From 2f5795b0c383798c55dfec91a00a45b2a88ff554 Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 00:11:03 +0200
Subject: [PATCH 1/9] Refactor newClient()

---
 openvpn-install.sh | 78 ++++++++++++++++++++++++----------------------
 1 file changed, 41 insertions(+), 37 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 4db321d..8904079 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -60,35 +60,68 @@ else
 	exit 4
 fi
 
-newclient () {
+function newclient () {
+	echo ""
+	echo "Do you want to protect the configuration file with a password?"
+	echo "(e.g. encrypt the private key with a password)"
+	echo "   1) Add a passwordless client"
+	echo "   2) Use a password for the client"
+
+	until [[ "$pass" =~ ^[1-2]$ ]]; do
+		read -rp "Select an option [1-2]: " -e -i 1 local pass
+	done
+	
+	echo ""
+	echo "Tell me a name for the client cert"
+	echo "Use one word only, no special characters"
+
+	until [[ "$client" =~ ^[a-zA-Z0-9_]+$ ]]; do
+		read -rp "Client name: " -e local client
+	done
+
+	cd /etc/openvpn/easy-rsa/ || return
+	case $pass in
+		1)
+		./easyrsa build-client-full $client nopass
+		;;
+		2)
+		echo "⚠️ You will be asked for the client password below ⚠️"
+		./easyrsa build-client-full $client
+		;;
+	esac
+
 	# Where to write the custom client.ovpn?
-	if [ -e "/home/$1" ]; then  # if $1 is a user name
-		homeDir="/home/$1"
+	if [ -e "/home/$client" ]; then  # if $1 is a user name
+		homeDir="/home/$client"
 	elif [ "${SUDO_USER}" ]; then   # if not, use SUDO_USER
 		homeDir="/home/${SUDO_USER}"
 	else  # if not SUDO_USER, use /root
 		homeDir="/root"
 	fi
 	# Generates the custom client.ovpn
-	cp /etc/openvpn/client-template.txt "$homeDir/$1.ovpn"
+	cp /etc/openvpn/client-template.txt "$homeDir/$client.ovpn"
 	{
 		echo "<ca>"
 		cat "/etc/openvpn/easy-rsa/pki/ca.crt"
 		echo "</ca>"
 
 		echo "<cert>"
-		cat "/etc/openvpn/easy-rsa/pki/issued/$1.crt"
+		cat "/etc/openvpn/easy-rsa/pki/issued/$client.crt"
 		echo "</cert>"
 
 		echo "<key>"
-		cat "/etc/openvpn/easy-rsa/pki/private/$1.key"
+		cat "/etc/openvpn/easy-rsa/pki/private/$client.key"
 		echo "</key>"
 		echo "key-direction 1"
 
 		echo "<tls-auth>"
 		cat "/etc/openvpn/tls-auth.key"
 		echo "</tls-auth>"
-	} >> "$homeDir/$1.ovpn"
+	} >> "$homeDir/$client.ovpn"
+
+	echo ""
+	echo "Client $client added, certs available at $homeDir/$client.ovpn"
+	exit
 }
 
 # Get Internet network interface with default route
@@ -112,38 +145,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 
 		case $option in
 			1)
-			echo ""
-			echo "Do you want to protect the configuration file with a password?"
-			echo "(e.g. encrypt the private key with a password)"
-			echo "   1) Add a passwordless client"
-			echo "   2) Use a password for the client"
-			until [[ "$pass" =~ ^[1-2]$ ]]; do
-				read -rp "Select an option [1-2]: " -e -i 1 pass
-			done
-			echo ""
-			echo "Tell me a name for the client cert"
-			echo "Use one word only, no special characters"
-			until [[ "$CLIENT" =~ ^[a-zA-Z0-9_]+$ ]]; do
-				read -rp "Client name: " -e CLIENT
-			done
-
-			cd /etc/openvpn/easy-rsa/ || return
-			case $pass in
-				1)
-				./easyrsa build-client-full $CLIENT nopass
-				;;
-				2)
-				echo "⚠️ You will be asked for the client password below ⚠️"
-				./easyrsa build-client-full $CLIENT
-				;;
-			esac
-
 			# Generates the custom client.ovpn
-			newclient "$CLIENT"
+			newclient
 
