word only, no special characters" echo "Please, use one word only, no special characters"
read -p "Client name: " -e -i client CLIENT read -p "Client name: " -e -i client CLIENT
@ -178,6 +182,10 @@ else
iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port 1194 iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port 1194
sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port 1194" /etc/rc.local sed -i "/# By default this script does nothing./a\iptables -t nat -A PREROUTING -p udp -d $IP --dport 53 -j REDIRECT --to-port 1194" /etc/rc.local
fi fi
# Allow duplicate certificate/key files if user wants that
if [ $DUPLICATE_CN = 'y' ]; then
sed -i 's|;duplicate-cn|duplicate-cn|' server.conf
fi
# Enable net.ipv4.ip_forward for the system # Enable net.ipv4.ip_forward for the system
sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
# Avoid an unneeded reboot # Avoid an unneeded reboot
@ -221,4 +229,5 @@ else
echo "" echo ""
echo "Your client config is available at `pwd`/ovpn-$CLIENT.tar.gz" echo "Your client config is available at `pwd`/ovpn-$CLIENT.tar.gz"
echo "If you want to add more clients, you simply need to run this script another time!" echo "If you want to add more clients, you simply need to run this script another time!"
exit 0
fi fi