1
0
mirror of synced 2024-11-25 22:36:04 +03:00

Update helper scripts

- Cleanup and minor improvements to the helper scripts for managing
  VPN users
This commit is contained in:
hwdsl2 2021-03-12 00:07:48 -06:00
parent e48721c669
commit eb8daa3a40
3 changed files with 43 additions and 52 deletions

View File

@ -22,29 +22,24 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'"
fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
Your must first set up the VPN server before adding VPN users.
Error: Your must first set up the IPsec VPN server before adding VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
VPN_USER=$1
VPN_PASSWORD=$2
if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
cat 1>&2 <<EOF
Usage: sudo sh $0 'username_to_add' 'password_to_add'
Usage: sudo sh $0 'username_to_add' 'password'
sudo sh $0 'username_to_update' 'new_password'
EOF
exit 1
fi
@ -63,11 +58,11 @@ clear
cat <<EOF
Welcome! This script will add or update an VPN user account
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
Welcome! This script will add or update an VPN user account for both
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
If the username you specified matches an existing VPN user,
that user will be updated with the new password.
If the username you specified already exists, it will be updated
with the new password. Otherwise, a new VPN user will be added.
Please double check before continuing!
@ -80,6 +75,9 @@ Password: $VPN_PASSWORD
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================
EOF
@ -121,8 +119,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
cat <<'EOF'
Done!
NOTE: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets.
Note: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets.
EOF

View File

@ -22,23 +22,15 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'"
fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
Your must first set up the VPN server before deleting VPN users.
Error: Your must first set up the IPsec VPN server before deleting VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
VPN_USER=$1
if [ -z "$VPN_USER" ]; then
@ -70,7 +62,7 @@ fi
if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
|| [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
cat 1>&2 <<'EOF'
Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
Error: Could not delete the only VPN user from /etc/ppp/chap-secrets
and/or /etc/ipsec.d/passwd.
EOF
exit 1
@ -80,8 +72,8 @@ clear
cat <<EOF
Welcome! This script will delete an VPN user account
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
Welcome! This script will delete an VPN user account for both
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
Please double check before continuing!

View File

@ -24,6 +24,9 @@ YOUR_PASSWORDS=''
# YOUR_USERNAMES='username1 username2'
# YOUR_PASSWORDS='password1 password2'
# WARNING: *ALL* existing VPN users will be removed
# and replaced with the users listed here.
# =====================================================
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@ -41,30 +44,20 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'"
fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
Your must first set up the VPN server before updating VPN users.
Error: Your must first set up the IPsec VPN server before updating VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
[ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES"
[ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS"
if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi
VPN_USERS=$(noquotes "$VPN_USERS")
VPN_USERS=$(onespace "$VPN_USERS")
VPN_USERS=$(noquotes2 "$VPN_USERS")
@ -72,6 +65,10 @@ VPN_PASSWORDS=$(noquotes "$VPN_PASSWORDS")
VPN_PASSWORDS=$(onespace "$VPN_PASSWORDS")
VPN_PASSWORDS=$(noquotes2 "$VPN_PASSWORDS")
if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi
if printf '%s' "$VPN_USERS $VPN_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters."
fi
@ -90,12 +87,13 @@ clear
cat <<'EOF'
Welcome! This script will update VPN user accounts
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
Welcome! This script will update VPN user accounts for both
IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
WARNING: ALL existing VPN users will be removed
and replaced with the users listed below.
Please double check before continuing!
WARNING: *ALL* existing VPN users will be removed and replaced
with the users listed below.
Please double check before continuing!
==================================================
@ -119,6 +117,9 @@ cat <<'EOF'
Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
==================================================
EOF
@ -165,8 +166,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
cat <<'EOF'
Done!
NOTE: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets.
Note: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets.
EOF