mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-26 06:46:06 +03:00
Code Issues Projects Releases Wiki Activity

Update helper scripts

Browse Source 
- Cleanup and minor improvements to the helper scripts for managing
  VPN users
This commit is contained in:
hwdsl2 2021-03-12 00:07:48 -06:00
parent e48721c669
commit eb8daa3a40
3 changed files with 43 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
extras/add_vpn_user.sh
View File

@ -22,29 +22,24 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist! Error: Your must first set up the IPsec VPN server before adding VPN users.
Your must first set up the VPN server before adding VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF EOF
exit 1 exit 1
fi fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
VPN_USER=$1 VPN_USER=$1
VPN_PASSWORD=$2 VPN_PASSWORD=$2
if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
cat 1>&2 <<EOF cat 1>&2 <<EOF
Usage: sudo sh $0 'username_to_add' 'password_to_add' Usage: sudo sh $0 'username_to_add' 'password'
sudo sh $0 'username_to_update' 'new_password'
EOF EOF
exit 1 exit 1
fi fi
@ -63,11 +58,11 @@ clear
cat <<EOF cat <<EOF
Welcome! This script will add or update an VPN user account Welcome! This script will add or update an VPN user account for both
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec). IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
If the username you specified matches an existing VPN user, If the username you specified already exists, it will be updated
that user will be updated with the new password. with the new password. Otherwise, a new VPN user will be added.
Please double check before continuing! Please double check before continuing!
@ -80,6 +75,9 @@ Password: $VPN_PASSWORD
Write these down. You'll need them to connect! Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================ ================================================
EOF EOF
@ -121,8 +119,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
cat <<'EOF' cat <<'EOF'
Done! Done!
NOTE: All VPN users will share the same IPsec PSK. Note: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets. If you forgot the PSK, check /etc/ipsec.secrets.
EOF EOF

20
extras/del_vpn_user.sh
View File

@ -22,23 +22,15 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist! Error: Your must first set up the IPsec VPN server before deleting VPN users.
Your must first set up the VPN server before deleting VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF EOF
exit 1 exit 1
fi fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
VPN_USER=$1 VPN_USER=$1
if [ -z "$VPN_USER" ]; then if [ -z "$VPN_USER" ]; then
@ -70,7 +62,7 @@ fi
if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \ if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
|| [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then || [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets Error: Could not delete the only VPN user from /etc/ppp/chap-secrets
and/or /etc/ipsec.d/passwd. and/or /etc/ipsec.d/passwd.
EOF EOF
exit 1 exit 1
@ -80,8 +72,8 @@ clear
cat <<EOF cat <<EOF
Welcome! This script will delete an VPN user account Welcome! This script will delete an VPN user account for both
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec). IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
Please double check before continuing! Please double check before continuing!

43
extras/update_vpn_users.sh
View File

@ -24,6 +24,9 @@ YOUR_PASSWORDS=''
# YOUR_USERNAMES='username1 username2' # YOUR_USERNAMES='username1 username2'
# YOUR_PASSWORDS='password1 password2' # YOUR_PASSWORDS='password1 password2'
# WARNING: *ALL* existing VPN users will be removed
# and replaced with the users listed here.
# ===================================================== # =====================================================
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@ -41,30 +44,20 @@ if [ "$(id -u)" != 0 ]; then
exiterr "Script must be run as root. Try 'sudo sh $0'" exiterr "Script must be run as root. Try 'sudo sh $0'"
fi fi
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
|| [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
cat 1>&2 <<'EOF' cat 1>&2 <<'EOF'
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist! Error: Your must first set up the IPsec VPN server before updating VPN users.
Your must first set up the VPN server before updating VPN users.
See: https://github.com/hwdsl2/setup-ipsec-vpn See: https://github.com/hwdsl2/setup-ipsec-vpn
EOF EOF
exit 1 exit 1
fi fi
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."
cat 1>&2 <<'EOF'
Error: This script can only be used with VPN servers created using:
https://github.com/hwdsl2/setup-ipsec-vpn
EOF
exit 1
fi
[ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES" [ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES"
[ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS" [ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS"
if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi
VPN_USERS=$(noquotes "$VPN_USERS") VPN_USERS=$(noquotes "$VPN_USERS")
VPN_USERS=$(onespace "$VPN_USERS") VPN_USERS=$(onespace "$VPN_USERS")
VPN_USERS=$(noquotes2 "$VPN_USERS") VPN_USERS=$(noquotes2 "$VPN_USERS")
@ -72,6 +65,10 @@ VPN_PASSWORDS=$(noquotes "$VPN_PASSWORDS")
VPN_PASSWORDS=$(onespace "$VPN_PASSWORDS") VPN_PASSWORDS=$(onespace "$VPN_PASSWORDS")
VPN_PASSWORDS=$(noquotes2 "$VPN_PASSWORDS") VPN_PASSWORDS=$(noquotes2 "$VPN_PASSWORDS")
if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
fi
if printf '%s' "$VPN_USERS $VPN_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then if printf '%s' "$VPN_USERS $VPN_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then
exiterr "VPN credentials must not contain non-ASCII characters." exiterr "VPN credentials must not contain non-ASCII characters."
fi fi
@ -90,12 +87,13 @@ clear
cat <<'EOF' cat <<'EOF'
Welcome! This script will update VPN user accounts Welcome! This script will update VPN user accounts for both
for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec). IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
WARNING: ALL existing VPN users will be removed WARNING: *ALL* existing VPN users will be removed and replaced
and replaced with the users listed below. with the users listed below.
Please double check before continuing!
Please double check before continuing!
================================================== ==================================================
@ -119,6 +117,9 @@ cat <<'EOF'
Write these down. You'll need them to connect! Write these down. You'll need them to connect!
Important notes: https://git.io/vpnnotes
Setup VPN clients: https://git.io/vpnclients
================================================== ==================================================
EOF EOF
@ -165,8 +166,8 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
cat <<'EOF' cat <<'EOF'
Done! Done!
NOTE: All VPN users will share the same IPsec PSK. Note: All VPN users will share the same IPsec PSK.
If you forgot the PSK, check /etc/ipsec.secrets. If you forgot the PSK, check /etc/ipsec.secrets.
EOF EOF