-			echo ""
-			echo "Client $CLIENT added, certs available at $homeDir/$CLIENT.ovpn"
-			exit
 			;;
 			2)
 			NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")

From 602c169bd8b1df63e5eb2627702cf77491f79262 Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 00:18:05 +0200
Subject: [PATCH 2/9] Remove uneeded lines after newClient() refactoring

---
 openvpn-install.sh | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 8904079..e4b10c9 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -774,11 +774,7 @@ setenv opt block-outside-dns
 verb 3" >> /etc/openvpn/client-template.txt
 
 	# Generate the custom client.ovpn
-	newclient "$CLIENT"
-	echo ""
-	echo "Finished!"
-	echo ""
-	echo "Your client config is available at $homeDir/$CLIENT.ovpn"
+	newclient
 	echo "If you want to add more clients, you simply need to run this script another time!"
 fi
 exit 0;

From ff5c7aef41b4a7c998e89003f8abd407ebedca7b Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 00:52:24 +0200
Subject: [PATCH 3/9] Add a functions and main section, add initialCheck ()

---
 openvpn-install.sh | 43 +++++++++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index e4b10c9..7790bba 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -3,18 +3,41 @@
 # Secure OpenVPN server installer for Debian, Ubuntu, CentOS and Arch Linux
 # https://github.com/Angristan/OpenVPN-install
 
+#########################################
+############    FUNCTIONS    ############
+#########################################
 
-# Verify root
-if [[ "$EUID" -ne 0 ]]; then
-	echo "Sorry, you need to run this as root"
-	exit 1
-fi
+function tunAvailable () {
+	if [[ -e /dev/net/tun ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
 
-# Verify tun
-if [[ ! -e /dev/net/tun ]]; then
-	echo "TUN is not available"
-	exit 2
-fi
+function isRoot () {
+	if [[ "$EUID" -eq 0 ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+function initialCheck () {
+	if ! isRoot; then
+		echo "Sorry, you need to run this as root"
+		exit 1
+	elif ! tunAvailable; then
+		echo "TUN is not available"
+		exit 2
+	fi
+}
+
+##########################################
+###############    MAIN    ###############
+##########################################
+
+initialCheck
 
 # Check if CentOS 5
 if grep -qs "CentOS release 5" "/etc/redhat-release"; then

From 468a1afa464dceeb75d4c14c13d747d9a47135fe Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 01:01:30 +0200
Subject: [PATCH 4/9] Add checkOS ()

---
 openvpn-install.sh | 93 ++++++++++++++++++++++++----------------------
 1 file changed, 49 insertions(+), 44 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 7790bba..0714f0f 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -23,14 +23,62 @@ function isRoot () {
 	fi
 }
 
