Fix bugs with server endpoint ip address creation

Improve make-static-ip while were at it

Fix bugs with server endpoint ip address creation
Improve make-static-ip while were at it
5d8d65c3 · Matthew Smith · 292ae3e6 · 5d8d65c3 · 5d8d65c3 · 5d8d65c3
Commit 5d8d65c3 authored Feb 28, 2016 by Matthew Smith
--- a/functions.sh
+++ b/functions.sh
@@ -2,11 +2,11 @@

 # Useful vars

-openvpn_config_dir="/etc/openvpn/"
-ccd_dir="$openvpn_config_dir/ccd/"
-ccd_revoked_dir="$openvpn_config_dir/ccd_revoked/"
+OPENVPNCONFIGDIR="/etc/openvpn/"
+CCDDIR="$OPENVPNCONFIGDIR/ccd/"
+CCDREVOKEDDIR="$OPENVPNCONFIGDIR/ccd_revoked/"

-shorewall_vars="/etc/shorewall/openvpn.vars"
+SHOREWALLVARS="/etc/shorewall/openvpn.vars"


 # ask_key_questions
@@ -142,10 +142,26 @@ y" |									\
 # get_current_certificates 
 #  echo's out a list of currect vpn certificates
 #
-function get_current_certificates {
+function get_current_certificates () {

-echo "Index     User <email address>"
+    echo "Index     User <email address>"
+    grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'

-grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'
+}
+
+
+function create_shorewall_vars () {
+
+    grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | sed "s/-//g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
+
+}

+function prompt_restart_shorewall () {
+	read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
+    if [ "$SHOREWALLYN" = "y" ] ; then
+        echo "OK proceeding"
+		shorewall restart
+    else
+        exit
+    fi
 }
--- a/scripts/clean-ccd
+++ b/scripts/clean-ccd
@@ -19,28 +19,28 @@ fi

 cd /etc/openvpn/

-if [ ! -d "$ccd_revoked_dir" ]; then
-	mkdir "$ccd_revoked_dir"
+if [ ! -d "$CCDREVOKEDDIR" ]; then
+	mkdir "$CCDREVOKEDDIR"
 fi

 echo "Beginning ccd clean up..." 

-for f in `ls "$ccd_dir"` ; do 
+for f in `ls "$CCDDIR"` ; do

 	if grep -q "^R.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then 
 		echo "$f moved"
-		mv "$ccd_dir/$f" "$ccd_revoked_dir/"
+		mv "$CCDDIR/$f" "$CCDREVOKEDDIR"
 	fi 

 done

-echo "You can find moved files in $ccd_revoked_dir"
+echo "You can find moved files in $CCDREVOKEDDIR"
 echo "" 

 wtf=false
 echo "Checking for ccd's without a valid key..."

-for f in `ls "$ccd_dir"` ; do 
+for f in `ls "$CCDDIR"` ; do

 	if ! grep -q "^V.*$f.*" /var/lib/openvpn-server/openssl/index.txt ; then 
 		wtf=true
@@ -53,6 +53,10 @@ if [ "$wtf" = true ] ; then
 	echo "..wtfomgbbq!?! Son you've got a serious problem, the ccd file(s) above don't have a valid key nor are they revoked. Get it sorted will ya." 
 else
 	echo "...all good"
+
+    create_shorewall_vars
+    prompt_restart_shorewall
+
 fi



--- a/scripts/make-static-ip
+++ b/scripts/make-static-ip
@@ -8,10 +8,9 @@
 #setting the COMMONNAME to $1
 COMMONNAME=$1

+. /usr/share/openvpn-server/functions.sh
 . /etc/openvpn-server/config.sh

-CCDDIR=/etc/openvpn/ccd/
-SHOREWALLVARS=/etc/shorewall/openvpn.vars
 IPPREFIX=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf |grep 'server '|cut -f2 -d' '|cut -f1,2,3 -d.`.

 IP=`cat /etc/openvpn/$OVPN_ORGNICK-server.conf | grep '^server '| cut -f2 -d' '`
@@ -32,15 +31,6 @@ echo FIREWALLED=yes >> /etc/openvpn-server/config.sh
        ;;
 esac

-function prompt_restart_shorewall () {
-	read -p "Do you want to restart Shorewall now? (y/n)" SHOREWALLYN
-    if [ "$SHOREWALLYN" = "y" ] ; then
-        echo "OK proceeding"
-		shorewall restart
-    else
-        exit
-    fi
-}

 function get_new_ip() {
 	local newip=""
@@ -59,6 +49,13 @@ function get_new_ip() {
 }


+# Return the openvpn server endpoint for an IP
+function get_server_endpoint_ip {
+
+    echo "$1" | awk -F"." '{$4++;print $1"."$2"."$3"."$4}'
+
+}
+
 #Each pair of ifconfig-push addresses represent the virtual client and server IP endpoints.
 #They must be taken from successive /30 subnets in order to be compatible with Windows clients
 #and the TAP-Win32 driver.
@@ -85,17 +82,22 @@ if [ -x $ip ] ; then
 	echo "we appear to have run out of ip's, fix it"
 	echo "then run \$ $0 $COMMONNAME"
 else
-    IFS='.' read -ra ipnums <<< $ip
-	(( ipnums[3]++ ))
-	newgw=$(echo ${ipnums[*]} | sed "s/ /\./g")
+	endpointip=$(get_server_endpoint_ip $ip)
    echo "your new ip will be $ip"
-	echo "your new gateway will be $newgw"
-	echo "writing new ccd for you"
-    echo ifconfig-push $ip $newgw > $CCDDIR$COMMONNAME
+	echo "your new gateway will be $endpointip"
+
+
+    if [ $COMMONNAME == "" ] ; then
+	    echo "writing new ccd $COMMONNAME"
+        echo ifconfig-push $ip $endpointip > $CCDDIR$COMMONNAME

-    echo "writing new shorewall vars"
-    grep "ifconfig-push" $CCDDIR* | sed "s/[\/|:]/ /g" | awk '{print $4 "=" $6}' > $SHOREWALLVARS
-    prompt_restart_shorewall
+        echo "writing new shorewall vars"
+        create_shorewall_vars
+        prompt_restart_shorewall
+    else
+        echo "no command name supplied so nothing will be written out"
+	    echo "to write the results run \$ $0 <COMMONNAME>"
+    fi

 fi