115 lines
4.3 KiB
Bash
115 lines
4.3 KiB
Bash
#!/bin/bash
|
|
|
|
#The admin interface for OpenVPN
|
|
|
|
echo "Content-type: text/html"
|
|
echo ""
|
|
echo "<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<title>Iristel VPN Server</title>
|
|
<link href="style.css" rel="stylesheet">
|
|
<link href="https://fonts.googleapis.com/css?family=Nunito:300,400,700" rel="stylesheet">
|
|
</head>
|
|
<body class="m0">
|
|
<div class="c">
|
|
<header class="mb3">
|
|
<h1 class="tc mb0"><b>Iristel VPN Server</b></h1>
|
|
<h5>OVH - Beauharnois, QC (Load: $(cat load.inc))<br></h5>
|
|
<h6>$(cat speed.inc)<br>
|
|
Statistics updated on $(date -d "@$(stat -c '%Y' /var/www/html/speed.inc)")<br><br></h6>
|
|
<hr>
|
|
</header>"
|
|
|
|
eval `echo "${QUERY_STRING}"|tr '&' ';'`
|
|
|
|
IP=$(wget -4qO- "http://whatismyip.akamai.com/")
|
|
|
|
newclient () {
|
|
# Generates the custom client.ovpn
|
|
cp /etc/openvpn/client-common.txt /etc/openvpn/clients/$1.ovpn
|
|
echo "<ca>" >> /etc/openvpn/clients/$1.ovpn
|
|
cat /etc/openvpn/easy-rsa/pki/ca.crt >> /etc/openvpn/clients/$1.ovpn
|
|
echo "</ca>" >> /etc/openvpn/clients/$1.ovpn
|
|
echo "<cert>" >> /etc/openvpn/clients/$1.ovpn
|
|
cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> /etc/openvpn/clients/$1.ovpn
|
|
echo "</cert>" >> /etc/openvpn/clients/$1.ovpn
|
|
echo "<key>" >> /etc/openvpn/clients/$1.ovpn
|
|
cat /etc/openvpn/easy-rsa/pki/private/$1.key >> /etc/openvpn/clients/$1.ovpn
|
|
echo "</key>" >> /etc/openvpn/clients/$1.ovpn
|
|
#echo "<tls-auth>" >> /etc/openvpn/clients/$1.ovpn
|
|
#cat /etc/openvpn/ta.key >> /etc/openvpn/clients/$1.ovpn
|
|
#echo "</tls-auth>" >> /etc/openvpn/clients/$1.ovpn
|
|
}
|
|
|
|
cd /etc/openvpn/easy-rsa/
|
|
|
|
case $option in
|
|
"add") #Add a client
|
|
./easyrsa build-client-full $client nopass
|
|
# Generates the custom client.ovpn
|
|
newclient "$client" "$type"
|
|
echo " Client's certificate <span style='color:red'>$client</span> has been created.<br><br>"
|
|
;;
|
|
"revoke") #Revoke a client
|
|
./easyrsa --batch revoke $client > /dev/null
|
|
./easyrsa gen-crl > /dev/null
|
|
rm -rf pki/reqs/$client.req
|
|
rm -rf pki/private/$client.key
|
|
rm -rf pki/issued/$client.crt
|
|
rm -rf /etc/openvpn/crl.pem
|
|
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
|
|
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
|
echo " Client's certificate <span style='color:red'>$client</span> has been revoked.<br><br>"
|
|
;;
|
|
"access") #Give a client full web access
|
|
ip=$(grep '$client' | sed 's/'$client',//g' /etc/openvpn/ipp.txt)
|
|
if [ ! -z "$ip" ];
|
|
then
|
|
#Needs www-data ALL=(ALL) NOPASSWD: /sbin/iptables, /sbin/iptables-save rule in /etc/sudoers
|
|
if [ -z "$(sudo /sbin/iptables -S | grep '\-s '$ip'.*-j DROP')" ]
|
|
then
|
|
sudo /sbin/iptables -A FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
|
|
access="limited"
|
|
else
|
|
sudo /sbin/iptables -D FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
|
|
access="full"
|
|
fi
|
|
sudo /sbin/iptables-save > /etc/iptables/rules.v4
|
|
echo " Client <span style='color:red'>$client</span> now has $access access.<br><br>"
|
|
else
|
|
echo " Client <span style='color:red'>$client</span> doesn't have a static IP yet. Aborted.<br><br>"
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
|
|
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
|
|
echo " You don't have any existing clients."
|
|
else
|
|
sed 1d /etc/openvpn/easy-rsa/pki/index.txt | while read c; do
|
|
if [[ $(echo $c | grep -c "^V") = '1' ]]; then
|
|
clientName=$(echo $c | cut -d '=' -f 2)
|
|
echo " <a href='index.sh?option=revoke&client=$clientName'><button class='btn'>Revoke</button></a> "
|
|
echo " <a target='_blank' href='download.sh?client=$clientName'><button class='btn primary'>Download</button></a>"
|
|
echo " <a href='index.sh?option=access&client=$clientName'><button class='btn primary'>(Un)Limit</button></a>"
|
|
echo " $clientName<br>"
|
|
fi
|
|
done #</etc/openvpn/easy-rsa/pki/index.txt
|
|
fi
|
|
|
|
echo "
|
|
<hr>
|
|
<form action='index.sh' method='get'>
|
|
<input type='hidden' name='option' value='add'>
|
|
<br>New access: <br>
|
|
<input class='card' type='text' name='client'>
|
|
<button class='btn primary' type='submit'>Create</button>
|
|
</form>
|
|
</div>
|
|
</body>
|
|
</html>"
|
|
exit 0
|