2017-03-20 06:10:49 +03:00
# Manage VPN Users
2016-06-08 04:10:57 +03:00
2022-01-23 00:34:38 +03:00
*Read this in other languages: [English ](manage-users.md ), [简体中文 ](manage-users-zh.md ).*
2016-06-08 04:10:57 +03:00
2021-06-04 22:48:19 +03:00
By default, a single user account for VPN login is created. If you wish to view or manage users for the IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes, read this document. For IKEv2, see [Manage client certificates ](ikev2-howto.md#manage-client-certificates ).
2016-06-08 04:10:57 +03:00
2021-06-06 23:27:56 +03:00
* [Manage VPN users using helper scripts ](#manage-vpn-users-using-helper-scripts )
2022-03-15 06:13:10 +03:00
* [View VPN users ](#view-vpn-users )
* [View or update the IPsec PSK ](#view-or-update-the-ipsec-psk )
2021-06-06 23:27:56 +03:00
* [Manually manage VPN users ](#manually-manage-vpn-users )
2018-11-22 11:46:28 +03:00
2020-12-07 10:11:23 +03:00
## Manage VPN users using helper scripts
2022-03-15 06:13:10 +03:00
*Read this in other languages: [English ](manage-users.md#manage-vpn-users-using-helper-scripts ), [简体中文 ](manage-users-zh.md#使用辅助脚本管理-vpn-用户 ).*
2022-03-13 23:42:04 +03:00
You may use helper scripts to [add ](../extras/add_vpn_user.sh ), [delete ](../extras/del_vpn_user.sh ) or [update all ](../extras/update_vpn_users.sh ) VPN users for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes. For IKEv2 mode, please instead see [Manage client certificates ](ikev2-howto.md#manage-client-certificates ).
2016-06-08 04:10:57 +03:00
2022-03-13 23:42:04 +03:00
**Note:** Replace command arguments below with your own values. VPN users are stored in `/etc/ppp/chap-secrets` and `/etc/ipsec.d/passwd` . The scripts will backup these files before making changes, with `.old-date-time` suffix.
2016-06-08 04:10:57 +03:00
2018-11-23 20:52:38 +03:00
### Add or edit a VPN user
2020-12-07 10:11:23 +03:00
Add a new VPN user, or update an existing VPN user with a new password.
2016-06-08 04:10:57 +03:00
2022-03-13 23:42:04 +03:00
Run the script and follow the prompts:
```bash
sudo addvpnuser.sh
```
< details >
< summary >
Error: "sudo: addvpnuser.sh: command not found".
< / summary >
This is normal if you used an older version of the VPN setup script. First, download the helper script:
2016-06-08 04:10:57 +03:00
```bash
2022-03-13 23:42:04 +03:00
wget -nv -O /opt/src/addvpnuser.sh https://bit.ly/addvpnuser
chmod +x /opt/src/addvpnuser.sh & & ln -s /opt/src/addvpnuser.sh /usr/bin
2018-11-23 09:21:47 +03:00
```
2022-03-13 23:42:04 +03:00
Then run the script using the instructions.
< / details >
2021-12-31 01:03:25 +03:00
Alternatively, you can run the script with arguments:
2018-11-23 09:21:47 +03:00
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
2022-03-13 23:42:04 +03:00
sudo addvpnuser.sh 'username_to_add' 'password'
2020-12-07 10:11:23 +03:00
# OR
2022-03-13 23:42:04 +03:00
sudo addvpnuser.sh 'username_to_update' 'new_password'
2016-06-08 04:10:57 +03:00
```
2018-11-23 01:49:56 +03:00
### Delete a VPN user
2016-06-08 04:10:57 +03:00
2018-11-23 01:49:56 +03:00
Delete the specified VPN user.
2016-06-08 04:10:57 +03:00
2022-03-13 23:42:04 +03:00
Run the script and follow the prompts:
2016-06-08 04:10:57 +03:00
```bash
2022-03-13 23:42:04 +03:00
sudo delvpnuser.sh
2018-11-23 09:21:47 +03:00
```
2022-03-13 23:42:04 +03:00
< details >
< summary >
Error: "sudo: delvpnuser.sh: command not found".
< / summary >
This is normal if you used an older version of the VPN setup script. First, download the helper script:
```bash
wget -nv -O /opt/src/delvpnuser.sh https://bit.ly/delvpnuser
chmod +x /opt/src/delvpnuser.sh & & ln -s /opt/src/delvpnuser.sh /usr/bin
```
Then run the script using the instructions.
