diff --git a/README.md b/README.md
index c577f5f..2f7d52d 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,65 @@
-**New: [wireguard-install](https://github.com/Nyr/wireguard-install) is also available.**
-
## openvpn-install
-OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora.
-This script will let you set up your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible.
+OpenVPN Server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, and Fedora.
-### Installation
-Run the script and follow the assistant:
+This repo is originally a fork of https://github.com/Nyr/openvpn-install with some changes and added features.
-`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh`
+### Instructions
+
+Download and execute the script:
+
+```
+wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-install.sh
+chmod +x openvpn-install.sh
+./openvpn-install.sh
+```
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
-### I want to run my own VPN but don't have a server for that
-You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422).
+### Automation
-### Donations
-If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks!
+Download the CLI script:
-### Sponsors
-This project is proudly sponsored by our friends at [FrogeHost](https://froge.host/?utm_source=nyr).
+```
+wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-cli.sh
+chmod +x openvpn-cli.sh
+./openvpn-cli.sh
+```
-For a commercial VPN with strong anti-censorship capabilities (最强翻墙VPN) from $1/month, check out [Clever VPN](https://www.clever-vpn.net/?wg-referral=01LOULuQoi).
\ No newline at end of file
+The CLI script allows you to add and revoke users with a single command or for using with Ansible or Terraform.
+
+```
+See examples:
+
+ ./openvpn-cli.sh add username add a new client
+ ./openvpn-cli.sh revoke username revoke a client
+ ./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email
+ ./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email
+
+```
+
+### Optional
+
+If the new client account is a valid email address, the configuration file is automatically sent, as long as MSMTP is installed and configured.
+
+```
+sudo apt install msmtp msmtp-mta -y
+sudo nano /etc/msmtprc
+```
+
+MSMTP Configuration Example (for Gmail):
+
+```
+defaults
+auth on
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+logfile ~/.msmtp.log
+account gmail
+host smtp.gmail.com
+port 587
+from username@gmail.com
+user username@gmail.com
+password password
+account default : gmail
+```
diff --git a/openvpn-cli.sh b/openvpn-cli.sh
new file mode 100644
index 0000000..68dfc58
--- /dev/null
+++ b/openvpn-cli.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+#
+# https://github.com/davift/openvpn-install
+# firked from https://github.com/Nyr/openvpn-install
+#
+# Released under the same MIT License.
+
+if [[ ! -e /etc/openvpn/server/server.conf ]]; then
+ echo 'OpenVPN server is not installed yet.'
+ echo 'Run the following command first:'
+ echo
+ echo ' ./openvpn-install.sh'
+ echo
+ exit
+fi
+
+# Detect Debian users running the script with "sh" instead of bash
+if readlink /proc/$$/exe | grep -q "dash"; then
+ echo 'This installer needs to be run with "bash", not "sh".'
+ exit
+fi
+
+# Discard stdin. Needed when running from an one-liner which includes a newline
+read -N 999999 -t 0.001
+
+# Detect environments where $PATH does not include the sbin directories
+if ! grep -q sbin <<< "$PATH"; then
+ echo '$PATH does not include sbin. Try using "su -" instead of "su".'
+ exit
+fi
+
+if [[ "$EUID" -ne 0 ]]; then
+ echo "This installer needs to be run with superuser privileges."
+ exit
+fi
+
+option=$1
+unsanitized_client=$2
+ client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_@-\.]/_/g' <<< "$unsanitized_client")
+ if [[ -z "$option" || ( "$option" != "add" && "$option" != "revoke" ) ]]; then
+ echo 'Invalid option.'
+ elif [[ -z "$client" ]]; then
+ echo 'The client name cannto be empty.'
+ exit 1
+ fi
+
+case "$option" in
+ add)
+ if [[ -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt || -e /etc/openvpn/server/easy-rsa/pki/private/"$client".key ]]; then
+ echo 'The client already exist.'
