Add install options

- NEW: Users can now optionally specify install options when running the script to install OpenVPN. These new options include: '--serveraddr', '--proto', '--port', '--clientname', '--dns1' and '--dns2'. Refer to the usage information which will be added to the project documentation, or run the script with the '-h' option to view. - Other minor improvements
2026-01-10 18:36:17 +00:00 · 2024-07-28 14:49:26 -05:00
parent 2977cd6fe6
commit 283b79c898
1 changed files with 168 additions and 23 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -139,6 +139,37 @@ parse_args() {
 				remove_ovpn=1
 				shift
 				;;
 			--serveraddr)
 				server_addr_set=1
 				server_addr="$2"
 				shift
 				shift
 				;;
 			--proto)
 				server_proto="$2"
 				shift
 				shift
 				;;
 			--port)
 				server_port="$2"
 				shift
 				shift
 				;;
 			--clientname)
 				first_client_name="$2"
 				shift
 				shift
 				;;
 			--dns1)
 				dns1="$2"
 				shift
 				shift
 				;;
 			--dns2)
 				dns2="$2"
 				shift
 				shift
 				;;
 			-y|--yes)
 				assume_yes=1
 				shift
@@ -154,10 +185,8 @@ parse_args() {
 }
 check_args() {
-	if [ "$auto" = 1 ] && [ -e "$OVPN_CONF" ]; then
+	if [ "$auto" != 0 ] && [ -e "$OVPN_CONF" ]; then
-		echo "Error: Invalid parameter '--auto'. OpenVPN is already set up on this server." >&2
+		show_usage "Invalid parameter '--auto'. OpenVPN is already set up on this server."
 		echo "       To manage OpenVPN clients, re-run this script without '--auto'." >&2
 		exit 1
 	fi
 	if [ "$((add_client + export_client + list_clients + revoke_client))" -gt 1 ]; then
 		show_usage "Invalid parameters. Specify only one of '--addclient', '--exportclient', '--listclients' or '--revokeclient'."
@@ -174,6 +203,17 @@ check_args() {
 		[ "$revoke_client" = 1 ] && exiterr "You must first set up OpenVPN before revoking a client."
 		[ "$remove_ovpn" = 1 ] && exiterr "Cannot remove OpenVPN because it has not been set up on this server."
 	fi
 	if [ "$((add_client + export_client + revoke_client))" = 1 ] && [ -n "$first_client_name" ]; then
 		show_usage "Invalid parameters. '--clientname' can only be specified when installing OpenVPN."
 	fi
 	if [ -n "$server_addr" ] || [ -n "$server_proto" ] || [ -n "$server_port" ] \
 		|| [ -n "$first_client_name" ] || [ -n "$dns1" ]; then
 			if [ -e "$OVPN_CONF" ]; then
 				show_usage "Invalid parameters. OpenVPN is already set up on this server."
 			elif [ "$auto" = 0 ]; then
 				show_usage "Invalid parameters. You must specify '--auto' when using these parameters."
 			fi
 	fi
 	if [ "$add_client" = 1 ]; then
 		set_client_name
 		if [ -z "$client" ]; then
@@ -188,6 +228,46 @@ check_args() {
 			exiterr "Invalid client name, or client does not exist."
 		fi
 	fi
 	if [ -n "$server_addr" ] && ! check_dns_name "$server_addr"; then
 		exiterr "Invalid server address. Must be a fully qualified domain name (FQDN)."
 	fi
 	if [ -n "$first_client_name" ]; then
 		unsanitized_client="$first_client_name"
 		set_client_name
 		if [ -z "$client" ]; then
 			exiterr "Invalid client name. Use one word only, no special characters except '-' and '_'."
 		fi
 	fi
 	if [ -n "$server_proto" ]; then
 		case "$server_proto" in
 			[tT][cC][pP])
 				server_proto=tcp
 				;;
 			[uU][dD][pP])
 				server_proto=udp
 				;;
 			*)
 				exiterr "Invalid protocol. Must be TCP or UDP."
 				;;
 		esac
 	fi
 	if [ -n "$server_port" ]; then
 		if [[ ! "$server_port" =~ ^[0-9]+$ || "$server_port" -gt 65535 ]]; then
 			exiterr "Invalid port. Must be an integer between 1 and 65535."
 		fi
 	fi
 	if { [ -n "$dns1" ] && ! check_ip "$dns1"; } \
 		|| { [ -n "$dns2" ] && ! check_ip "$dns2"; }; then
 		exiterr "Invalid DNS server(s)."
 	fi
 	if [ -z "$dns1" ] && [ -n "$dns2" ]; then
 		show_usage "Invalid DNS server. --dns2 cannot be specified without --dns1."
 	fi
 	if [ -n "$dns1" ]; then
 		dns=7
 	else
 		dns=2
 	fi
 }
 check_nftables() {
@@ -278,7 +358,7 @@ cat 1>&2 <<EOF
 Usage: bash $0 [options]
 Options:
-  --auto                        auto install OpenVPN using default options
+
  --addclient [client name]     add a new client
  --exportclient [client name]  export configuration for an existing client
  --listclients                 list the names of existing clients
@@ -287,7 +367,18 @@ Options:
  -y, --yes                     assume "yes" as answer to prompts when revoking a client or removing OpenVPN
  -h, --help                    show this help message and exit
-To customize install options, run this script without arguments.
+Install options (optional):
  --auto                        auto install OpenVPN using default or custom options
  --serveraddr [DNS name]       server address, must be a fully qualified domain name (FQDN).
