forked from angristan/openvpn-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate-clients.sh
executable file
·38 lines (32 loc) · 1.02 KB
/
update-clients.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash
shopt -s nullglob
NEW_CLIENTS=("$@")
# Create a list of provisioned clients from easy-rsa pki index
mapfile -t CURRENT_CLIENTS < <(awk 'NR > 1 && $1 == "V" {split($0, a, "="); print a[2]}' /etc/openvpn/easy-rsa/pki/index.txt)
# Revoke excess client certificates
for CURRENT_CLIENT in "${CURRENT_CLIENTS[@]}"
do
if [[ " ${NEW_CLIENTS[*]} " == *" $CURRENT_CLIENT "* ]]
then
echo "Keeping certificate for client '${CURRENT_CLIENT}'."
else
echo "Revoking certificate for client '${CURRENT_CLIENT}'!"
export MENU_OPTION="2" # Revoke client option
export CLIENT="${CURRENT_CLIENT}"
./openvpn-install.sh
fi
done
# Create new clients
for NEW_CLIENT in "${NEW_CLIENTS[@]}"
do
if [[ " ${CURRENT_CLIENTS[*]} " == *" $NEW_CLIENT "* ]]
then
echo "'${NEW_CLIENT}' already exists. Skipping."
else
echo "Creating new client '${NEW_CLIENT}'."
export MENU_OPTION="1" # Create client option
export CLIENT="${NEW_CLIENT}"
export PASS="1" # No Passphrase
./openvpn-install.sh
fi
done