1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

Added CLI Script for Managing Clients

This commit is contained in:
davift 2024-09-13 23:25:33 -04:00 committed by GitHub
commit 6e63867b6b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 200 additions and 17 deletions

View File

@ -1,24 +1,65 @@
**New: [wireguard-install](https://github.com/Nyr/wireguard-install) is also available.**
## openvpn-install ## openvpn-install
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora.
This script will let you set up your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It has been designed to be as unobtrusive and universal as possible. OpenVPN Server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, and Fedora.
### Installation This repo is originally a fork of https://github.com/Nyr/openvpn-install with some changes and added features.
Run the script and follow the assistant:
`wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh` ### Instructions
Download and execute the script:
```
wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
./openvpn-install.sh
```
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
### I want to run my own VPN but don't have a server for that ### Automation
You can get a VPS from just 2€/month at [AlphaVPS](https://alphavps.com/clients/aff.php?aff=474&pid=422).
### Donations Download the CLI script:
If you want to show your appreciation, you can donate via [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=VBAYDL34Z7J6L) or [cryptocurrency](https://pastebin.com/raw/M2JJpQpC). Thanks!
### Sponsors ```
This project is proudly sponsored by our friends at [FrogeHost](https://froge.host/?utm_source=nyr). wget https://raw.githubusercontent.com/davift/openvpn-install/master/openvpn-cli.sh
chmod +x openvpn-cli.sh
./openvpn-cli.sh
```
For a commercial VPN with strong anti-censorship capabilities (最强翻墙VPN) from $1/month, check out [Clever VPN](https://www.clever-vpn.net/?wg-referral=01LOULuQoi). The CLI script allows you to add and revoke users with a single command or for using with Ansible or Terraform.
```
See examples:
./openvpn-cli.sh add username add a new client
./openvpn-cli.sh revoke username revoke a client
./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email
./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email
```
### Optional
If the new client account is a valid email address, the configuration file is automatically sent, as long as MSMTP is installed and configured.
```
sudo apt install msmtp msmtp-mta -y
sudo nano /etc/msmtprc
```
MSMTP Configuration Example (for Gmail):
```
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account gmail
host smtp.gmail.com
port 587
from username@gmail.com
user username@gmail.com
password password
account default : gmail
```

141
openvpn-cli.sh Normal file
View File

@ -0,0 +1,141 @@
#!/bin/bash
#
# https://github.com/davift/openvpn-install
# firked from https://github.com/Nyr/openvpn-install
#
# Released under the same MIT License.
if [[ ! -e /etc/openvpn/server/server.conf ]]; then
echo 'OpenVPN server is not installed yet.'
echo 'Run the following command first:'
echo
echo ' ./openvpn-install.sh'
echo
exit
fi
# Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then
echo 'This installer needs to be run with "bash", not "sh".'
exit
fi
# Discard stdin. Needed when running from an one-liner which includes a newline
read -N 999999 -t 0.001
# Detect environments where $PATH does not include the sbin directories
if ! grep -q sbin <<< "$PATH"; then
echo '$PATH does not include sbin. Try using "su -" instead of "su".'
exit
fi
if [[ "$EUID" -ne 0 ]]; then
echo "This installer needs to be run with superuser privileges."
exit
fi
option=$1
unsanitized_client=$2
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_@-\.]/_/g' <<< "$unsanitized_client")
if [[ -z "$option" || ( "$option" != "add" && "$option" != "revoke" ) ]]; then
echo 'Invalid option.'
elif [[ -z "$client" ]]; then
echo 'The client name cannto be empty.'
exit 1
fi
case "$option" in
add)
if [[ -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt || -e /etc/openvpn/server/easy-rsa/pki/private/"$client".key ]]; then
