Update helper scripts

- Cleanup and minor improvements to the helper scripts for managing VPN users
2024-11-26 06:46:06 +03:00 · 2021-03-12 00:07:48 -06:00 · 2021-03-12 00:07:48 -06:00 · eb8daa3a40
commit eb8daa3a40
parent e48721c669
3 changed files with 43 additions and 52 deletions
--- a/extras/add_vpn_user.sh
+++ b/extras/add_vpn_user.sh
@ -22,29 +22,24 @@ if [ "$(id -u)" != 0 ]; then
  exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi

-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before adding VPN users.
+Error: Your must first set up the IPsec VPN server before adding VPN users.
       See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
  exit 1
 fi

-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
+command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."

 VPN_USER=$1
 VPN_PASSWORD=$2

 if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then
 cat 1>&2 <<EOF
-Usage: sudo sh $0 'username_to_add' 'password_to_add'
+Usage: sudo sh $0 'username_to_add' 'password'
+       sudo sh $0 'username_to_update' 'new_password'
 EOF
  exit 1
 fi
@ -63,11 +58,11 @@ clear

 cat <<EOF

-Welcome! This script will add or update an VPN user account
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will add or update an VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.

-If the username you specified matches an existing VPN user,
-that user will be updated with the new password.
+If the username you specified already exists, it will be updated
+with the new password. Otherwise, a new VPN user will be added.

 Please double check before continuing!

@ -80,6 +75,9 @@ Password: $VPN_PASSWORD

 Write these down. You'll need them to connect!

+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
+
 ================================================

 EOF
@ -121,7 +119,7 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 cat <<'EOF'
 Done!

-NOTE: All VPN users will share the same IPsec PSK.
+Note: All VPN users will share the same IPsec PSK.
      If you forgot the PSK, check /etc/ipsec.secrets.

 EOF
--- a/extras/del_vpn_user.sh
+++ b/extras/del_vpn_user.sh
@ -22,23 +22,15 @@ if [ "$(id -u)" != 0 ]; then
  exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi

-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before deleting VPN users.
+Error: Your must first set up the IPsec VPN server before deleting VPN users.
       See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
  exit 1
 fi

-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
-
 VPN_USER=$1

 if [ -z "$VPN_USER" ]; then
@ -70,7 +62,7 @@ fi
 if [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ppp/chap-secrets)" = "1" ] \
  || [ "$(grep -c -v -e '^#' -e '^[[:space:]]*$' /etc/ipsec.d/passwd)" = "1" ]; then
 cat 1>&2 <<'EOF'
-Error: Cannot delete the only VPN user from /etc/ppp/chap-secrets
+Error: Could not delete the only VPN user from /etc/ppp/chap-secrets
       and/or /etc/ipsec.d/passwd.
 EOF
  exit 1
@ -80,8 +72,8 @@ clear

 cat <<EOF

-Welcome! This script will delete an VPN user account
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will delete an VPN user account for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.

 Please double check before continuing!

--- a/extras/update_vpn_users.sh
+++ b/extras/update_vpn_users.sh
@ -24,6 +24,9 @@ YOUR_PASSWORDS=''
 # YOUR_USERNAMES='username1 username2'
 # YOUR_PASSWORDS='password1 password2'

+# WARNING: *ALL* existing VPN users will be removed
+#          and replaced with the users listed here.
+
 # =====================================================

 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@ -41,30 +44,20 @@ if [ "$(id -u)" != 0 ]; then
  exiterr "Script must be run as root. Try 'sudo sh $0'"
 fi

-if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then
+if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf \
+  || [ ! -f /etc/ppp/chap-secrets ] || [ ! -f /etc/ipsec.d/passwd ]; then
 cat 1>&2 <<'EOF'
-Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist!
-       Your must first set up the VPN server before updating VPN users.
+Error: Your must first set up the IPsec VPN server before updating VPN users.
       See: https://github.com/hwdsl2/setup-ipsec-vpn
 EOF
  exit 1
 fi

-if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then
-cat 1>&2 <<'EOF'
-Error: This script can only be used with VPN servers created using:
-       https://github.com/hwdsl2/setup-ipsec-vpn
-EOF
-  exit 1
-fi
+command -v openssl >/dev/null 2>&1 || exiterr "'openssl' not found. Abort."

 [ -n "$YOUR_USERNAMES" ] && VPN_USERS="$YOUR_USERNAMES"
 [ -n "$YOUR_PASSWORDS" ] && VPN_PASSWORDS="$YOUR_PASSWORDS"

-if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
-  exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
-fi
-
 VPN_USERS=$(noquotes "$VPN_USERS")
 VPN_USERS=$(onespace "$VPN_USERS")
 VPN_USERS=$(noquotes2 "$VPN_USERS")
@ -72,6 +65,10 @@ VPN_PASSWORDS=$(noquotes "$VPN_PASSWORDS")
 VPN_PASSWORDS=$(onespace "$VPN_PASSWORDS")
 VPN_PASSWORDS=$(noquotes2 "$VPN_PASSWORDS")

+if [ -z "$VPN_USERS" ] || [ -z "$VPN_PASSWORDS" ]; then
+  exiterr "All VPN credentials must be specified. Edit the script and re-enter them."
+fi
+
 if printf '%s' "$VPN_USERS $VPN_PASSWORDS" | LC_ALL=C grep -q '[^ -~]\+'; then
  exiterr "VPN credentials must not contain non-ASCII characters."
 fi
@ -90,11 +87,12 @@ clear

 cat <<'EOF'

-Welcome! This script will update VPN user accounts
-for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec).
+Welcome! This script will update VPN user accounts for both
+IPsec/L2TP and IPsec/XAuth ("Cisco IPsec") modes.
+
+WARNING: *ALL* existing VPN users will be removed and replaced
+         with the users listed below.

-WARNING: ALL existing VPN users will be removed
-  and replaced with the users listed below.
 Please double check before continuing!

 ==================================================
@ -119,6 +117,9 @@ cat <<'EOF'

 Write these down. You'll need them to connect!

+Important notes:   https://git.io/vpnnotes
+Setup VPN clients: https://git.io/vpnclients
+
 ==================================================

 EOF
@ -165,7 +166,7 @@ chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
 cat <<'EOF'
 Done!

-NOTE: All VPN users will share the same IPsec PSK.
+Note: All VPN users will share the same IPsec PSK.
      If you forgot the PSK, check /etc/ipsec.secrets.

 EOF