Last active
June 18, 2020 07:26
-
-
Save core01/c973dee9cf90ed96c3dbd3eb4426d3c3 to your computer and use it in GitHub Desktop.
add user to ipsec vpn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# Script to add/update an VPN user for both IPsec/L2TP and Cisco IPsec | |
# | |
# Copyright (C) 2018-2020 Lin Song <[email protected]> | |
# | |
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 | |
# Unported License: http://creativecommons.org/licenses/by-sa/3.0/ | |
# | |
# Attribution required: please include my name in any derivative and let me | |
# know how you have improved it! | |
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | |
SYS_DT=$(date +%F-%T | tr ':' '_') | |
exiterr() { echo "Error: $1" >&2; exit 1; } | |
conf_bk() { /bin/cp -f "$1" "$1.old-$SYS_DT" 2>/dev/null; } | |
add_vpn_user() { | |
if [ "$(id -u)" != 0 ]; then | |
exiterr "Script must be run as root. Try 'sudo sh $0'" | |
fi | |
if [ ! -f "/etc/ppp/chap-secrets" ] || [ ! -f "/etc/ipsec.d/passwd" ]; then | |
cat 1>&2 <<'EOF' | |
Error: File /etc/ppp/chap-secrets and/or /etc/ipsec.d/passwd do not exist! | |
Your must first set up the VPN server before adding VPN users. | |
See: https://github.com/hwdsl2/setup-ipsec-vpn | |
EOF | |
exit 1 | |
fi | |
if ! grep -qs "hwdsl2 VPN script" /etc/sysctl.conf; then | |
cat 1>&2 <<'EOF' | |
Error: This script can only be used with VPN servers created using: | |
https://github.com/hwdsl2/setup-ipsec-vpn | |
EOF | |
exit 1 | |
fi | |
VPN_USER=$1 | |
VPN_PASSWORD=$2 | |
if [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then | |
cat 1>&2 <<EOF | |
Usage: sudo sh $0 'username_to_add' 'password_to_add' | |
EOF | |
exit 1 | |
fi | |
if printf '%s' "$VPN_USER $VPN_PASSWORD" | LC_ALL=C grep -q '[^ -~]\+'; then | |
exiterr "VPN credentials must not contain non-ASCII characters." | |
fi | |
case "$VPN_USER $VPN_PASSWORD" in | |
*[\\\"\']*) | |
exiterr "VPN credentials must not contain these special characters: \\ \" '" | |
;; | |
esac | |
# Backup config files | |
conf_bk "/etc/ppp/chap-secrets" | |
conf_bk "/etc/ipsec.d/passwd" | |
# Add or update VPN user | |
sed -i "/^\"$VPN_USER\" /d" /etc/ppp/chap-secrets | |
cat >> /etc/ppp/chap-secrets <<EOF | |
"$VPN_USER" l2tpd "$VPN_PASSWORD" * | |
EOF | |
# shellcheck disable=SC2016 | |
sed -i '/^'"$VPN_USER"':\$1\$/d' /etc/ipsec.d/passwd | |
VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD") | |
cat >> /etc/ipsec.d/passwd <<EOF | |
$VPN_USER:$VPN_PASSWORD_ENC:xauth-psk | |
EOF | |
# Update file attributes | |
chmod 600 /etc/ppp/chap-secrets* /etc/ipsec.d/passwd* | |
echo true | |
} | |
## Defer until we have the complete script | |
add_vpn_user "$@" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment