From 62854406f148a2beadf0281926b2166752076dba Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 26 Sep 2017 14:25:34 +0100
Subject: [PATCH] vpn user
---
src/freedombone-app-vpn | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 1647f01eb..9b3931e57 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -140,6 +140,8 @@ function remove_vpn {
shred -zu /home/$USERNAME/$OPENVPN_KEY_FILENAME
fi
done
+ userdel -f vpn
+ groupdel -f vpn
}
function create_user_vpn_key {
@@ -196,8 +198,8 @@ function create_user_vpn_key {
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf $user_vpn_cert_file
sed -i "s|remote .*|remote $DEFAULT_DOMAIN_NAME 1194|g" $user_vpn_cert_file
- sed -i 's|;user nobody|user nobody|g' $user_vpn_cert_file
- sed -i 's|;group nogroup|group nobody|g' $user_vpn_cert_file
+ sed -i 's|;user no.*|user vpn|g' $user_vpn_cert_file
+ sed -i 's|;group no.*|group vpn|g' $user_vpn_cert_file
sed -i 's|ca ca.crt|;ca ca.crt|g' $user_vpn_cert_file
sed -i 's|cert client.crt|;cert client.crt|g' $user_vpn_cert_file
@@ -244,12 +246,15 @@ function install_vpn {
exit 783953
fi
+ groupadd vpn
+ useradd -r -s /bin/false -g vpn vpn
+
# server configuration
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
sed -i "s|;push \"redirect-gateway|push \"redirect-gateway|g" /etc/openvpn/server.conf
sed -i 's|;push "dhcp-option|push "dhcp-option|g' /etc/openvpn/server.conf
- sed -i 's|;user nobody|user nobody|g' /etc/openvpn/server.conf
- sed -i 's|;group nogroup|group nobody|g' /etc/openvpn/server.conf
+ sed -i 's|;user no.*|user vpn|g' /etc/openvpn/server.conf
+ sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
--
GitLab