+ exit 1
+ fi
+
+ # Adding
+ cd /etc/openvpn/server/easy-rsa/
+ if ./easyrsa --batch --days=3650 build-client-full "$client" nopass &>/dev/null; then
+ {
+ cat /etc/openvpn/server/client-common.txt
+ echo ""
+ cat /etc/openvpn/server/easy-rsa/pki/ca.crt
+ echo ""
+ echo ""
+ sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt
+ echo ""
+ echo ""
+ cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key
+ echo ""
+ echo ""
+ sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
+ echo ""
+ } > /root/"$client".ovpn
+ echo "Client's configuration:" /root/"$client.ovpn"
+
+ # Regular expression for a basic email validation
+ regex="^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]{1,2}+\.[a-zA-Z]{2,10}$"
+ if [[ $client =~ $regex ]]; then
+ boundaystring=($(md5sum /root/$client.ovpn))
+ {
+ echo "From: davift-canada@gmail.com"
+ echo "To: $client"
+ echo "Subject: OpenVPN Client Configuration"
+ echo "MIME-Version: 1.0"
+ echo "Content-Type: multipart/mixed; boundary=\"$boundaystring\""
+ echo ""
+ echo "--$boundaystring"
+ echo "Content-Type: text/plain; charset=\"UTF-8\""
+ echo "Content-Transfer-Encoding: 7bit"
+ echo ""
+ echo "Please find attached your OpenVPN client configuration."
+ echo ""
+ echo "--$boundaystring"
+ echo "Content-Type: application/octet-stream; name=\"$client.ovpn\""
+ echo "Content-Transfer-Encoding: base64"
+ echo "Content-Disposition: attachment; filename=\"$client.ovpn\""
+ echo ""
+ cat /root/$client.ovpn | base64
+ echo "--$boundaystring--"
+ echo ""
+ } > /root/"$client".email
+ if [[ ! $(which msmtp) ]]; then
+ echo 'Email NOT sent! MSMTP was not found.'
+ elif msmtp -a default $client < /root/$client.email; then
+ echo 'Configuration send via email.'
+ else
+ echo 'Email NOT sent! MSMTP failed.'
+ fi
+ fi
+ else
+ echo 'Certificate conflict.'
+ exit 1
+ fi
+ ;;
+ revoke)
+ if [[ ! -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; then
+ echo 'The client does not exist.'
+ exit 1
+ fi
+ if ! tail -n +2 /etc/openvpn/server/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | grep -q "$client"; then
+ echo 'The client does not exist.'
+ exit 1
+ fi
+
+ # Revoking
+ cd /etc/openvpn/server/easy-rsa/
+ rm pki/reqs/$client.req
+ ./easyrsa --batch revoke "$client" &>/dev/null
+ ./easyrsa --batch --days=3650 gen-crl &>/dev/null
+ cat /etc/openvpn/server/easy-rsa/pki/crl.pem > /etc/openvpn/server/crl.pem
+ exit
+ ;;
+ *)
+ echo 'See examples:'
+ echo ''
+ echo ' ./openvpn-cli.sh add username add a new client'
+ echo ' ./openvpn-cli.sh revoke username revoke a client'
+ echo ' ./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email'
+ echo ' ./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email'
+ echo ''
+ exit
+ ;;
+esac
diff --git a/openvpn-install.sh b/openvpn-install.sh
index e0785b8..1abcb8e 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -96,7 +96,7 @@ new_client () {
echo ""
sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
echo ""
- } > ~/"$client".ovpn
+ } > /root/"$client".ovpn
}
if [[ ! -e /etc/openvpn/server/server.conf ]]; then
@@ -454,7 +454,7 @@ verb 3" > /etc/openvpn/server/client-common.txt
echo
echo "Finished!"
echo
- echo "The client configuration is available in:" ~/"$client.ovpn"
+ echo "The client configuration is available in:" /root/"$client.ovpn"
echo "New clients can be added by running this script again."
else
clear
@@ -482,11 +482,12 @@ else
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
done
cd /etc/openvpn/server/easy-rsa/
+ rm pki/reqs/$client.req
./easyrsa --batch --days=3650 build-client-full "$client" nopass
# Generates the custom client.ovpn
new_client
echo
- echo "$client added. Configuration available in:" ~/"$client.ovpn"
+ echo "$client added. Configuration available in:" /root/"$client.ovpn"
exit
;;
2)