< / details >
2021-12-31 01:03:25 +03:00
Alternatively, you can run the script with arguments:
2018-11-23 09:21:47 +03:00
```bash
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
2022-03-13 23:42:04 +03:00
sudo delvpnuser.sh 'username_to_delete'
2016-06-08 04:10:57 +03:00
```
2018-11-23 01:49:56 +03:00
### Update all VPN users
2016-06-08 04:10:57 +03:00
2018-11-23 01:49:56 +03:00
Remove all existing VPN users and replace with the list of users you specify.
2018-11-22 11:46:28 +03:00
2022-03-13 23:42:04 +03:00
First, download the script:
2018-11-22 11:46:28 +03:00
```bash
2022-03-13 23:42:04 +03:00
wget -nv -O updatevpnusers.sh https://bit.ly/updatevpnusers
2018-11-22 11:46:28 +03:00
```
2018-11-23 01:49:56 +03:00
To use this script, choose one of the following options:
2018-11-22 11:46:28 +03:00
2018-11-23 01:49:56 +03:00
**Important:** This script will remove **ALL** existing VPN users and replace them with the list of users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below.
2018-11-22 11:46:28 +03:00
**Option 1:** Edit the script and enter VPN user details:
```bash
2022-03-13 23:42:04 +03:00
nano -w updatevpnusers.sh
2018-11-22 11:46:28 +03:00
[Replace with your own values: YOUR_USERNAMES and YOUR_PASSWORDS]
2022-03-13 23:42:04 +03:00
sudo bash updatevpnusers.sh
2018-11-22 11:46:28 +03:00
```
**Option 2:** Define VPN user details as environment variables:
```bash
# List of VPN usernames and passwords, separated by spaces
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
sudo \
VPN_USERS='username1 username2 ...' \
VPN_PASSWORDS='password1 password2 ...' \
2022-03-13 23:42:04 +03:00
bash updatevpnusers.sh
2018-11-22 11:46:28 +03:00
```
2018-11-23 01:49:56 +03:00
2022-03-15 06:13:10 +03:00
## View VPN users
By default, the VPN setup scripts will create the same VPN user for both IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
For IPsec/L2TP, VPN users are specified in `/etc/ppp/chap-secrets` . The format of this file is:
```bash
"username1" l2tpd "password1" *
"username2" l2tpd "password2" *
... ...
```
For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in `/etc/ipsec.d/passwd` . Passwords in this file are salted and hashed. See [Manually manage VPN users ](#manually-manage-vpn-users ) for more details.
## View or update the IPsec PSK
The IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets` . All VPN users will share the same IPsec PSK. The format of this file is:
```bash
%any %any : PSK "your_ipsec_pre_shared_key"
```
To change to a new PSK, just edit this file. DO NOT use these special characters within values: `\ " '`
You must restart services when finished:
```bash
service ipsec restart
service xl2tpd restart
```
2020-12-07 10:11:23 +03:00
## Manually manage VPN users
2018-11-23 01:49:56 +03:00
2021-06-04 22:48:19 +03:00
For IPsec/L2TP, VPN users are specified in `/etc/ppp/chap-secrets` . The format of this file is:
2018-11-23 01:49:56 +03:00
```bash
2018-11-23 20:52:38 +03:00
"username1" l2tpd "password1" *
"username2" l2tpd "password2" *
2018-11-23 01:49:56 +03:00
... ...
```
You can add more users, use one line for each user. DO NOT use these special characters within values: `\ " '`
2021-06-04 22:48:19 +03:00
For IPsec/XAuth ("Cisco IPsec"), VPN users are specified in `/etc/ipsec.d/passwd` . The format of this file is:
2018-11-23 01:49:56 +03:00
```bash
2018-11-23 20:52:38 +03:00
username1:password1hashed:xauth-psk
username2:password2hashed:xauth-psk
2018-11-23 01:49:56 +03:00
... ...
```
Passwords in this file are salted and hashed. This step can be done using e.g. the `openssl` utility:
```bash
2018-11-23 20:52:38 +03:00
# The output will be password1hashed
# Put your password inside 'single quotes'
openssl passwd -1 'password1'
2018-11-23 01:49:56 +03:00
```
2021-03-29 23:05:45 +03:00
## License
2022-01-02 09:09:03 +03:00
Copyright (C) 2016-2022 [Lin Song ](https://github.com/hwdsl2 ) [](https://www.linkedin.com/in/linsongui)
2021-03-29 23:05:45 +03:00
2021-06-05 01:27:21 +03:00
[](http://creativecommons.org/licenses/by-sa/3.0/)
This work is licensed under the [Creative Commons Attribution-ShareAlike 3.0 Unported License ](http://creativecommons.org/licenses/by-sa/3.0/ )
2021-03-29 23:05:45 +03:00
Attribution required: please include my name in any derivative and let me know how you have improved it!
