install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:565af91d8c2b1f12d87ea60e9734192fe1ca5354
Branches Tags
install:master
...
compare: install:f3a4dea46b11712db56990c8cf2568592f6b892c
Branches Tags
install:master

2 Commits
565af91d8c ... f3a4dea46b

Author SHA1 Message Date
Christoph
f3a4dea46b Ass script 'revoke_multiple_keys.sh'. 2024-05-11 15:19:34 +02:00
Christoph
df3e40f29c revoke_key.sh: add support for command line parameters. 2024-05-11 15:19:13 +02:00
2 changed files with 661 additions and 117 deletions
Show Stats Expand all files Collapse all files

351
revoke_key.sh
View File

@ -1,22 +1,93 @@
#!/usr/bin/env bash #!/usr/bin/env bash
script_dir="$(dirname $(realpath $0))" script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
log_file="$(mktemp)" log_file="$(mktemp)"
_date="$(date +%Y-%m-%d-%H%M)" _date="$(date +%Y-%m-%d-%H%M)"
key_names_reserverd="ta ca server" key_names_reserverd="ta ca server"
#if [[ $# -eq 0 ]] ; then
# BATCH_MODE=false
#elif [[ -z "${BATCH_MODE}" ]] ; then
# BATCH_MODE=false
#fi
# - For checking if revokation was successfull # - For checking if revokation was successfull
# - # -
_CHECK_DIR="$(mktemp -d)" _CHECK_DIR="$(mktemp -d)"
_RT_CERT="${_CHECK_DIR}/revoke-test.pem" _RT_CERT="${_CHECK_DIR}/revoke-test.pem"
#---------------------------------------
#----------------------------- # ----------
# Some functions # Base Function(s)
#----------------------------- # ----------
#---------------------------------------
usage() {
[[ -n "$1" ]] && error "$1"
[[ $terminal ]] && echo -e "
\033[1mUsage:\033[m
$(basename $0) [OPTION [OPTION ..
\033[1mDescription\033[m
Revoke a given key from a alos given (local) OpenVPN Service
\033[1mOptions\033[m
-b
No interaction possible - run this script in batch mode
-C <name-of the OpenVPN service instance>
The nae of the instance of the OpenVPN servive from which a key is requested
to remove.
Example:
-C \033[1mopp-home\033[m - Revoke a key from OpenVPN service, which is startet with
configuration \033[1m/etc/openvpn/opp-home\033[m
-h
Prints this help.
-N <key-name>
the name of the key, which is requested ti revoke from OpenVPN Service
-S
Don't restart Service after (successfully) revoking the given key
\033[1mFiles\033[m
No script configuration file is used.
Configuration files for the OpenVPN service must be exists, i.e. for service \033[1mopp-home\033[m
${working_dir}/conf/server-opp-home.conf
\033[1mExample:\033[m
interactive run - all needed parameters will be requested:
$(basename $0)
running in batch mode - revoke key 'gudrun' from local OpenVPN service 'opp-home'.
Dont restart service if finished.
$(basename $0) -b -S -C opp-home -N gudrun
"
clean_up 1
}
clean_up() { clean_up() {
@ -28,7 +99,7 @@ clean_up() {
} }
blank_line() { blank_line() {
if $terminal ; then if $terminal && ! ${BATCH_MODE}; then
echo "" echo ""
fi fi
} }
@ -48,6 +119,7 @@ is_int() {
} }
echononl(){ echononl(){
if $terminal && ! ${BATCH_MODE} ; then
echo X\\c > /tmp/shprompt$$ echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n "$*\\c" 1>&2 echo -e -n "$*\\c" 1>&2
@ -55,62 +127,116 @@ echononl(){
echo -e -n "$*" 1>&2 echo -e -n "$*" 1>&2
fi fi
rm /tmp/shprompt$$ rm /tmp/shprompt$$
fi
} }
error(){
echo ""
echo -e "\t[ \033[31m\033[1mError\033[m ]: $*"
echo ""
}
fatal(){ fatal(){
echo "" echo ""
echo -e "\t[ \033[31m\033[1mFatal\033[m ]: $*" if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
echo "" echo ""
echo -e "\t\033[37m\033[1mscript will be interrupted\033[m\033[m" echo -e " \033[31m\033[1mScript was interupted\033[m!"
