From eb8daa3a4051170d5851ef6c7826a294b635672c Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Fri, 12 Mar 2021 00:07:48 -0600
Subject: [PATCH] Update helper scripts

- Cleanup and minor improvements to the helper scripts for managing
  VPN users
---
 extras/add_vpn_user.sh     | 32 +++++++++++++---------------
 extras/del_vpn_user.sh     | 20 ++++++------------
 extras/update_vpn_users.sh | 43 +++++++++++++++++++-------------------
 3 files changed, 43 insertions(+), 52 deletions(-)

diff --git a/extras/add_vpn_user.sh b/extras/add_vpn_user.sh
index 51fd065..8e77c97 100755
--- a/extras/add_vpn_user.sh
+++ b/extras/add_vpn_user.sh
@@ -22,29 +22,24 @@ if [ "$(id -u)" != 0 ]; then
   exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi
 
-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before adding VPN users.
+Error: Your must first set up the IPsec VPN server before adding VPN users.
        See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
   exit 1
 fi
 
-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
+command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
 
 VPN_USER=$1
 VPN_PASSWORD=$2
 
 if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
 cat 1>&2 <<EOF
-Usage: sudo sh $0 'username_to_add' 'password_to_add'
+Usage: sudo sh $0 'username_to_add' 'password'
+       sudo sh $0 'username_to_update' 'new_password'
 EOF
   exit 1
 fi
@@ -63,11 +58,11 @@ clear
 
 cat <<EOF
 
-Welcome! This script will add or update an VPN user account
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will add or update an VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
 
-If the username you specified matches an existing VPN user,
-that user will be updated with the new password.
+If the username you specified already exists, it will be updated
+with the new password. Otherwise, a new VPN user will be added.
 
 Please double check before continuing!
 
@@ -80,6 +75,9 @@ Password: $VPN_PASSWORD
 
 Write these down. You'll need them to connect!
 
+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
+
 ================================================
 
 EOF
@@ -121,8 +119,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 cat <<'EOF'
 Done!
 
-NOTE: All VPN users will share the same IPsec PSK.
-  If you forgot the PSK, check /etc/ipsec.secrets.
+Note: All VPN users will share the same IPsec PSK.
+      If you forgot the PSK, check /etc/ipsec.secrets.
 
 EOF
 
diff --git a/extras/del_vpn_user.sh b/extras/del_vpn_user.sh
index 47f65b5..9bacc79 100755
--- a/extras/del_vpn_user.sh
+++ b/extras/del_vpn_user.sh
@@ -22,23 +22,15 @@ if [ "$(id -u)" != 0 ]; then
   exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi
 
-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before deleting VPN users.
+Error: Your must first set up the IPsec VPN server before deleting VPN users.
        See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
   exit 1
 fi
 
-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
-
 VPN_USER=$1
 
 if [ -z "$VPN_USER" ]; then
@@ -70,7 +62,7 @@ fi
 if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
   || [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
 cat 1>&2 <<'EOF'
-Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
+Error: Could not delete the only VPN user from /etc/ppp/chap-secrets
        and/or /etc/ipsec.d/passwd.
 EOF
   exit 1
@@ -80,8 +72,8 @@ clear
 
 cat <<EOF
 
-Welcome! This script will delete an VPN user account
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will delete an VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
 
 Please double check before continuing!
 
diff --git a/extras/update_vpn_users.sh b/extras/update_vpn_users.sh
index 9d77fd1..4f6b3fa 100755
--- a/extras/update_vpn_users.sh
+++ b/extras/update_vpn_users.sh
@@ -24,6 +24,9 @@ YOUR_PASSWORDS=''
 # YOUR_USERNAMES='username1 username2'
 # YOUR_PASSWORDS='password1 password2'
 
+# WARNING: *ALL* existing VPN users will be removed
+#          and replaced with the users listed here.
+
 # =====================================================
 
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -41,30 +44,20 @@ if [ "$(id -u)" != 0 ]; then
   exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi
 
-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before updating VPN users.
+Error: Your must first set up the IPsec VPN server before updating VPN users.
        See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
   exit 1
 fi
 
-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
+command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
 
 [ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES"
 [ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS"
 
-if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
-  exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
-fi
-
 VPN_USERS=$(noquotes "$VPN_USERS")
 VPN_USERS=$(onespace "$VPN_USERS")
 VPN_USERS=$(noquotes2 "$VPN_USERS")
@@ -72,6 +65,10 @@ VPN_PASSWORDS=$(noquotes "$VPN_PASSWORDS")
 VPN_PASSWORDS=$(onespace "$VPN_PASSWORDS")
 VPN_PASSWORDS=$(noquotes2 "$VPN_PASSWORDS")
 
+if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
+  exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
+fi
+
 if printf '%s' "$VPN_USERS $VPN_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then
   exiterr "VPN credentials must not contain non-ASCII characters."
 fi
@@ -90,12 +87,13 @@ clear
 
 cat <<'EOF'
 
-Welcome! This script will update VPN user accounts
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will update VPN user accounts for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
 
-WARNING: ALL existing VPN users will be removed
-  and replaced with the users listed below.
-  Please double check before continuing!
+WARNING: *ALL* existing VPN users will be removed and replaced
+         with the users listed below.
+
+Please double check before continuing!
 
 ==================================================
 
@@ -119,6 +117,9 @@ cat <<'EOF'
 
 Write these down. You'll need them to connect!
 
+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
+
 ==================================================
 
 EOF
@@ -165,8 +166,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 cat <<'EOF'
 Done!
 
-NOTE: All VPN users will share the same IPsec PSK.
-  If you forgot the PSK, check /etc/ipsec.secrets.
+Note: All VPN users will share the same IPsec PSK.
+      If you forgot the PSK, check /etc/ipsec.secrets.
 
 EOF