#!/bin/bash #The admin interface for OpenVPN echo "Content-type: text/html" echo "" echo " Iristel VPN Server

Iristel VPN Server

OVH - Beauharnois, QC (Load: $(cat load.inc))
$(cat speed.inc)
Statistics updated on $(date -d "@$(stat -c '%Y' /var/www/html/speed.inc)")

" eval `echo "${QUERY_STRING}"|tr '&' ';'` IP=$(wget -4qO- "http://whatismyip.akamai.com/") newclient () { # Generates the custom client.ovpn cp /etc/openvpn/client-common.txt /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn cat /etc/openvpn/easy-rsa/pki/ca.crt >> /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn cat /etc/openvpn/easy-rsa/pki/private/$1.key >> /etc/openvpn/clients/$1.ovpn echo "" >> /etc/openvpn/clients/$1.ovpn #echo "" >> /etc/openvpn/clients/$1.ovpn #cat /etc/openvpn/ta.key >> /etc/openvpn/clients/$1.ovpn #echo "" >> /etc/openvpn/clients/$1.ovpn } cd /etc/openvpn/easy-rsa/ case $option in "add") #Add a client ./easyrsa build-client-full $client nopass # Generates the custom client.ovpn newclient "$client" "$type" echo " Client's certificate $client has been created.

" ;; "revoke") #Revoke a client ./easyrsa --batch revoke $client > /dev/null ./easyrsa gen-crl > /dev/null rm -rf pki/reqs/$client.req rm -rf pki/private/$client.key rm -rf pki/issued/$client.crt rm -rf /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody echo " Client's certificate $client has been revoked.

" ;; "access") #Give a client full web access ip=$(grep '$client' | sed 's/'$client',//g' /etc/openvpn/ipp.txt) if [ ! -z "$ip" ]; then #Needs www-data ALL=(ALL) NOPASSWD: /sbin/iptables, /sbin/iptables-save rule in /etc/sudoers if [ -z "$(sudo /sbin/iptables -S | grep '\-s '$ip'.*-j DROP')" ] then sudo /sbin/iptables -A FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP access="limited" else sudo /sbin/iptables -D FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP access="full" fi sudo /sbin/iptables-save > /etc/iptables/rules.v4 echo " Client $client now has $access access.

" else echo " Client $client doesn't have a static IP yet. Aborted.

" fi ;; esac NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V") if [[ "$NUMBEROFCLIENTS" = '0' ]]; then echo " You don't have any existing clients." else sed 1d /etc/openvpn/easy-rsa/pki/index.txt | while read c; do if [[ $(echo $c | grep -c "^V") = '1' ]]; then clientName=$(echo $c | cut -d '=' -f 2) echo " " echo " " echo " " echo "  $clientName
" fi done #

New access:
" exit 0