wberube
/
simple-openvpn-server
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
simple-openvpn-server/index.sh

115 lines
4.3 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#The admin interface for OpenVPN
echo "Content-type: text/html"
echo ""
echo "<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Iristel VPN Server</title>
<link href="style.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Nunito:300,400,700" rel="stylesheet">
</head>
<body class="m0">
<div class="c">
<header class="mb3">
<h1 class="tc mb0"><b>Iristel VPN Server</b></h1>
<h5>OVH - Beauharnois, QC (Load: $(cat load.inc))<br></h5>
<h6>$(cat speed.inc)<br>
Statistics updated on $(date -d "@$(stat -c '%Y' /var/www/html/speed.inc)")<br><br></h6>
<hr>
</header>"
eval `echo "${QUERY_STRING}"|tr '&' ';'`
IP=$(wget -4qO- "http://whatismyip.akamai.com/")
newclient () {
# Generates the custom client.ovpn
cp /etc/openvpn/client-common.txt /etc/openvpn/clients/$1.ovpn
echo "<ca>" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/ca.crt >> /etc/openvpn/clients/$1.ovpn
echo "</ca>" >> /etc/openvpn/clients/$1.ovpn
echo "<cert>" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> /etc/openvpn/clients/$1.ovpn
echo "</cert>" >> /etc/openvpn/clients/$1.ovpn
echo "<key>" >> /etc/openvpn/clients/$1.ovpn
cat /etc/openvpn/easy-rsa/pki/private/$1.key >> /etc/openvpn/clients/$1.ovpn
echo "</key>" >> /etc/openvpn/clients/$1.ovpn
#echo "<tls-auth>" >> /etc/openvpn/clients/$1.ovpn
#cat /etc/openvpn/ta.key >> /etc/openvpn/clients/$1.ovpn
#echo "</tls-auth>" >> /etc/openvpn/clients/$1.ovpn
}
cd /etc/openvpn/easy-rsa/
case $option in
"add") #Add a client
./easyrsa build-client-full $client nopass
# Generates the custom client.ovpn
newclient "$client" "$type"
echo " Client's certificate <span style='color:red'>$client</span> has been created.<br><br>"
;;
"revoke") #Revoke a client
./easyrsa --batch revoke $client > /dev/null
./easyrsa gen-crl > /dev/null
rm -rf pki/reqs/$client.req
rm -rf pki/private/$client.key
rm -rf pki/issued/$client.crt
rm -rf /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
# CRL is read with each client connection, when OpenVPN is dropped to nobody
echo " Client's certificate <span style='color:red'>$client</span> has been revoked.<br><br>"
;;
"access") #Give a client full web access
ip=$(grep '$client' | sed 's/'$client',//g' /etc/openvpn/ipp.txt)
if [ ! -z "$ip" ];
then
#Needs www-data ALL=(ALL) NOPASSWD: /sbin/iptables, /sbin/iptables-save rule in /etc/sudoers
if [ -z "$(sudo /sbin/iptables -S | grep '\-s '$ip'.*-j DROP')" ]
then
sudo /sbin/iptables -A FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
access="limited"
else
sudo /sbin/iptables -D FORWARD -s $ip -m iprange ! --dst-range 208.89.128.1-209.58.101.255 -j DROP
access="full"
fi
sudo /sbin/iptables-save > /etc/iptables/rules.v4
echo " Client <span style='color:red'>$client</span> now has $access access.<br><br>"
else
echo " Client <span style='color:red'>$client</span> doesn't have a static IP yet. Aborted.<br><br>"
fi
;;
esac
NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
echo " You don't have any existing clients."
else
sed 1d /etc/openvpn/easy-rsa/pki/index.txt | while read c; do
if [[ $(echo $c | grep -c "^V") = '1' ]]; then
clientName=$(echo $c | cut -d '=' -f 2)
echo " <a href='index.sh?option=revoke&client=$clientName'><button class='btn'>Revoke</button></a> "
echo " <a target='_blank' href='download.sh?client=$clientName'><button class='btn primary'>Download</button></a>"
echo " <a href='index.sh?option=access&client=$clientName'><button class='btn primary'>(Un)Limit</button></a>"
echo " &nbsp;$clientName<br>"
fi
done #</etc/openvpn/easy-rsa/pki/index.txt
fi
echo "
<hr>
<form action='index.sh' method='get'>
<input type='hidden' name='option' value='add'>
<br>New access: <br>
<input class='card' type='text' name='client'>
<button class='btn primary' type='submit'>Create</button>
</form>
</div>
</body>
</html>"
exit 0
Reference in New Issue View Git Blame Copy Permalink