else
echo " [ Fatal ]: $*"
echo ""
echo " Script was terminated...."
fi
echo "" echo ""
clean_up 1 clean_up 1
} }
error (){
echo ""
if $terminal && ! ${BATCH_MODE} ; then
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
else
echo "[ Error ]: $*"
fi
echo ""
}
warn (){ warn (){
echo "" echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" if $terminal && ! ${BATCH_MODE} ; then
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
else
echo "[ Warning ]: $*"
fi
echo "" echo ""
} }
info (){ warn_only_terminal () {
if $terminal && ! ${BATCH_MODE} ; then
echo "" echo ""
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo "" echo ""
fi
} }
info (){
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
echo ""
fi
}
ok (){
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
echo ""
fi
}
print_command () { print_command () {
echo "" echo ""
echo -e "\t\033[33m\033[1mCommand was\033[m: $*" echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
echo "" echo ""
} }
echo_done() { echo_done() {
echo -e "\033[80G[ \033[32mdone\033[m ]" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
fi
} }
echo_ok() { echo_ok() {
echo -e "\033[80G[ \033[32mok\033[m ]" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
} }
echo_warning() { echo_warn() {
echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[33mwarn\033[m ]"
fi
} }
echo_failed(){ echo_failed(){
echo -e "\033[80G[ \033[1;31mfailed\033[m ]" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
} }
echo_skipped() { echo_skipped() {
echo -e "\033[80G[ \033[37mskipped\033[m ]" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]"
fi
}
echo_wait(){
if $terminal && ! ${BATCH_MODE} ; then
echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
fi
} }
trap clean_up SIGHUP SIGINT SIGTERM trap clean_up SIGHUP SIGINT SIGTERM
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# ------------- # -
# --- Check some prerequisites if [[ -t 1 ]] ; then
# ------------- terminal=true
else
terminal=false
fi
# -Is systemd supported on this system? # -Is systemd supported on this system?
# - # -
@ -123,41 +249,90 @@ if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then
fi fi
clear # ----------
echo "" # - Read commandline parameter
echo -e "\033[21G\033[32mRevoke OpenVPN key.. \033[m" # ----------
echo ""
echo "" BATCH_MODE=false
OPENVPN_SERVER_CONFIG=
KEY_NAME_TO_REVOKE=
RESTART_OPENVPN_SERVICE=true
while getopts bC:hN:S opt ; do
case $opt in
b) BATCH_MODE=true
;;
C) OPENVPN_SERVER_CONFIG="${OPTARG}"
;;
h) usage
;;
N) KEY_NAME_TO_REVOKE="${OPTARG}"
;;
S) RESTART_OPENVPN_SERVICE=false
;;
esac
done
if ${BATCH_MODE} ; then
if [[ -z "${OPENVPN_SERVER_CONFIG}" ]] && [[ -z "${KEY_NAME_TO_REVOKE}" ]]; then
fatal "In batch mode both a server configuration (-C) and the key name (-N) musit be specified!"
elif [[ -z "${OPENVPN_SERVER_CONFIG}" ]] ; then
fatal "In batch mode also a server configuration (-C) must be specified!"
elif [[ -z "${KEY_NAME_TO_REVOKE}" ]]; then
fatal "In batch mode also the key name (-N) must be specified!"
fi
fi
#clear
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo -e "\033[21G\033[32mRevoke OpenVPN key.. \033[m"
echo ""
echo ""
fi
declare -a conf_file_arr=() declare -a conf_file_arr=()
declare -a conf_name_arr=() declare -a conf_name_arr=()
for _conf_file in `ls ${script_dir}/conf/server-*.conf 2>/dev/null` ; do for _conf_file in `ls ${working_dir}/conf/server-*.conf 2>/dev/null` ; do
conf_file_arr+=("${_conf_file}")
_basename=$(basename $_conf_file) _basename=$(basename $_conf_file)
_tmp_name=${_basename%%.*} _tmp_name=${_basename%%.*}
_tmp_name=${_tmp_name#*-} _tmp_name=${_tmp_name#*-}
if ${BATCH_MODE} ; then
if [[ "${_tmp_name}" = "${OPENVPN_SERVER_CONFIG}" ]]; then
conf_file="${_conf_file}"
break
fi
else
conf_name_arr+=("$_tmp_name") conf_name_arr+=("$_tmp_name")
conf_file_arr+=("${_conf_file}")
fi
done done
if [[ ${#conf_file_arr[@]} -lt 1 ]] ; then if [[ ${#conf_file_arr[@]} -lt 1 ]] && [[ -z "${conf_file}" ]]; then
fatal "NO Configuration found!" fatal "NO Configuration found!"
