pavel.muhortov/openvpn-management
1
0
Fork 0
generated from pavel.muhortov/template-bash
Code Issues Pull Requests Projects Releases Wiki Activity

improved execution logic

Browse Source
This commit is contained in:
Pavel Muhortov 2024-01-05 19:16:11 +03:00
parent f5800dcc7e
commit 4e6d369329
1 changed files with 82 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
ovpn-client-management.sh
View File

@ -44,7 +44,7 @@ addtologs() {
#######################################
execquite() {
addtologs "execution time is $(($(date +%s)-time)) seconds, exit"
exit
exit "${1}"
}
#######################################
@ -56,7 +56,7 @@ execquite() {
#######################################
execerror() {
addtologs "error: $1"
execquite
execquite 1
}
#######################################
@ -115,8 +115,14 @@ checkroot() {
# None
#######################################
createuser() {
if ! id -u "${clientname}" >/dev/null 2>&1; then
useradd "${clientname}" --shell /sbin/nologin
addtologs "created Linux user '${clientname}'"
else
addtologs "${clientname} Linux user exists, create skipped"
fi
printf "%s\n" "${clientname}:${clientpass}" | chpasswd
addtologs "changed '${clientname}' user password"
}
#######################################
@ -133,11 +139,18 @@ createuser() {
#######################################
# shellcheck disable=SC2016
createcert() {
if ! grep -w "${clientname}" ${easyrsaidx} | grep "^V" > /dev/null 2>&1; then
(
cd "${easyrsadir}" || execerror ""
sed -i -e '$aset_var EASYRSA_REQ_CN '"${clientname}"'' "${easyrsavar}"
# ${easyrsaexe} --passout=pass:"${clientpass}" --passin=pass:${easyrsacap} build-client-full "${clientname}"
${easyrsaexe} --passin=pass:"${easyrsacap}" build-client-full "${clientname}" nopass
sed -i '/EASYRSA_REQ_CN/d' "${easyrsavar}"
) > /dev/null 2>&1
addtologs "created ${clientname} easyrsa certificate"
else
addtologs "${clientname} certificate exists, create skipped"
fi
}
#######################################
@ -159,6 +172,7 @@ createovpn() {
printf "%s\n" "<key>" "$(cat "${easyrsadir}/pki/private/${clientname}.key")" "</key>"
printf "%s\n" "<tls-auth>" "$(cat "${easyrsadir}/pki/private/ta.key")" "</tls-auth>"
} >> "${ovpncfgdir}/${clientname}.ovpn"
addtologs "created ${clientname} ovpn config file"
}
#######################################
@ -179,6 +193,7 @@ createtars() {
} >> "${ovpncfgdir}/vpn.txt"
cd "${ovpncfgdir}" || execerror ""
tar cf "${clientname}.tar" --remove-files vpn.cnf vpn.txt
addtologs "created ${clientname} tar with config file"
}
#######################################
@ -194,7 +209,6 @@ createtars() {
createinfo() {
cd "${easyrsadir}" || execerror ""
validuntil=$(${easyrsaexe} show-cert "${clientname}" | grep "Not After" | cut -d: -f2-)
faqprofile=$(printf "%s\n" \
"OpenVPN Connect client:" \
"https://openvpn.net/client/" \
@ -207,8 +221,8 @@ createinfo() {
"User Password: \`${clientpass}\`" \
"Time Expired: ${validuntil}"
)
printf "%s\n" "${faqprofile}" > "${ovpncfgdir}/${clientname}.info"
addtologs "created ${clientname} info file"
}
#######################################
@ -237,9 +251,8 @@ startsendmail() {
--stls "True" \
--subj "${subj}" \
--text "$(printf "%s\n" "${faqprofile}" | sed 's|`||g')" \
--file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar" \
>> /dev/null 2>&1 &
)
--file "${ovpncfgdir}/${clientname}.ovpn,${ovpncfgdir}/${clientname}.tar"
) > /dev/null 2>&1
addtologs "sent mail with subject '${subj}' to ${dest}"
}
@ -268,12 +281,11 @@ startsendtlgm() {
API_URL="${API_URL}&message_thread_id=${THRD_ID}"
fi
curl -s -o /dev/null \
curl "${API_URL}" \
-F "media=[{\"type\": \"document\", \"media\": \"attach://ovpn\", \"caption\": \"${faqprofile}\", \"parse_mode\": \"Markdown\"}, {\"type\": \"document\", \"media\": \"attach://tars\" }]" \
-F "ovpn=@${ovpncfgdir}/${clientname}.ovpn" \
-F "tars=@${ovpncfgdir}/${clientname}.tar" \
"${API_URL}"
)
-F "tars=@${ovpncfgdir}/${clientname}.tar"
