From 283b79c89841859f51cbcf5a0c83c12dc27a5df2 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sun, 28 Jul 2024 14:49:26 -0500
Subject: [PATCH] Add install options

- NEW: Users can now optionally specify install options when
  running the script to install OpenVPN. These new options include:
  '--serveraddr', '--proto', '--port', '--clientname',
  '--dns1' and '--dns2'. Refer to the usage information which
  will be added to the project documentation, or run the script
  with the '-h' option to view.
- Other minor improvements
---
 openvpn-install.sh | 191 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 168 insertions(+), 23 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 47d0fae..d58d610 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -139,6 +139,37 @@ parse_args() {
 				remove_ovpn=1
 				shift
 				;;
+			--serveraddr)
+				server_addr_set=1
+				server_addr="$2"
+				shift
+				shift
+				;;
+			--proto)
+				server_proto="$2"
+				shift
+				shift
+				;;
+			--port)
+				server_port="$2"
+				shift
+				shift
+				;;
+			--clientname)
+				first_client_name="$2"
+				shift
+				shift
+				;;
+			--dns1)
+				dns1="$2"
+				shift
+				shift
+				;;
+			--dns2)
+				dns2="$2"
+				shift
+				shift
+				;;
 			-y|--yes)
 				assume_yes=1
 				shift
@@ -154,10 +185,8 @@ parse_args() {
 }
 
 check_args() {
-	if [ "$auto" = 1 ] && [ -e "$OVPN_CONF" ]; then
-		echo "Error: Invalid parameter '--auto'. OpenVPN is already set up on this server." >&2
-		echo "       To manage OpenVPN clients, re-run this script without '--auto'." >&2
-		exit 1
+	if [ "$auto" != 0 ] && [ -e "$OVPN_CONF" ]; then
+		show_usage "Invalid parameter '--auto'. OpenVPN is already set up on this server."
 	fi
 	if [ "$((add_client + export_client + list_clients + revoke_client))" -gt 1 ]; then
 		show_usage "Invalid parameters. Specify only one of '--addclient', '--exportclient', '--listclients' or '--revokeclient'."
@@ -174,6 +203,17 @@ check_args() {
 		[ "$revoke_client" = 1 ] && exiterr "You must first set up OpenVPN before revoking a client."
 		[ "$remove_ovpn" = 1 ] && exiterr "Cannot remove OpenVPN because it has not been set up on this server."
 	fi
+	if [ "$((add_client + export_client + revoke_client))" = 1 ] && [ -n "$first_client_name" ]; then
+		show_usage "Invalid parameters. '--clientname' can only be specified when installing OpenVPN."
+	fi
+	if [ -n "$server_addr" ] || [ -n "$server_proto" ] || [ -n "$server_port" ] \
+		|| [ -n "$first_client_name" ] || [ -n "$dns1" ]; then
+			if [ -e "$OVPN_CONF" ]; then
+				show_usage "Invalid parameters. OpenVPN is already set up on this server."
+			elif [ "$auto" = 0 ]; then
+				show_usage "Invalid parameters. You must specify '--auto' when using these parameters."
+			fi
+	fi
 	if [ "$add_client" = 1 ]; then
 		set_client_name
 		if [ -z "$client" ]; then
@@ -188,6 +228,46 @@ check_args() {
 			exiterr "Invalid client name, or client does not exist."
 		fi
 	fi
+	if [ -n "$server_addr" ] && ! check_dns_name "$server_addr"; then
+		exiterr "Invalid server address. Must be a fully qualified domain name (FQDN)."
+	fi
+	if [ -n "$first_client_name" ]; then
+		unsanitized_client="$first_client_name"
+		set_client_name
+		if [ -z "$client" ]; then
+			exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'."
+		fi
+	fi
+	if [ -n "$server_proto" ]; then
+		case "$server_proto" in
+			[tT][cC][pP])
+				server_proto=tcp
+				;;
+			[uU][dD][pP])
+				server_proto=udp
+				;;
+			*)
+				exiterr "Invalid protocol. Must be TCP or UDP."
+				;;
+		esac
+	fi
+	if [ -n "$server_port" ]; then
+		if [[ ! "$server_port" =~ ^[0-9]+$ || "$server_port" -gt 65535 ]]; then
+			exiterr "Invalid port. Must be an integer between 1 and 65535."
+		fi
+	fi
+	if { [ -n "$dns1" ] && ! check_ip "$dns1"; } \
+		|| { [ -n "$dns2" ] && ! check_ip "$dns2"; }; then
+		exiterr "Invalid DNS server(s)."
+	fi
+	if [ -z "$dns1" ] && [ -n "$dns2" ]; then
+		show_usage "Invalid DNS server. --dns2 cannot be specified without --dns1."
+	fi
+	if [ -n "$dns1" ]; then
+		dns=7
+	else
+		dns=2
+	fi
 }
 
 check_nftables() {
@@ -278,7 +358,7 @@ cat 1>&2 <<EOF
 Usage: bash $0 [options]
 
 Options:
-  --auto                        auto install OpenVPN using default options
+
   --addclient [client name]     add a new client
   --exportclient [client name]  export configuration for an existing client
   --listclients                 list the names of existing clients
@@ -287,7 +367,18 @@ Options:
   -y, --yes                     assume "yes" as answer to prompts when revoking a client or removing OpenVPN
   -h, --help                    show this help message and exit
 
