kurobeats · November 22, 2019 12:51
diff --git a/pia-nm.sh b/pia-nm.sh
 #!/bin/bash
 #
 # Install OpenVPN profiles in NetworkManager for PIA
 #

 error() {
 	echo $@ >&2
 	exit 255
 }

 if [ "$(whoami)" != "root" ]; then
 	error "This script needs to be run as root. Try again with 'sudo $0'"
 fi

 pkgerror="Failed to install the required packages, aborting."

 ##
 # Debian-based distributions
 if command -v apt-get 2>&1 >/dev/null; then
 	installpkg=()

 	if ! dpkg -l python | grep -q '^ii'; then
 		installpkg+=(python)
 	fi

 	if ! dpkg -l network-manager-openvpn | grep -q '^ii'; then
 		installpkg+=(network-manager-openvpn)
 	fi

 	if [ ! -z "$installpkg" ]; then
 		apt-get install ${installpkg[@]} || error $pkgerror
 	fi

 ##
 # RHEL-based distributions
 elif command -v rpm 2>&1 >/dev/null; then
 	installpkg=()

 	if ! rpm -q python 2>&1 >/dev/null; then
 		installpkg+=(python)
 	fi

 	if ! rpm -q NetworkManager-openvpn 2>&1 >/dev/null; then
 		installpkg+=(NetworkManager-openvpn)
 	fi

 	if [ ! -z "$installpkg" ]; then
 		if which dnf; then
 			dnf install ${installpkg[@]} || error "$pkgerror"
 		else
 			yum install ${installpkg[@]} || error "$pkgerror"
 		fi
 	fi

 ##
 # ArchLinux
 elif command -v pacman 2>&1 >/dev/null; then
 	installpkg=()

 	if ! pacman -Q python 2>/dev/null; then
 		installpkg+=(python)
 	fi

 	if ! pacman -Q networkmanager-openvpn 2>/dev/null; then
 		installpkg+=(networkmanager-openvpn)
 	fi

 	if [ ! -z "$installpkg" ]; then
 		pacman -S ${installpkg[@]} || error "$pkgerror"
 	fi
 fi


 ##
 # Ask questions

 echo -n "PIA username (pNNNNNNN): "
 read pia_username

 if [ -z "$pia_username" ]; then
 	error "Username is required, aborting."
 fi


 echo -n "Connection method (UDP/tcp): "
 read pia_tcp

 case "$pia_tcp" in
 	U|u|UDP|udp|"")
 		pia_tcp=no
 		;;
 	T|t|TCP|tcp)
 		pia_tcp=yes
 		;;
 	*)
 		error "Connection protocol must be UDP or TCP."
 esac

 echo -n "Strong encryption (Y/n): "
 read pia_strong

 case "$pia_strong" in
 	Y|y|yes|"")
 		pia_cert=ca.rsa.4096.crt
 		pia_cipher=AES-256-CBC
 		pia_auth=SHA256

 		if [ "$pia_tcp" = "yes" ]; then
 			pia_port=501
 		else
 			pia_port=1197
 		fi
 		;;

 	N|n|no)
 		pia_cert=ca.rsa.2048.crt
 		pia_cipher=AES-128-CBC
 		pia_auth=SHA1

 		if [ "$pia_tcp" = "yes" ]; then
 			pia_port=502
 		else
 			pia_port=1198
 		fi
 		;;
 	*)
 		error "Strong encryption must be on or off."
 esac


 ##
 # Download and install
 test -d /etc/openvpn || mkdir /etc/openvpn
 curl -sS -o "/etc/openvpn/pia-$pia_cert" \
 	"https://www.privateinternetaccess.com/openvpn/$pia_cert" \
 	|| error "Failed to download OpenVPN CA certificate, aborting."

 IFS=$(echo)
 servers=$(curl -Ss "https://www.privateinternetaccess.com/vpninfo/servers?version=24" | head -1)

 if [ -z "$servers" ]; then
 	error "Failed to download server list, aborting."
 fi

 rm -f "/etc/NetworkManager/system-connections/PIA - "*

 servers=$(python <<EOF
 import sys
 import json
 data = json.loads('$servers')
 for k in list(data.keys()):
    if k != "info":
        print(data[k]["dns"] + ':' + data[k]["name"])
 EOF
 )

 echo "$servers" | while read server; do
 	host=$(echo "$server" | cut -d: -f1)
 	name="PIA - "$(echo "$server" | cut -d: -f2)
 	nmfile="/etc/NetworkManager/system-connections/$name"

 	cat <<EOF > "$nmfile"
 [connection]
 id=$name
 uuid=$(uuidgen)
 type=vpn
 autoconnect=false

 [vpn]
 service-type=org.freedesktop.NetworkManager.openvpn
 username=$pia_username
 comp-lzo=no
 remote=$host
 cipher=$pia_cipher
 auth=$pia_auth
 connection-type=password
 password-flags=1
 port=$pia_port
 proto-tcp=$pia_tcp
 ca=/etc/openvpn/pia-$pia_cert

 [ipv4]
 method=auto
 EOF
 	chmod 0600 "$nmfile"
 done

 nmcli connection reload || \
 	error "Failed to reload NetworkManager connections: installation was complete, but may require a restart to be effective."

 echo "Installation is complete!"
	#!/bin/bash
	#
	# Install OpenVPN profiles in NetworkManager for PIA
	#

	error() {
	echo $@ >&2
	exit 255
	}

	if [ "$(whoami)" != "root" ]; then
	error "This script needs to be run as root. Try again with 'sudo $0'"
	fi

	pkgerror="Failed to install the required packages, aborting."

