Idea: Delete user by name (headless)

[marktopper]

It would be nice if the script allowed headlessly deletion of users by name.
Maybe like MENU_OPTION=2 CLIENT="foo" ./openvpn-install.sh

For now I just do this:

CLIENT="foo"
cd /etc/openvpn/easy-rsa/ || return
./easyrsa --batch revoke "$CLIENT"
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Cleanup
rm -f "pki/reqs/$CLIENT.req"
rm -f "pki/private/$CLIENT.key"
rm -f "pki/issued/$CLIENT.crt"
rm -f /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem
find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
rm -f "/root/$CLIENT.ovpn"
sed -i "s|^$CLIENT,.*||" /etc/openvpn/ipp.txt
echo ""
echo "Certificate for client $CLIENT revoked."
cd ~

But it would be better to have this within this script to ensure stability with future updates.

[brnl]

Yes, such feature would also fix dumrauf/openvpn-terraform-install#1 in the update-users.sh script, which now hangs on the numeric selection menu.

Thanks for your script, by the way, will try that out as a workaround!

[randshell]

Duplicate of #486. It has PR attached too. @angristan

[luft-mensch]

We can modify the manageMenu method in openvpn-install. sh to solve this problem

function manageMenu() {
	echo "Welcome to OpenVPN-install!"
	echo "The git repository is available at: https://github.com/angristan/openvpn-install"
	echo ""
	echo "It looks like OpenVPN is already installed."
	echo ""
	echo "What do you want to do?"
	echo "   1) Add a new user"
	echo "   2) Revoke existing user"
  echo "   3) Revoke existing user by name"
  echo "   4) Remove OpenVPN"
	echo "   5) Exit"
	until [[ $MENU_OPTION =~ ^[1-5]$ ]]; do
		read -rp "Select an option [1-5]: " MENU_OPTION
	done
	case $MENU_OPTION in
	1)
		newClient
		;;
	2)
		revokeClient
		;;
	3)
		revokeClientByName
		;;
	4)
    removeOpenVPN
  	;;
	5)
		exit 0
		;;
	esac
}

Add a method to delete clients by name

function revokeClientByName() {
  # Define an empty array
  clientNames=()

  # Extract valid client names and add them to the array
  while read -r line; do
      clientName=$(echo "$line" | cut -d '=' -f 2)
      clientNames+=("$clientName")
  done < <(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V")
  
  echo "Enter the name of the existing client certificate you want to revoke"
  tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '

	until [[ $CLIENT =~ ^[a-zA-Z0-9_-]+$ ]]; do
		read -rp "Client name: " -e CLIENT
	done
 
  # Loop check if the input value is in the array
  until [[ " ${clientNames[@]} " =~ " $CLIENT " ]]; do
      echo "The client name entered is not a valid value！"
      read -rp "Please re-enter: " CLIENT
  done
	CLIENT=$CLIENT
	cd /etc/openvpn/easy-rsa/ || return
	./easyrsa --batch revoke "$CLIENT"
	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
	rm -f /etc/openvpn/crl.pem
	cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
	chmod 644 /etc/openvpn/crl.pem
	find /home/ -maxdepth 2 -name "$CLIENT.ovpn" -delete
	rm -f "/root/$CLIENT.ovpn"
	sed -i "/^$CLIENT,.*/d" /etc/openvpn/ipp.txt
	cp /etc/openvpn/easy-rsa/pki/index.txt{,.bk}

	echo ""
	echo "Certificate for client $CLIENT revoked."
}

Finally, we can use headless installation mode to start it

MENU_OPTION='3' CLIENT='test' ./openvpn-install.sh