-To customize install options, run this script without arguments.
+Install options (optional):
+
+  --auto                        auto install OpenVPN using default or custom options
+  --serveraddr [DNS name]       server address, must be a fully qualified domain name (FQDN).
+                                If not specified, the server's IPv4 address will be used.
+  --proto [TCP or UDP]          protocol for OpenVPN (TCP or UDP, default: UDP)
+  --port [number]               port for OpenVPN (1-65535, default: 1194)
+  --clientname [client name]    name for the first OpenVPN client (default: client)
+  --dns1 [DNS server IP]        primary DNS server for clients (default: Google Public DNS)
+  --dns2 [DNS server IP]        secondary DNS server for clients
+
+To customize options, you may also run this script without arguments.
 EOF
 	exit 1
 }
@@ -299,11 +390,26 @@ show_welcome() {
 		echo 'You can use the default options and just press enter if you are OK with them.'
 	else
 		show_header
+		op_text=default
+		if [ -n "$server_addr" ] || [ -n "$server_proto" ] || [ -n "$server_port" ] \
+			|| [ -n "$first_client_name" ] || [ -n "$dns1" ]; then
+			op_text=custom
+		fi
 		echo
-		echo 'Starting OpenVPN setup using default options.'
+		echo "Starting OpenVPN setup using $op_text options."
 	fi
 }
 
+show_dns_name_note() {
+cat <<EOF
+
+Note: Make sure this DNS name '$server_addr'
+      resolves to the IPv4 address of this server. If you add
+      or update the DNS record at a later time, you must reboot
+      this server to take effect.
+EOF
+}
+
 enter_server_address() {
 	echo
 	echo "Do you want OpenVPN clients to connect to this server using a DNS name,"
@@ -325,10 +431,7 @@ enter_server_address() {
 			read -rp "Enter the DNS name of this VPN server: " server_addr
 		done
 		ip="$server_addr"
-		echo
-		echo "Note: Make sure this DNS name resolves to the IPv4 address"
-		echo "      of this server. If you add or update the DNS record"
-		echo "      at a later time, reboot this server to take effect."
+		show_dns_name_note
 	else
 		detect_ip
 		check_nat_ip
@@ -417,11 +520,29 @@ check_nat_ip() {
 show_config() {
 	if [ "$auto" != 0 ]; then
 		echo
-		printf '%s' "Server IP: "
-		[ -n "$public_ip" ] && printf '%s\n' "$public_ip" || printf '%s\n' "$ip"
-		echo "Port: UDP/1194"
-		echo "Client name: client"
-		echo "Client DNS: Google Public DNS"
+		if [ -n "$server_addr" ]; then
+			echo "Server address: $server_addr"
+		else
+			printf '%s' "Server IP: "
+			[ -n "$public_ip" ] && printf '%s\n' "$public_ip" || printf '%s\n' "$ip"
+		fi
+		if [ "$server_proto" = "tcp" ]; then
+			proto_text=TCP
+		else
+			proto_text=UDP
+		fi
+		[ -n "$server_port" ] && port_text="$server_port" || port_text=1194
+		[ -n "$first_client_name" ] && client_text="$client" || client_text=client
+		if [ -n "$dns1" ] && [ -n "$dns2" ]; then
+			dns_text="$dns1, $dns2"
+		elif [ -n "$dns1" ]; then
+			dns_text="$dns1"
+		else
+			dns_text="Google Public DNS"
+		fi
+		echo "Port: $proto_text/$port_text"
+		echo "Client name: $client_text"
+		echo "Client DNS: $dns_text"
 	fi
 }
 
@@ -452,7 +573,7 @@ select_protocol() {
 			;;
 		esac
 	else
-		protocol=udp
+		[ -n "$server_proto" ] && protocol="$server_proto" || protocol=udp
 	fi
 }
 
@@ -467,7 +588,7 @@ select_port() {
 		done
 		[[ -z "$port" ]] && port=1194
 	else
-		port=1194
+		[ -n "$server_port" ] && port="$server_port" || port=1194
 	fi
 }
 
@@ -516,7 +637,12 @@ enter_first_client_name() {
 		set_client_name
 		[[ -z "$client" ]] && client=client
 	else
-		client=client
+		if [ -n "$first_client_name" ]; then
+			unsanitized_client="$first_client_name"
+			set_client_name
+		else
+			client=client
+		fi
 	fi
 }
 
@@ -1232,6 +1358,17 @@ export_client=0
 list_clients=0
 revoke_client=0
 remove_ovpn=0
+server_addr_set=0
+public_ip=""
+server_addr=""
+server_proto=""
+server_port=""
+first_client_name=""
+unsanitized_client=""
+client=""
+dns=""
+dns1=""
+dns2=""
 
 parse_args "$@"
 check_args
@@ -1299,18 +1436,23 @@ if [[ ! -e "$OVPN_CONF" ]]; then
 	install_wget
 	install_iproute
 	show_welcome
-	public_ip=""
 	if [ "$auto" = 0 ]; then
 		enter_server_address
 	else
-		detect_ip
-		check_nat_ip
+		if [ -n "$server_addr" ]; then
+			ip="$server_addr"
+		else
+			detect_ip
+			check_nat_ip
+		fi
 	fi
 	show_config
 	detect_ipv6
 	select_protocol
 	select_port
-	select_dns
+	if [ "$auto" = 0 ]; then
+		select_dns
+	fi
 	enter_first_client_name
 	show_setup_ready
 	check_firewall
@@ -1330,6 +1472,9 @@ if [[ ! -e "$OVPN_CONF" ]]; then
 	create_client_common
 	start_openvpn_service
 	new_client
+	if [ "$auto" != 0 ] && [ "$server_addr_set" = 1 ]; then
+		show_dns_name_note
+	fi
 	finish_setup
 else
 	show_header