	##
	# Debian-based distributions
	if command -v apt-get 2>&1 >/dev/null; then
	installpkg=()

	if ! dpkg -l python \| grep -q '^ii'; then
	installpkg+=(python)
	fi

	if ! dpkg -l network-manager-openvpn \| grep -q '^ii'; then
	installpkg+=(network-manager-openvpn)
	fi

	if [ ! -z "$installpkg" ]; then
	apt-get install ${installpkg[@]} \|\| error $pkgerror
	fi

	##
	# RHEL-based distributions
	elif command -v rpm 2>&1 >/dev/null; then
	installpkg=()

	if ! rpm -q python 2>&1 >/dev/null; then
	installpkg+=(python)
	fi

	if ! rpm -q NetworkManager-openvpn 2>&1 >/dev/null; then
	installpkg+=(NetworkManager-openvpn)
	fi

	if [ ! -z "$installpkg" ]; then
	if which dnf; then
	dnf install ${installpkg[@]} \|\| error "$pkgerror"
	else
	yum install ${installpkg[@]} \|\| error "$pkgerror"
	fi
	fi

	##
	# ArchLinux
	elif command -v pacman 2>&1 >/dev/null; then
	installpkg=()

	if ! pacman -Q python 2>/dev/null; then
	installpkg+=(python)
	fi

	if ! pacman -Q networkmanager-openvpn 2>/dev/null; then
	installpkg+=(networkmanager-openvpn)
	fi

	if [ ! -z "$installpkg" ]; then
	pacman -S ${installpkg[@]} \|\| error "$pkgerror"
	fi
	fi


	##
	# Ask questions

	echo -n "PIA username (pNNNNNNN): "
	read pia_username

	if [ -z "$pia_username" ]; then
	error "Username is required, aborting."
	fi


	echo -n "Connection method (UDP/tcp): "
	read pia_tcp

	case "$pia_tcp" in
	U\|u\|UDP\|udp\|"")
	pia_tcp=no
	;;
	T\|t\|TCP\|tcp)
	pia_tcp=yes
	;;
	*)
	error "Connection protocol must be UDP or TCP."
	esac

	echo -n "Strong encryption (Y/n): "
	read pia_strong

	case "$pia_strong" in
	Y\|y\|yes\|"")
	pia_cert=ca.rsa.4096.crt
	pia_cipher=AES-256-CBC
	pia_auth=SHA256

	if [ "$pia_tcp" = "yes" ]; then
	pia_port=501
	else
	pia_port=1197
	fi
	;;

	N\|n\|no)
	pia_cert=ca.rsa.2048.crt
	pia_cipher=AES-128-CBC
	pia_auth=SHA1

	if [ "$pia_tcp" = "yes" ]; then
	pia_port=502
	else
	pia_port=1198
	fi
	;;
	*)
	error "Strong encryption must be on or off."
	esac


	##
	# Download and install
	test -d /etc/openvpn \|\| mkdir /etc/openvpn
	curl -sS -o "/etc/openvpn/pia-$pia_cert" \
	"https://www.privateinternetaccess.com/openvpn/$pia_cert" \
	\|\| error "Failed to download OpenVPN CA certificate, aborting."

	IFS=$(echo)
	servers=$(curl -Ss "https://www.privateinternetaccess.com/vpninfo/servers?version=24" \| head -1)

	if [ -z "$servers" ]; then
	error "Failed to download server list, aborting."
	fi

	rm -f "/etc/NetworkManager/system-connections/PIA - "*

	servers=$(python <<EOF
	import sys
	import json
	data = json.loads('$servers')
	for k in list(data.keys()):
	if k != "info":
	print(data[k]["dns"] + ':' + data[k]["name"])
	EOF
	)

	echo "$servers" \| while read server; do
	host=$(echo "$server" \| cut -d: -f1)
	name="PIA - "$(echo "$server" \| cut -d: -f2)
	nmfile="/etc/NetworkManager/system-connections/$name"

	cat <<EOF > "$nmfile"
	[connection]
	id=$name
	uuid=$(uuidgen)
	type=vpn
	autoconnect=false

	[vpn]
	service-type=org.freedesktop.NetworkManager.openvpn
	username=$pia_username
	comp-lzo=no
	remote=$host
	cipher=$pia_cipher
	auth=$pia_auth
	connection-type=password
	password-flags=1
	port=$pia_port
	proto-tcp=$pia_tcp
	ca=/etc/openvpn/pia-$pia_cert

	[ipv4]
	method=auto
	EOF
	chmod 0600 "$nmfile"
	done

	nmcli connection reload \|\| \
	error "Failed to reload NetworkManager connections: installation was complete, but may require a restart to be effective."

	echo "Installation is complete!"