Various bugfixes and improvements

- Assisted configuration for servers behind a NAT - Better IP autodetection - Fix certificate revocation
2013-07-07 21:28:08 +02:00 · 2013-07-07 21:28:08 +02:00 · 730691c8a1
parent ce8077f048
commit 730691c8a1
1 changed files with 29 additions and 19 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -23,17 +23,11 @@ fi
 # Try to get our IP from the system and fallback to the Internet.
 # I do this to make the script compatible with NATed servers (lowendspirit.com)
 # and to avoid getting an IPv6.
-# Sorry for doing this, I didn't want to :(
+IP=$(ifconfig | grep 'inet addr:' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d: -f2 | awk '{ print $1}')
-echo "$(grep address /etc/network/interfaces | grep -v 127.0.0.1  | awk '{print $2}' | grep -q '.' | head -1)"
+if [ "$IP" = "" ]; then
-if [ ! $? = 0 ]; then
+        IP=$(wget -qO- ipv4.icanhazip.com)
 	IP=$(wget -qO- ipv4.icanhazip.com)
 else
 	IP=$(grep address /etc/network/interfaces | grep -v 127.0.0.1  | awk '{print $2}' | grep '.' | head -1)
 fi
 # We will use this later
 EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
 if [ -e /etc/openvpn/server.conf ]; then
 	while :
@ -80,10 +74,19 @@ if [ -e /etc/openvpn/server.conf ]; then
 			echo ""
 			echo "Tell me the existing client name"
 			read -p "Client name: " -e -i client CLIENT
 			cd /etc/openvpn/easy-rsa/2.0/
 			. /etc/openvpn/easy-rsa/2.0/vars
 			. /etc/openvpn/easy-rsa/2.0/revoke-full $CLIENT
-			echo ""
+			# If it's the first time revoking a cert, we need to add the crl-verify line
-			echo "Certificate for client $CLIENT revoked"
+			if grep -q "crl-verify" "/etc/openvpn/server.conf"; then
 			        echo ""
 			        echo "Certificate for client $CLIENT revoked"
 			else
 			        echo "crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem" >> "/etc/openvpn/server.conf"
 			        /etc/init.d/openvpn restart
 			        echo ""
 			        echo "Certificate for client $CLIENT revoked"
 			fi
 			exit
 			;;
 			3) 
@ -174,6 +177,20 @@ else
 	/etc/init.d/openvpn restart
 	# Let's generate the client config
 	mkdir ~/ovpn-$CLIENT
 	# Try to detect a NATed connection and ask about it to potential LowEndSpirit
 	# users
 	EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
 	if [ "$IP" != "$EXTERNALIP" ]; then
 		echo ""
 		echo "Looks like your server is behind a NAT!"
 		echo ""
 		echo "If your server is NATed (LowEndSpirit), I need to know the external IP"
 		echo "If that's not the case, just ignore this and leave the next field blank"
 		read -p "External IP:" -e USEREXTERNALIP
 		if [ $USEREXTERNALIP != "" ]; then
 			IP=$USEREXTERNALIP
 		fi
 	fi
 	# IP/port set on the default client.conf so we can add further users
 	# without asking for them
 	sed -i "s|remote my-server-1 1194|remote $IP $PORT|" /usr/share/doc/openvpn/examples/sample-config-files/client.conf
@ -192,11 +209,4 @@ else
 	echo ""
 	echo "Your client config is available at ~/ovpn-$CLIENT.tar.gz"
 	echo "If you want to add more clients, you simply need to run this script another time!"
-	# Try to detect a NATed connection and show a warning to potential
+fi
 	# LowEndSpirit users
 	if [ "$IP" != "$EXTERNALIP" ]; then
 		echo ""
 		echo "If you are running this on a LowEndSpirit VPS, please take a minute to read:"
 		echo "http://cl.ly/OuSW"
 	fi
 fi