fi fi
echo "" blank_line
declare -i i=0 declare -i i=0
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then if ! ${BATCH_MODE} ; then
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
if $terminal ; then
echo "" echo ""
echo "Which Configuration should be loaded?" echo "Which Configuration should be loaded?"
echo "" echo ""
fi
for _conf_file in ${conf_file_arr[@]} ; do for _conf_file in ${conf_file_arr[@]} ; do
if $terminal ; then
echo " [${i}] ${conf_name_arr[${i}]}" echo " [${i}] ${conf_name_arr[${i}]}"
fi
(( i++ )) (( i++ ))
done done
_OK=false _OK=false
echo blank_line
echononl "Eingabe: " echononl "Eingabe: "
while ! $_OK ; do while ! $_OK ; do
read _IN read _IN
@ -165,27 +340,32 @@ if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
conf_file=${conf_file_arr[$_IN]} conf_file=${conf_file_arr[$_IN]}
_OK=true _OK=true
else else
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
if $terminal ; then
echo "" echo ""
echo -e "\tFalsche Eingabe !" echo -e "\tFalsche Eingabe !"
echo "" echo ""
fi
echononl "Eingabe: " echononl "Eingabe: "
fi fi
fi
done done
else else
conf_file=${conf_file_arr[0]} conf_file=${conf_file_arr[0]}
fi
fi fi
echo "" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[32m--\033[m" echo ""
echo "" echo -e "\033[32m--\033[m"
echo ""
fi
#--------------------------------------- # ----------
#----------------------------- # - Read Configurations from $conf_file
# Read Configurations from $conf_file # ----------
#-----------------------------
#---------------------------------------
echononl " Load Configuration File $(basename ${conf_file}).." echononl " Load Configuration File $(basename ${conf_file}).."
if [[ ! -f "$conf_file" ]]; then if [[ ! -f "$conf_file" ]]; then
@ -219,18 +399,24 @@ fi
echo "" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[32m--\033[m" echo ""
echo "" echo -e "\033[32m--\033[m"
KEY_NAME_TO_REVOKE="" echo ""
fi
#KEY_NAME_TO_REVOKE=""
if [ -z "$KEY_NAME_TO_REVOKE" ]; then if [ -z "$KEY_NAME_TO_REVOKE" ]; then
if $terminal && ! ${BATCH_MODE} ; then
echo "Insert key name you wish to revoke." echo "Insert key name you wish to revoke."
echo "" echo ""
echo "" echo ""
fi
echononl "key name to revoke: " echononl "key name to revoke: "
read KEY_NAME_TO_REVOKE read KEY_NAME_TO_REVOKE
while [ "X$KEY_NAME_TO_REVOKE" = "X" ] ; do while [ "X$KEY_NAME_TO_REVOKE" = "X" ] ; do
if $terminal && ! ${BATCH_MODE} ; then
echo -e "\n\t\033[33m\033[1mKey name is required!\033[m\n" echo -e "\n\t\033[33m\033[1mKey name is required!\033[m\n"
fi
echononl "key name: " echononl "key name: "
read KEY_NAME_TO_REVOKE read KEY_NAME_TO_REVOKE
done done
@ -260,29 +446,36 @@ if [[ ! -f "${_CLIENT_CERT}" ]]; then
fatal "Key '$KEY_NAME_TO_REVOKE' not found!" fatal "Key '$KEY_NAME_TO_REVOKE' not found!"
fi fi
echo "" if $terminal && ! ${BATCH_MODE} ; then
echo -e "\033[32m--\033[m" echo ""
echo "" echo -e "\033[32m--\033[m"
echo "Key to revoke...........: $(basename "$_CLIENT_KEY")" echo ""
info "Going to revoke key \033[37m\033[1m$(basename "$_CLIENT_KEY")\033[m.." echo "Server Configuration....: ${OPENVPN_SERVER_CONFIG}"
echo -n "To continue type uppercase 'YES': " echo "Key to revoke...........: $(basename "$_CLIENT_KEY")"
read OK
echo "" info "Going to revoke key \033[37m\033[1m$(basename "$_CLIENT_KEY")\033[m.."
