rms/setup-ipsec-vpn
1
0
Fork 0
mirror of https://github.com/hwdsl2/setup-ipsec-vpn.git synced 2026-05-17 08:05:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add more helper scripts

Browse Source 
- Create additional helper scripts for managing VPN users
- Update docs
- Closes: #355
This commit is contained in:
hwdsl2
2018-11-22 16:49:56 -06:00
parent b979d1f15d
commit 83b0663318
7 changed files with 392 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
docs/manage-users.md
View File

@@ -4,9 +4,63 @@
By default, a single user account for VPN login is created. If you wish to add, edit or remove users, read this document.
**Note:** A helper script to update VPN users is now available. See [Helper script](#helper-script).
## Using helper scripts
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file. All VPN users will share the same IPsec PSK.
You may use these scripts to more easily manage VPN users: [add_vpn_user.sh](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/extras/add_vpn_user.sh), [del_vpn_user.sh](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/extras/del_vpn_user.sh) and [update_vpn_users.sh](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/extras/update_vpn_users.sh). They will update users for both IPsec/L2TP and IPsec/XAuth (Cisco IPsec) modes. For updating the IPsec PSK, read the next section.
### Add or update a VPN user
Add a new VPN user or update an existing user with a new password.
```bash
wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
sudo sh add_vpn_user.sh 'username_to_add' 'password_to_add'
```
### Delete a VPN user
Delete the specified VPN user.
```bash
wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
sudo sh del_vpn_user.sh 'username_to_delete'
```
### Update all VPN users
Remove all existing VPN users and replace with the list of users you specify.
```bash
wget -O update_vpn_users.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/update_vpn_users.sh
```
To use this script, choose one of the following options:
**Important:** This script will remove **ALL** existing VPN users and replace them with the list of users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below.
**Option 1:** Edit the script and enter VPN user details:
```bash
nano -w update_vpn_users.sh
[Replace with your own values: YOUR_USERNAMES and YOUR_PASSWORDS]
sudo sh update_vpn_users.sh
```
**Option 2:** Define VPN user details as environment variables:
```bash
# List of VPN usernames and passwords, separated by spaces
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
sudo \
VPN_USERS='username1 username2 ...' \
VPN_PASSWORDS='password1 password2 ...' \
sh update_vpn_users.sh
```
## Manually manage VPN users and PSK
First, the IPsec PSK (pre-shared key) is stored in `/etc/ipsec.secrets`. To change to a new PSK, just edit this file. You must restart services when finished (see below). All VPN users will share the same IPsec PSK.
```bash
%any %any : PSK "your_ipsec_pre_shared_key"
@@ -37,41 +91,9 @@ Passwords in this file are salted and hashed. This step can be done using e.g. t
openssl passwd -1 'your_vpn_password_1'
```
Finally, restart services if you changed to a new PSK. For add, edit or remove VPN users, a restart is normally not required.
Finally, you must restart services if changing to a new PSK. For adding, editing or removing VPN users, this is normally not required.
```bash
service ipsec restart
service xl2tpd restart
```
## Helper script
You may use [this helper script](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/extras/update_vpn_users.sh) to update VPN users. First download the script:
```bash
wget -O update_vpn_users.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/update_vpn_users.sh
```
To update VPN users, choose one of the following options:
**Important:** This script will remove **ALL** existing VPN users and replace them with the new users you specify. Therefore, you must include any existing user(s) you want to keep in the variables below. Or, you may update users manually (see above).
**Option 1:** Edit the script and enter VPN user details:
```bash
nano -w update_vpn_users.sh
[Replace with your own values: YOUR_USERNAMES and YOUR_PASSWORDS]
sudo sh update_vpn_users.sh
```
**Option 2:** Define VPN user details as environment variables:
```bash
# List of VPN usernames and passwords, separated by spaces
# All values MUST be placed inside 'single quotes'
# DO NOT use these special characters within values: \ " '
sudo \
VPN_USERS='username1 username2 ...' \
VPN_PASSWORDS='password1 password2 ...' \
sh update_vpn_users.sh
```