+function checkOS () {
+	# Check if CentOS 5
+	if grep -qs "CentOS release 5" "/etc/redhat-release"; then
+		echo "CentOS 5 is too old and not supported"
+		exit 1
+	fi
+
+	if [[ -e /etc/debian_version ]]; then
+		OS="debian"
+		# Getting the version number, to verify that a recent version of OpenVPN is available
+		VERSION_ID=$(grep "VERSION_ID" /etc/os-release)
+		IPTABLES='/etc/iptables/iptables.rules'
+		SYSCTL='/etc/sysctl.conf'
+		if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="18.04"' ]]; then
+			echo "Your version of Debian/Ubuntu is not supported."
+			echo "I can't install a recent version of OpenVPN on your system."
+			echo ""
+			echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
+			echo "then you can continue, a recent version of OpenVPN is available on these."
+			echo "Keep in mind they are not supported, though."
+			while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do
+				read -rp "Continue ? [y/n]: " -e local CONTINUE
+			done
+			if [[ "$CONTINUE" = "n" ]]; then
+				echo "Ok, bye !"
+				exit 1
+			fi
+		fi
+	elif [[ -e /etc/fedora-release ]]; then
+		OS=fedora
+		IPTABLES='/etc/iptables/iptables.rules'
+		SYSCTL='/etc/sysctl.d/openvpn.conf'
+	elif [[ -e /etc/centos-release || -e /etc/redhat-release || -e /etc/system-release ]]; then
+		OS=centos
+		IPTABLES='/etc/iptables/iptables.rules'
+		SYSCTL='/etc/sysctl.conf'
+	elif [[ -e /etc/arch-release ]]; then
+		OS=arch
+		IPTABLES='/etc/iptables/iptables.rules'
+		SYSCTL='/etc/sysctl.d/openvpn.conf'
+	else
+		echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
+		exit 1
+	fi
+}
+
 function initialCheck () {
 	if ! isRoot; then
 		echo "Sorry, you need to run this as root"
 		exit 1
 	elif ! tunAvailable; then
 		echo "TUN is not available"
-		exit 2
+		exit 1
 	fi
+
+	checkOS
 }
 
 ##########################################
@@ -39,49 +87,6 @@ function initialCheck () {
 
 initialCheck
 
-# Check if CentOS 5
-if grep -qs "CentOS release 5" "/etc/redhat-release"; then
-	echo "CentOS 5 is too old and not supported"
-	exit 3
-fi
-
-if [[ -e /etc/debian_version ]]; then
-	OS="debian"
-	# Getting the version number, to verify that a recent version of OpenVPN is available
-	VERSION_ID=$(grep "VERSION_ID" /etc/os-release)
-	IPTABLES='/etc/iptables/iptables.rules'
-	SYSCTL='/etc/sysctl.conf'
-	if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="18.04"' ]]; then
-		echo "Your version of Debian/Ubuntu is not supported."
-		echo "I can't install a recent version of OpenVPN on your system."
-		echo ""
-		echo "However, if you're using Debian unstable/testing, or Ubuntu beta,"
-		echo "then you can continue, a recent version of OpenVPN is available on these."
-		echo "Keep in mind they are not supported, though."
-		while [[ $CONTINUE != "y" && $CONTINUE != "n" ]]; do
-			read -rp "Continue ? [y/n]: " -e CONTINUE
-		done
-		if [[ "$CONTINUE" = "n" ]]; then
-			echo "Ok, bye !"
-			exit 4
-		fi
-	fi
-elif [[ -e /etc/fedora-release ]]; then
-	OS=fedora
-	IPTABLES='/etc/iptables/iptables.rules'
-	SYSCTL='/etc/sysctl.d/openvpn.conf'
-elif [[ -e /etc/centos-release || -e /etc/redhat-release || -e /etc/system-release ]]; then
-	OS=centos
-	IPTABLES='/etc/iptables/iptables.rules'
-	SYSCTL='/etc/sysctl.conf'
-elif [[ -e /etc/arch-release ]]; then
-	OS=arch
-	IPTABLES='/etc/iptables/iptables.rules'
-	SYSCTL='/etc/sysctl.d/openvpn.conf'
-else
-	echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
-	exit 4
-fi
 
 function newclient () {
 	echo ""

From e4ddb22032b857dfc14af01165512ad600fb6ca2 Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 01:01:58 +0200
Subject: [PATCH 5/9] Move newClient () into functions section

---
 openvpn-install.sh | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 0714f0f..d414f05 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -81,13 +81,6 @@ function initialCheck () {
 	checkOS
 }
 
-##########################################
-###############    MAIN    ###############
-##########################################
-
-initialCheck
-
-
 function newclient () {
 	echo ""
 	echo "Do you want to protect the configuration file with a password?"
@@ -152,6 +145,12 @@ function newclient () {
 	exit
 }
 