                                If not specified, the server's IPv4 address will be used.
  --proto [TCP or UDP]          protocol for OpenVPN (TCP or UDP, default: UDP)
  --port [number]               port for OpenVPN (1-65535, default: 1194)
  --clientname [client name]    name for the first OpenVPN client (default: client)
  --dns1 [DNS server IP]        primary DNS server for clients (default: Google Public DNS)
  --dns2 [DNS server IP]        secondary DNS server for clients
 To customize options, you may also run this script without arguments.
 EOF
 	exit 1
 }
@@ -299,11 +390,26 @@ show_welcome() {
 		echo 'You can use the default options and just press enter if you are OK with them.'
 	else
 		show_header
 		op_text=default
 		if [ -n "$server_addr" ] || [ -n "$server_proto" ] || [ -n "$server_port" ] \
 			|| [ -n "$first_client_name" ] || [ -n "$dns1" ]; then
 			op_text=custom
 		fi
 		echo
-		echo 'Starting OpenVPN setup using default options.'
+		echo "Starting OpenVPN setup using $op_text options."
 	fi
 }
 show_dns_name_note() {
 cat <<EOF
 Note: Make sure this DNS name '$server_addr'
      resolves to the IPv4 address of this server. If you add
      or update the DNS record at a later time, you must reboot
      this server to take effect.
 EOF
 }
 enter_server_address() {
 	echo
 	echo "Do you want OpenVPN clients to connect to this server using a DNS name,"
@@ -325,10 +431,7 @@ enter_server_address() {
 			read -rp "Enter the DNS name of this VPN server: " server_addr
 		done
 		ip="$server_addr"
-		echo
+		show_dns_name_note
 		echo "Note: Make sure this DNS name resolves to the IPv4 address"
 		echo "      of this server. If you add or update the DNS record"
 		echo "      at a later time, reboot this server to take effect."
 	else
 		detect_ip
 		check_nat_ip
@@ -417,11 +520,29 @@ check_nat_ip() {
 show_config() {
 	if [ "$auto" != 0 ]; then
 		echo
-		printf '%s' "Server IP: "
+		if [ -n "$server_addr" ]; then
-		[ -n "$public_ip" ] && printf '%s\n' "$public_ip" || printf '%s\n' "$ip"
+			echo "Server address: $server_addr"
-		echo "Port: UDP/1194"
+		else
-		echo "Client name: client"
+			printf '%s' "Server IP: "
-		echo "Client DNS: Google Public DNS"
+			[ -n "$public_ip" ] && printf '%s\n' "$public_ip" || printf '%s\n' "$ip"
 		fi
 		if [ "$server_proto" = "tcp" ]; then
 			proto_text=TCP
 		else
 			proto_text=UDP
 		fi
 		[ -n "$server_port" ] && port_text="$server_port" || port_text=1194
 		[ -n "$first_client_name" ] && client_text="$client" || client_text=client
 		if [ -n "$dns1" ] && [ -n "$dns2" ]; then
 			dns_text="$dns1, $dns2"
 		elif [ -n "$dns1" ]; then
 			dns_text="$dns1"
 		else
 			dns_text="Google Public DNS"
 		fi
 		echo "Port: $proto_text/$port_text"
 		echo "Client name: $client_text"
 		echo "Client DNS: $dns_text"
 	fi
 }
@@ -452,7 +573,7 @@ select_protocol() {
 			;;
 		esac
 	else
-		protocol=udp
+		[ -n "$server_proto" ] && protocol="$server_proto" || protocol=udp
 	fi
 }
@@ -467,7 +588,7 @@ select_port() {
 		done
 		[[ -z "$port" ]] && port=1194
 	else
-		port=1194
+		[ -n "$server_port" ] && port="$server_port" || port=1194
 	fi
 }
@@ -516,7 +637,12 @@ enter_first_client_name() {
 		set_client_name
 		[[ -z "$client" ]] && client=client
 	else
-		client=client
+		if [ -n "$first_client_name" ]; then
 			unsanitized_client="$first_client_name"
 			set_client_name
 		else
 			client=client
 		fi
 	fi
 }
@@ -1232,6 +1358,17 @@ export_client=0
 list_clients=0
 revoke_client=0
 remove_ovpn=0
 server_addr_set=0
 public_ip=""
 server_addr=""
 server_proto=""
 server_port=""
 first_client_name=""
 unsanitized_client=""
 client=""
 dns=""
 dns1=""
 dns2=""
 parse_args "$@"
 check_args
@@ -1299,18 +1436,23 @@ if [[ ! -e "$OVPN_CONF" ]]; then
 	install_wget
 	install_iproute
 	show_welcome
 	public_ip=""
 	if [ "$auto" = 0 ]; then
 		enter_server_address
 	else
-		detect_ip
+		if [ -n "$server_addr" ]; then
-		check_nat_ip
+			ip="$server_addr"
 		else
 			detect_ip
 			check_nat_ip
 		fi
 	fi
 	show_config
 	detect_ipv6
 	select_protocol
 	select_port
-	select_dns
+	if [ "$auto" = 0 ]; then
 		select_dns
 	fi
 	enter_first_client_name
 	show_setup_ready
 	check_firewall
@@ -1330,6 +1472,9 @@ if [[ ! -e "$OVPN_CONF" ]]; then
 	create_client_common
 	start_openvpn_service
 	new_client
 	if [ "$auto" != 0 ] && [ "$server_addr_set" = 1 ]; then
 		show_dns_name_note
 	fi
 	finish_setup
 else
 	show_header