echo 'The client already exist.'
exit 1
fi
# Adding
cd /etc/openvpn/server/easy-rsa/
if ./easyrsa --batch --days=3650 build-client-full "$client" nopass &>/dev/null; then
{
cat /etc/openvpn/server/client-common.txt
echo "<ca>"
cat /etc/openvpn/server/easy-rsa/pki/ca.crt
echo "</ca>"
echo "<cert>"
sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt
echo "</cert>"
echo "<key>"
cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key
echo "</key>"
echo "<tls-crypt>"
sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
echo "</tls-crypt>"
} > /root/"$client".ovpn
echo "Client's configuration:" /root/"$client.ovpn"
# Regular expression for a basic email validation
regex="^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]{1,2}+\.[a-zA-Z]{2,10}$"
if [[ $client =~ $regex ]]; then
boundaystring=($(md5sum /root/$client.ovpn))
{
echo "From: davift-canada@gmail.com"
echo "To: $client"
echo "Subject: OpenVPN Client Configuration"
echo "MIME-Version: 1.0"
echo "Content-Type: multipart/mixed; boundary=\"$boundaystring\""
echo ""
echo "--$boundaystring"
echo "Content-Type: text/plain; charset=\"UTF-8\""
echo "Content-Transfer-Encoding: 7bit"
echo ""
echo "Please find attached your OpenVPN client configuration."
echo ""
echo "--$boundaystring"
echo "Content-Type: application/octet-stream; name=\"$client.ovpn\""
echo "Content-Transfer-Encoding: base64"
echo "Content-Disposition: attachment; filename=\"$client.ovpn\""
echo ""
cat /root/$client.ovpn | base64
echo "--$boundaystring--"
echo ""
} > /root/"$client".email
if [[ ! $(which msmtp) ]]; then
echo 'Email NOT sent! MSMTP was not found.'
elif msmtp -a default $client < /root/$client.email; then
echo 'Configuration send via email.'
else
echo 'Email NOT sent! MSMTP failed.'
fi
fi
else
echo 'Certificate conflict.'
exit 1
fi
;;
revoke)
if [[ ! -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; then
echo 'The client does not exist.'
exit 1
fi
if ! tail -n +2 /etc/openvpn/server/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | grep -q "$client"; then
echo 'The client does not exist.'
exit 1
fi
# Revoking
cd /etc/openvpn/server/easy-rsa/
rm pki/reqs/$client.req
./easyrsa --batch revoke "$client" &>/dev/null
./easyrsa --batch --days=3650 gen-crl &>/dev/null
cat /etc/openvpn/server/easy-rsa/pki/crl.pem > /etc/openvpn/server/crl.pem
exit
;;
*)
echo 'See examples:'
echo ''
echo ' ./openvpn-cli.sh add username add a new client'
echo ' ./openvpn-cli.sh revoke username revoke a client'
echo ' ./openvpn-cli.sh add username@domain.com add a new client and send the configuration via email'
echo ' ./openvpn-cli.sh revoke username@domain.com revoke client and send the configuration via email'
echo ''
exit
;;
esac

View File

@ -96,7 +96,7 @@ new_client () {
echo "<tls-crypt>" echo "<tls-crypt>"
sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
echo "</tls-crypt>" echo "</tls-crypt>"
} > ~/"$client".ovpn } > /root/"$client".ovpn
} }
if [[ ! -e /etc/openvpn/server/server.conf ]]; then if [[ ! -e /etc/openvpn/server/server.conf ]]; then
@ -454,7 +454,7 @@ verb 3" > /etc/openvpn/server/client-common.txt
echo echo
echo "Finished!" echo "Finished!"
echo echo
echo "The client configuration is available in:" ~/"$client.ovpn" echo "The client configuration is available in:" /root/"$client.ovpn"
echo "New clients can be added by running this script again." echo "New clients can be added by running this script again."
else else
clear clear
@ -482,11 +482,12 @@ else
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client") client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
done done
cd /etc/openvpn/server/easy-rsa/ cd /etc/openvpn/server/easy-rsa/
rm pki/reqs/$client.req
./easyrsa --batch --days=3650 build-client-full "$client" nopass ./easyrsa --batch --days=3650 build-client-full "$client" nopass
# Generates the custom client.ovpn # Generates the custom client.ovpn
new_client new_client
echo echo
echo "$client added. Configuration available in:" ~/"$client.ovpn" echo "$client added. Configuration available in:" /root/"$client.ovpn"
exit exit
;; ;;
2) 2)