+##########################################
+###############    MAIN    ###############
+##########################################
+
+initialCheck
+
 # Get Internet network interface with default route
 NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
 

From 424b69cd607b049f3715459bb8c36df2e74be41e Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 01:03:35 +0200
Subject: [PATCH 6/9] Add getNIC ()

---
 openvpn-install.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index d414f05..dff1c2b 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -81,6 +81,10 @@ function initialCheck () {
 	checkOS
 }
 
+function getNIC () {
+	return $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
+}
+
 function newclient () {
 	echo ""
 	echo "Do you want to protect the configuration file with a password?"
@@ -152,7 +156,7 @@ function newclient () {
 initialCheck
 
 # Get Internet network interface with default route
-NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
+NIC=$(getNIC)
 
 if [[ -e /etc/openvpn/server.conf ]]; then
 	while :

From d3cabadd8f8402f17408db060282e6d94fb8dfa9 Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 02:35:44 +0200
Subject: [PATCH 7/9] Refactor my refactoring :)

---
 openvpn-install.sh | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index dff1c2b..c877db8 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -7,18 +7,14 @@
 ############    FUNCTIONS    ############
 #########################################
 
-function tunAvailable () {
-	if [[ -e /dev/net/tun ]]; then
-		return 0
-	else
+function isRoot () {
+	if [ "$EUID" -ne 0 ]; then
 		return 1
 	fi
 }
 
-function isRoot () {
-	if [[ "$EUID" -eq 0 ]]; then
-		return 0
-	else
+function tunAvailable () {
+	if [ ! -e /dev/net/tun ]; then
 		return 1
 	fi
 }

From 47a94d67c1a57769f0cf9cf7a4f1733cdb0cfcfc Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Sun, 19 Aug 2018 13:54:09 +0200
Subject: [PATCH 8/9] Use 2 if instead of elif

---
 openvpn-install.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index c877db8..c33938f 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -69,7 +69,8 @@ function initialCheck () {
 	if ! isRoot; then
 		echo "Sorry, you need to run this as root"
 		exit 1
-	elif ! tunAvailable; then
+	fi
+	if ! tunAvailable; then
 		echo "TUN is not available"
 		exit 1
 	fi

From 3f377de6813b417729b4e840921544825e1df4da Mon Sep 17 00:00:00 2001
From: Angristan <angristan@pm.me>
Date: Mon, 20 Aug 2018 22:16:28 +0200
Subject: [PATCH 9/9] Add installEasyRsa ()

---
 openvpn-install.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index c33938f..700dda4 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -82,6 +82,15 @@ function getNIC () {
 	return $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
 }
 
+function installEasyRsa () {
+	wget -O ~/EasyRSA-3.0.4.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
+	tar xzf ~/EasyRSA-3.0.4.tgz -C ~/
+	mv ~/EasyRSA-3.0.4/ /etc/openvpn/
+	mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
+	chown -R root:root /etc/openvpn/easy-rsa/
+	rm -f ~/EasyRSA-3.0.4.tgz
+}
+
 function newclient () {
 	echo ""
 	echo "Do you want to protect the configuration file with a password?"
@@ -562,13 +571,9 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
 	if [[ -d /etc/openvpn/easy-rsa/ ]]; then
 		rm -rf /etc/openvpn/easy-rsa/
 	fi
-	# Get easy-rsa
-	wget -O ~/EasyRSA-3.0.4.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
-	tar xzf ~/EasyRSA-3.0.4.tgz -C ~/
-	mv ~/EasyRSA-3.0.4/ /etc/openvpn/
-	mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
-	chown -R root:root /etc/openvpn/easy-rsa/
-	rm -f ~/EasyRSA-3.0.4.tgz
+	# Install easy-rsa
+	installEasyRsa
+
 	cd /etc/openvpn/easy-rsa/ || return
 	# Generate a random, alphanumeric identifier of 16 characters for CN and one for server name
 	SERVER_CN="cn_$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 16 | head -n 1)"