) > /dev/null 2>&1
addtologs "sent telegram media with ${clientname}.ovpn client profile to ${CHAT_ID}"
}
@ -285,7 +297,14 @@ startsendtlgm() {
# None
#######################################
deleteuser() {
if id -u "${clientname}" > /dev/null 2>&1; then
(
userdel -f -r "${clientname}"
) > /dev/null 2>&1
addtologs "deleted Linux user '${clientname}'"
else
addtologs "${clientname} Linux user does not exist, delete skipped"
fi
}
#######################################
@ -300,9 +319,16 @@ deleteuser() {
# None
#######################################
deletecert() {
if grep -w "${clientname}" ${easyrsaidx} > /dev/null 2>&1; then
(
cd "${easyrsadir}" || execerror
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" revoke "${clientname}"
${easyrsaexe} --batch --passin=pass:"${easyrsacap}" gen-crl
) > /dev/null 2>&1
addtologs "revoked ${clientname} easyrsa certificate"
else
addtologs "${clientname} certificate does not exist, revoke skipped"
fi
}
#######################################
@ -314,7 +340,12 @@ deletecert() {
# None
#######################################
deleteovpn() {
if [ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
rm -f "${ovpncfgdir}/${clientname}.ovpn"
addtologs "deleted ${clientname} ovpn config file"
else
addtologs "${clientname} ovpn config does not exist, delete skipped"
fi
}
#######################################
@ -326,7 +357,12 @@ deleteovpn() {
# None
#######################################
deletetars() {
if [ -e "${ovpncfgdir}/${clientname}.tar" ]; then
rm -f "${ovpncfgdir}/${clientname}.tar"
addtologs "deleted ${clientname} tar with config"
else
addtologs "${clientname} tar does not exist, delete skipped"
fi
}
#######################################
@ -338,7 +374,12 @@ deletetars() {
# None
#######################################
deleteinfo() {
if [ -e "${ovpncfgdir}/${clientname}.info" ]; then
rm -f "${ovpncfgdir}/${clientname}.info"
addtologs "deleted ${clientname} info file"
else
addtologs "${clientname} info file does not exist, delete skipped"
fi
}
#
@ -373,36 +414,24 @@ if checkroot; then
if [ "${clienttodo}" == "add" ] && \
[ -n "${clientname}" ] && \
[ "${#clientpass}" -ge 8 ]; then
if id -u "${clientname}" >/dev/null 2>&1 || \
grep -w "${clientname}" ${easyrsaidx} || \
[ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
execerror "linux user or certificate or ovpn config exist, exit"
else
createuser && addtologs "created Linux user '${clientname}'"
createcert && addtologs "created certificate for ${clientname}"
createovpn && addtologs "created ovpn config file for ${clientname}"
createtars && addtologs "created tar with config file for ${clientname}"
createinfo && addtologs "created info file for ${clientname}"
createuser
createcert
createovpn
createtars
createinfo
startsendmail
startsendtlgm
fi
elif [ "${clienttodo}" == "del" ] && [ -n "${clientname}" ]; then
if id -u "${clientname}" >/dev/null 2>&1 || \
grep -w "${clientname}" ${easyrsaidx} || \
[ -e "${ovpncfgdir}/${clientname}.ovpn" ]; then
elif [ "${clienttodo}" == "del" ] && \
[ -n "${clientname}" ]; then
deleteuser
addtologs "deleted Linux user '${clientname}'"
deletecert && addtologs "deleted certificate for ${clientname}"
deleteovpn && addtologs "deleted ovpn config file for ${clientname}"
deletetars && addtologs "deleted tar with config file for ${clientname}"
deleteinfo && addtologs "deleted info file for ${clientname}"
deletecert
deleteovpn
deletetars
deleteinfo
if [ "${resetforce}" -eq 1 ];then
addtologs "restarting openvpn@server..."
systemctl restart openvpn@server
fi
else
execerror "linux user and certificate and ovpn config not exist, exit"
fi
else
printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)'"
printf "%s\n" "Usage example: $0 'add' 'username(surname)' 'password(not less 8 symbols)' 'additional client description'"
@ -412,4 +441,4 @@ if checkroot; then
else
execerror "Restart this as root!"
fi
execquite
execquite 0