search

angristan / openvpn-install

Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
https://stanislas.blog
MIT License
13.28k stars 2.91k forks source link

Idea: Delete user by name (headless) #552

Open marktopper opened 4 years ago

marktopper commented 4 years ago

It would be nice if the script allowed headlessly deletion of users by name. Maybe like MENU_OPTION=2 CLIENT="foo" ./openvpn-install.sh

For now I just do this:

CLIENT="foo"
cd /etc/openvpn/easy-rsa/ || return
./easyrsa --batch revoke "$CLIENT"
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Cleanup
rm -f "pki/reqs/$CLIENT.req"
rm -f "pki/private/$CLIENT.key"
rm -f "pki/issued/$CLIENT.crt"
rm -f /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem
find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
rm -f "/root/$CLIENT.ovpn"
sed -i "s|^$CLIENT,.*||" /etc/openvpn/ipp.txt
echo ""
echo "Certificate for client $CLIENT revoked."
cd ~

But it would be better to have this within this script to ensure stability with future updates.

brnl commented 4 years ago

Yes, such feature would also fix https://github.com/dumrauf/openvpn-terraform-install/issues/1 in the update-users.sh script, which now hangs on the numeric selection menu.

Thanks for your script, by the way, will try that out as a workaround!

randshell commented 4 years ago

Duplicate of #486. It has PR attached too. @angristan

luft-mensch commented 1 year ago

We can modify the manageMenu method in openvpn-install. sh to solve this problem

function manageMenu() {
    echo "Welcome to OpenVPN-install!"
    echo "The git repository is available at: https://github.com/angristan/openvpn-install"
    echo ""
    echo "It looks like OpenVPN is already installed."
    echo ""
    echo "What do you want to do?"
    echo "   1) Add a new user"
    echo "   2) Revoke existing user"
  echo "   3) Revoke existing user by name"
  echo "   4) Remove OpenVPN"
    echo "   5) Exit"
    until [[ $MENU_OPTION =~ ^[1-5]$ ]]; do
        read -rp "Select an option [1-5]: " MENU_OPTION
    done
    case $MENU_OPTION in
    1)
        newClient
        ;;
    2)
        revokeClient
        ;;
    3)
        revokeClientByName
        ;;
    4)
    removeOpenVPN
    ;;
    5)
        exit 0
        ;;
    esac
}

Add a method to delete clients by name

function revokeClientByName() {
  # Define an empty array
  clientNames=()

  # Extract valid client names and add them to the array
  while read -r line; do
      clientName=$(echo "$line" | cut -d '=' -f 2)
      clientNames+=("$clientName")
  done < <(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V")

  echo "Enter the name of the existing client certificate you want to revoke"
  tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '

    until [[ $CLIENT =~ ^[a-zA-Z0-9_-]+$ ]]; do
        read -rp "Client name: " -e CLIENT
    done

  # Loop check if the input value is in the array
  until [[ " ${clientNames[@]} " =~ " $CLIENT " ]]; do
      echo "The client name entered is not a valid value!"
      read -rp "Please re-enter: " CLIENT
  done
    CLIENT=$CLIENT
    cd /etc/openvpn/easy-rsa/ || return
    ./easyrsa --batch revoke "$CLIENT"
    EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
    rm -f /etc/openvpn/crl.pem
    cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
    chmod 644 /etc/openvpn/crl.pem
    find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
    rm -f "/root/$CLIENT.ovpn"
    sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
    cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}

    echo ""
    echo "Certificate for client $CLIENT revoked."
}

Finally, we can use headless installation mode to start it

MENU_OPTION='3' CLIENT='test' ./openvpn-install.sh