if [[ "$OK" != "YES" ]] ; then echo -n "To continue type uppercase 'YES': "
read OK
echo ""
if [[ "$OK" != "YES" ]] ; then
fatal "Abort by user request - Answer as not 'YES'" fatal "Abort by user request - Answer as not 'YES'"
fi
fi
# ----------
# - Main part of script
# ----------
if $terminal && ! ${BATCH_MODE} ; then
echo ""
echo ""
echo -e " \033[1mMain part of script - Goimg to revoke key of requested user $(basename "$_CLIENT_KEY")..\033[m"
echo ""
fi fi
blank_line
#---------------------------------------
#-----------------------------
# Revoke Key
#-----------------------------
#---------------------------------------
echo ""
# --- # ---
# - Backup existing OpenVPN directory # - Backup existing OpenVPN directory
@ -473,21 +666,25 @@ else
fi fi
# --- # ---
# - Start apache webservice # - Restart OpenVPN service
# --- # ---
echo "" echo ""
echononl "\tRestart OpenVPN Service.." echononl "\tRestart OpenVPN Service.."
if $systemd_supported ; then if ${RESTART_OPENVPN_SERVICE} ; then
if $systemd_supported ; then
systemctl restart openvpn > $log_file 2>&1 systemctl restart openvpn > $log_file 2>&1
else else
/etc/init.d/openvpn restart > $log_file 2>&1 /etc/init.d/openvpn restart > $log_file 2>&1
fi fi
if [ "$?" = "0" ]; then if [ "$?" = "0" ]; then
echo_ok echo_ok
else else
echo_failed echo_failed
error "$(cat $log_file)" error "$(cat $log_file)"
warn "Restarting OpenVPN Service failed!." warn "Restarting OpenVPN Service failed!."
fi
else
echo_skipped
fi fi

347
revoke_multiple_keys.sh Executable file
View File

@ -0,0 +1,347 @@
#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/${script_name%%.*}.conf"
LOCK_DIR="/tmp/${script_name%%.*}.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log"
clean_up() {
# Perform program exit housekeeping
rm -rf "$LOCK_DIR"
blank_line
exit $1
}
echononl(){
if $terminal ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n " $*\\c" 1>&2
else
echo -e -n " $*" 1>&2
fi
rm /tmp/shprompt$$
fi
}
fatal(){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ]: $*"
echo ""
echo -e " \033[31m\033[1mScript was interupted\033[m!"
else
echo " [ Fatal ]: $*"
echo ""
echo " Script was terminated...."
fi
echo ""
clean_up 1
}
error (){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mError\033[m ]: $*"
else
echo "[ Error ]: $*"
fi
echo ""
}
warn (){
echo ""
if $terminal ; then
echo -e " [ \033[33m\033[1mWarning\033[m ]: $*"
else
echo "[ Warning ]: $*"
fi
echo ""
}
warn_only_terminal () {
if $terminal ; then
echo ""
echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
echo ""
fi
}
info (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
echo ""
fi
}
ok (){
if $terminal ; then
echo ""
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
echo ""
fi
}
echo_done() {
if $terminal ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
}
echo_warn() {
if $terminal ; then
echo -e "\033[75G[ \033[33mwarn\033[m ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
}
echo_skipped() {
if $terminal ; then
echo -e "\033[75G[ \033[90m\033[1mskipped\033[m ]"
fi
}
echo_wait(){
if $terminal ; then
echo -en "\033[75G[ \033[5m\033[1m...\033[m ]"
fi
}
# - Check if a given array (parameter 2) contains a given string (parameter 1)
# -
containsElement () {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
echo -n "$var"
}
is_number() {
return $(test ! -z "${1##*[!0-9]*}" > /dev/null 2>&1);
# - also possible
# -
#[[ ! -z "${1##*[!0-9]*}" ]] && return 0 || return 1
#return $([[ ! -z "${1##*[!0-9]*}" ]])
}
is_int() {
return $(test "$@" -eq "$@" > /dev/null 2>&1);
}
blank_line() {
if $terminal ; then
echo ""
fi
}
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
# -------------
# - Job is already running?
# -------------
# - If job already runs, stop execution..
# -
if mkdir "$LOCK_DIR" 2> /dev/null ; then
## - Remove lockdir when the script finishes, or when it receives a signal
trap "clean_up 1" SIGHUP SIGINT SIGTERM
else
datum="$(date +"%d.%m.%Y %H:%M")"
msg="[ Error ]: A previos instance of \"`basename $0`\" seems already be running.\n\n Exiting now.."
