diff --git a/ipsec/adduser.sh b/ipsec/adduser.sh
index c140117..3950a17 100755
--- a/ipsec/adduser.sh
+++ b/ipsec/adduser.sh
@@ -48,6 +48,7 @@ do
else
read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER}
+ unset LOGIN
fi
continue
else
@@ -101,6 +102,7 @@ do
echo
read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER}
+ unset LOGIN
else
ANSUSER=$NOTADDUSER
fi
diff --git a/openvpn/adduser.sh b/openvpn/adduser.sh
index 83b0c35..5b9caa0 100755
--- a/openvpn/adduser.sh
+++ b/openvpn/adduser.sh
@@ -25,51 +25,60 @@ do
read -p "Enter name: " LOGIN
done
- ./build-key --batch $LOGIN
+ $DIR/checkuser.sh $LOGIN
- if [ $? -eq 0 ]; then
+ if [[ $? -ne 0 ]]; then
- # copy files and OVPN config
- mkdir -p "$DIR/$LOGIN"
- cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"
+ ./build-key --batch $LOGIN
- DIST="$DIR/$LOGIN/openvpn-server.ovpn"
- cp $DIR/openvpn-server.ovpn.dist $DIST
- sed -i -e "s@LOGIN@$LOGIN@g" $DIST
- sed -i -e "s@IP@$IP@g" $DIST
+ if [ $? -eq 0 ]; then
- SRC="$DIR/$LOGIN"
- DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn"
- cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
- sed -i -e "s@IP@$IP@g" $DIST
+ # copy files and OVPN config
+ mkdir -p "$DIR/$LOGIN"
+ cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"
- echo "" >> $DIST
- cat $SRC/ca.crt >> $DIST
- echo "" >> $DIST
+ DIST="$DIR/$LOGIN/openvpn-server.ovpn"
+ cp $DIR/openvpn-server.ovpn.dist $DIST
+ sed -i -e "s@LOGIN@$LOGIN@g" $DIST
+ sed -i -e "s@IP@$IP@g" $DIST
- echo "" >> $DIST
- cat $SRC/$LOGIN.crt >> $DIST
- echo "" >> $DIST
+ SRC="$DIR/$LOGIN"
+ DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn"
+ cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
+ sed -i -e "s@IP@$IP@g" $DIST
- echo "" >> $DIST
- cat $SRC/$LOGIN.key >> $DIST
- echo "" >> $DIST
+ echo "" >> $DIST
+ cat $SRC/ca.crt >> $DIST
+ echo "" >> $DIST
- echo "" >> $DIST
- cat $SRC/ta.key >> $DIST
- echo "" >> $DIST
+ echo "" >> $DIST
+ cat $SRC/$LOGIN.crt >> $DIST
+ echo "" >> $DIST
- echo
- echo "Directory $DIR/$LOGIN with necessary files has been created."
- USERNAME=${SUDO_USER:-$USER}
- chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
+ echo "" >> $DIST
+ cat $SRC/$LOGIN.key >> $DIST
+ echo "" >> $DIST
+
+ echo "" >> $DIST
+ cat $SRC/ta.key >> $DIST
+ echo "" >> $DIST
+ echo
+ echo "Directory $DIR/$LOGIN with necessary files has been created."
+ USERNAME=${SUDO_USER:-$USER}
+ chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
+
+ fi
+ else
+ echo "User $LOGIN already exists."
+ unset LOGIN
fi
if [[ $# -eq 0 ]]; then
echo
read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER}
+ unset LOGIN
else
ANSUSER=$NOTADDUSER
fi
diff --git a/openvpn/checkuser.sh b/openvpn/checkuser.sh
new file mode 100755
index 0000000..0c9924e
--- /dev/null
+++ b/openvpn/checkuser.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+ echo "Sorry, you need to run this as root"
+ exit 1
+fi
+
+if [[ $# -gt 0 ]]; then
+ LOGIN="$1"
+fi
+
+while [[ -z "$LOGIN" ]];
+do
+ read -p "Enter name: " LOGIN
+done
+
+RET=$(ls $CADIR/keys | grep "^$LOGIN.key$" >/dev/null)
+
+exit $?
diff --git a/openvpn/deluser.sh b/openvpn/deluser.sh
new file mode 100755
index 0000000..75ae5b2
--- /dev/null
+++ b/openvpn/deluser.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+ echo "Sorry, you need to run this as root"
+ exit 1
+fi
+
+if [[ $# -gt 0 ]]; then
+ LOGIN="$1"
+fi
+
+while [[ -z "$LOGIN" ]];
+do
+ read -p "Enter name: " LOGIN
+done
+
+cd $CADIR
+source ./vars
+
+./revoke-full $LOGIN
+
+cp -rf $CADIR/keys/crl.pem $OPENVPNDIR
+chown nobody:$NOBODYGROUP $OPENVPNDIR/crl.pem
diff --git a/openvpn/install.sh b/openvpn/install.sh
index 72328ca..4a3f3ee 100755
--- a/openvpn/install.sh
+++ b/openvpn/install.sh
@@ -29,6 +29,7 @@ echo
echo "Installing configuration files..."
yes | cp -rf $DIR/openvpn-server.conf.dist $OPENVPNCONFIG
+sed -i -e "s@OPENVPNDIR@$OPENVPNDIR@g" $OPENVPNCONFIG
sed -i -e "s@CADIR@$CADIR@g" $OPENVPNCONFIG
sed -i -e "s@LOCALPREFIX@$LOCALPREFIX@g" $OPENVPNCONFIG
sed -i -e "s@NOBODYGROUP@$NOBODYGROUP@g" $OPENVPNCONFIG
@@ -63,6 +64,9 @@ source ./vars
./build-dh
openvpn --genkey --secret ta.key
+# add dummy user and revoke its certificate for non-empty crl.pem file
+./build-key --batch client000
+./revoke-full client000
echo
echo "Adding cron jobs..."
diff --git a/openvpn/openvpn-server.conf.dist b/openvpn/openvpn-server.conf.dist
index e2e3299..79497bf 100644
--- a/openvpn/openvpn-server.conf.dist
+++ b/openvpn/openvpn-server.conf.dist
@@ -2,6 +2,7 @@ mode server
port 1194
proto udp
dev tun
+crl-verify OPENVPNDIR/crl.pem
ca CADIR/keys/ca.crt
cert CADIR/keys/openvpn-server.crt
key CADIR/keys/openvpn-server.key
diff --git a/pptp/adduser.sh b/pptp/adduser.sh
index 56b557d..c44464a 100755
--- a/pptp/adduser.sh
+++ b/pptp/adduser.sh
@@ -48,6 +48,7 @@ do
else
read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER}
+ unset LOGIN
fi
continue
else
@@ -79,6 +80,7 @@ do
echo
read -p "Would you want to add another user? [no] " ANSUSER
: ${ANSUSER:=$NOTADDUSER}
+ unset LOGIN
else
ANSUSER=$NOTADDUSER
fi