#!/bin/bash
#The admin interface for OpenVPN
echo "Content-type: text/html"
echo ""
echo "
Iristel VPN Server
OVH - Beauharnois, QC (Load: $(cat load.inc))
$(cat speed.inc)
Statistics updated on $(date -d "@$(stat -c '%Y' /var/www/html/speed.inc)")
"
eval `echo "${QUERY_STRING}"|tr '&' ';'`
IP=$(wget -4qO- "http://whatismyip.akamai.com/")
newclient () {
# Generates the custom client.ovpn
cp /etc/openvpn/client-common.txt /etc/openvpn/clients/$1.ovpn
echo "
" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/ca.crt >> /etc/openvpn/clients/$1.ovpn
echo "" >> /etc/openvpn/clients/$1.ovpn
echo "
" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> /etc/openvpn/clients/$1.ovpn
echo "" >> /etc/openvpn/clients/$1.ovpn
echo "
" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/private/$1.key >> /etc/openvpn/clients/$1.ovpn
echo "" >> /etc/openvpn/clients/$1.ovpn
#echo "
" >> /etc/openvpn/clients/$1.ovpn
#cat /etc/openvpn/ta.key >> /etc/openvpn/clients/$1.ovpn
#echo "" >> /etc/openvpn/clients/$1.ovpn
}
cd /etc/openvpn/easy-rsa/
case $option in
"add") #Add a client
./easyrsa build-client-full $client nopass
# Generates the custom client.ovpn
newclient "$client" "$type"
echo " Client's certificate
$client has been created.
"
;;
"revoke") #Revoke a client
./easyrsa --batch revoke $client > /dev/null
./easyrsa gen-crl > /dev/null
rm -rf pki/reqs/$client.req
rm -rf pki/private/$client.key
rm -rf pki/issued/$client.crt
rm -rf /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody
echo " Client's certificate
$client has been revoked.
"
;;
"access") #Give a client full web access
ip=$(grep '$client' | sed 's/'$client',//g' /etc/openvpn/ipp.txt)
if [ ! -z "$ip" ];
then
#Needs www-data ALL=(ALL) NOPASSWD: /sbin/iptables, /sbin/iptables-save rule in /etc/sudoers
if [ -z "$(sudo /sbin/iptables -S | grep '\-s '$ip'.*-j DROP')" ]
then
sudo /sbin/iptables -A FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
access="limited"
else
sudo /sbin/iptables -D FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
access="full"
fi
sudo /sbin/iptables-save > /etc/iptables/rules.v4
echo " Client
$client now has $access access.
"
else
echo " Client
$client doesn't have a static IP yet. Aborted.
"
fi
;;
esac
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
echo " You don't have any existing clients."
else
sed 1d /etc/openvpn/easy-rsa/pki/index.txt | while read c; do
if [[ $(echo $c | grep -c "^V") = '1' ]]; then
clientName=$(echo $c | cut -d '=' -f 2)
echo "
"
echo "
"
echo "
"
echo " $clientName
"
fi
done #
"
exit 0