Open marktopper opened 4 years ago
Yes, such feature would also fix https://github.com/dumrauf/openvpn-terraform-install/issues/1 in the update-users.sh script, which now hangs on the numeric selection menu.
Thanks for your script, by the way, will try that out as a workaround!
Duplicate of #486. It has PR attached too. @angristan
We can modify the manageMenu method in openvpn-install. sh to solve this problem
function manageMenu() {
echo "Welcome to OpenVPN-install!"
echo "The git repository is available at: https://github.com/angristan/openvpn-install"
echo ""
echo "It looks like OpenVPN is already installed."
echo ""
echo "What do you want to do?"
echo " 1) Add a new user"
echo " 2) Revoke existing user"
echo " 3) Revoke existing user by name"
echo " 4) Remove OpenVPN"
echo " 5) Exit"
until [[ $MENU_OPTION =~ ^[1-5]$ ]]; do
read -rp "Select an option [1-5]: " MENU_OPTION
done
case $MENU_OPTION in
1)
newClient
;;
2)
revokeClient
;;
3)
revokeClientByName
;;
4)
removeOpenVPN
;;
5)
exit 0
;;
esac
}
Add a method to delete clients by name
function revokeClientByName() {
# Define an empty array
clientNames=()
# Extract valid client names and add them to the array
while read -r line; do
clientName=$(echo "$line" | cut -d '=' -f 2)
clientNames+=("$clientName")
done < <(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V")
echo "Enter the name of the existing client certificate you want to revoke"
tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
until [[ $CLIENT =~ ^[a-zA-Z0-9_-]+$ ]]; do
read -rp "Client name: " -e CLIENT
done
# Loop check if the input value is in the array
until [[ " ${clientNames[@]} " =~ " $CLIENT " ]]; do
echo "The client name entered is not a valid value!"
read -rp "Please re-enter: " CLIENT
done
CLIENT=$CLIENT
cd /etc/openvpn/easy-rsa/ || return
./easyrsa --batch revoke "$CLIENT"
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
rm -f /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem
find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
rm -f "/root/$CLIENT.ovpn"
sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}
echo ""
echo "Certificate for client $CLIENT revoked."
}
Finally, we can use headless installation mode to start it
MENU_OPTION='3' CLIENT='test' ./openvpn-install.sh
It would be nice if the script allowed headlessly deletion of users by name. Maybe like
MENU_OPTION=2 CLIENT="foo" ./openvpn-install.sh
For now I just do this:
But it would be better to have this within this script to ensure stability with future updates.