echo ""
echo "[ Error ]: A previos instance of that script \"`basename $0`\" seems already be running."
echo ""
echo -e " Exiting now.."
echo ""
for _email in ${alert_email_arr[@]} ; do
echo -e "To:${_email}\n${content_type}\nSubject:Error cronjob `basename $0` -- $datum\n${msg}\n" \
| sendmail -F "Error `hostname -f`" -f $sender_address $_email
done
exit 1
fi
# ==========
# - Begin Main Script
# ==========
# ----------
# - Headline
# ----------
if $terminal ; then
echo ""
echo -e "\033[1m----------\033[m"
echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m"
echo -e "\033[1m----------\033[m"
fi
declare -a conf_file_arr=()
declare -a conf_name_arr=()
for _conf_file in `ls ${working_dir}/conf/server-*.conf 2>/dev/null` ; do
_basename=$(basename $_conf_file)
_tmp_name=${_basename%%.*}
_tmp_name=${_tmp_name#*-}
conf_name_arr+=("$_tmp_name")
conf_file_arr+=("${_conf_file}")
done
if [[ ${#conf_file_arr[@]} -lt 1 ]] && [[ -z "${conf_file}" ]]; then
fatal "NO Configuration found!"
fi
blank_line
declare -i i=0
OPENVPN_INSTANCE=
if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
if $terminal ; then
echo ""
echo "Which Configuration should be loaded?"
echo ""
fi
for _conf_file in ${conf_file_arr[@]} ; do
if $terminal ; then
echo " [${i}] ${conf_name_arr[${i}]}"
fi
(( i++ ))
done
_OK=false
blank_line
echononl "Eingabe: "
while ! $_OK ; do
read _IN
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
OPENVPN_INSTANCE="${conf_name_arr[$_IN]}"
_OK=true
else
if is_number "$_IN" && [[ -n ${conf_file_arr[$_IN]} ]]; then
if $terminal ; then
echo ""
echo -e "\tFalsche Eingabe !"
echo ""
fi
echononl "Eingabe: "
fi
fi
done
else
OPENVPN_INSTANCE="${conf_name_arr[0]}"
fi
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert users(s), you wish to revoke from local OpenVPN system.."
echo ""
echo " Multiple users are supported - give a blank separated list"
echo ""
echo ""
users=
if [ -z "$_users" ]; then
echononl "Users: "
read users
while [ "X$users" = "X" ] ; do
echo -e "\n\t\033[33m\033[1mEingabe erforderlich.\033[m\n"
echononl "Users: "
read users
done
else
echononl "Users [${_users}]: "
read users
if [[ "X$users" = "X" ]]; then
users=$_users
fi
fi
# ----------
# - Main part of script
# ----------
if $terminal ; then
echo ""
echo ""
echo -e " \033[1mMain part of script - Goimg to revoke requested user..\033[m"
echo ""
fi
declare -a user_req_for_del_arr=()
for _user in ${users} ; do
user_req_for_del_arr+=("${_user}")
done
for _user in "${user_req_for_del_arr[@]}" ; do
echononl " Revoke user \033[1m${_user}\033[m from OpenVPN instance \033[1m${OPENVPN_INSTANCE}\033[m"
echo "1" | /usr/local/src/openvpn/get_all_keys.sh 2> /dev/null | grep -q -i $_user
if [[ $? -eq 0 ]] ; then
echo "1" | /usr/local/src/openvpn/get_revoked_keys.sh 2> /dev/null | grep -q -i $_user
if [[ $? -gt 0 ]] ; then
/usr/local/src/openvpn/revoke_key.sh -b -S -C ${OPENVPN_INSTANCE} -N ${_user} > ${log_file} 2>&1
if [[ $? -gt 0 ]]; then
echo_failed
error "$(cat ${log_file})"
else
echo_done
fi
else
echo_skipped
warn_only_terminal "User \033]1m${_user}\033[mn already revoked!"
fi
else
echo_skipped
warn_only_terminal "User \033]1m${_user}\033[mn has no OpenVPN credentials."
fi
done
echo ""
clean_up 0