Help with Creating a script (Leap)

Hello all! I have been trying to create several scripts to just make things easier for starting my VPN and other services yet I can only get part of it working and still have to type in the rest and google isn’t helping as the examples I can find are basically just how to make the terminal say “Hello”. Here is the commands that I need to run to start my vpn (the simplest one I want to make a script for) or for scripts I have no clue what they are for and programs I don’t use.

This is what I do to start my VPN (Where it says “root password” “user” “password” its my root password, username for vpn, and password for vpn service.)

cd /etc/openvpn/
sudo openvpn 'US East.ovpn'
root password
username
password

The farthest I can get with the script from using kwrite (and then changing the the permissions) is that I get asked for the root password, type it in, openvpn will start and then I have to type in the username, and password. I don’t mind having to type in the root password but the username and password for the VPN service is randomly generated and I can never remember it and I would like to have the script enter in those itself.

If I can get this working from seeing how it should be done I should be able to do the other 3 scripts myself, I have tried various ways doing it using ;. &&, echo, separate lines, nothing is working I just need an example.

Thank you for your time!

I can propose something for everything except the username and password, you’ll have to provide information how those are generated since you say those are randomly generated.

It’d be useful to know at least whether those are stored as variables which are accessibly by script, and if you don’t know that at least what is being used to generate those values and how you know them.

TSU

Assuming that you are using a GUI and it’s something that supports the “Network Manager” (“KDE Plasma 5” or “Gnome”) with either KWallet or the Gnome Keyring configured then, from the Network Manager Connection Editor set-up a new connection using the choice “OpenVPN”. Alternatively, the NM Config Editor does offer the possibility to “Import VPN” (File Menu).
KWallet or Keyring are the preferred method(s) to store passwords and other data related to network connections.

Occurred to me,
Are you mixing up terminology?
Username/passwords are usually known and stay the same once issued.
Ephemeral certificates are typically created on demand to encrypt a connection, these of course cannot be static or they would be broken easily.

TSU

Sorry for the confusion I meant the username and password was generated upon signup, it doesn’t change everytime, it’s just random letters and numbers that i keep in a txt file to look at it and type it in when I need to. It’s always the same. Also no GUI just using terminal most of the time, my work requires a vpn. If you must know it’s private internet access which is one of their approved vpn’s.

You could take a look at “wicked”; and I’m making an assumption here that the system uses systemd for booting.
In the “wicked” documentation in the ‘samples/wicked’ directory there’s an example .xml for openVPN.
Also, take a look at the openSUSE Wicked Portal: <https://en.opensuse.org/Portal:Wicked&gt;

The problem is I want to learn. and Openvpn is just the simplest script I want to write once I see that and how scripts work I can make one for ffmpeg and other things. I will look into that though for openvpn though. Thank you.

OK. Leaning a long way out of the window and putting my foot in my mouth.] IMHO this is possibly not a bad place to learn about scripts and the gentle art of scripting.

  • Be aware that writing and using scripts is a method to do system “things” without having to dive into the deep and complicated world of system programming.
  • Script languages: there are an awful amount of them . . .
  • The following *NIX CLI Shells all have an associated script language: C-Shell, Bourne-Shell, Korn-Shell, Bash.
  • There are also “pure” scripting languages (AFAIK no one has to date bothered to use them for a CLI) such as: Perl, Ruby, JavaScript, Tcl, et al.
  • In all cases, try to develop a logical and consistent scripting style: for example Shell scripts should always have the following as the first line (Bash example):

[INDENT=2]#!/bin/bash
[/INDENT]

  • If you need to use variables in your script, define them early, clearly and concisely (also a Bash example):

[INDENT=2]netnode=$(hostname)
user=$(whoami)
[/INDENT]

  • Place comments in your script to ensure that the script can be clearly understood (yet another Bash example):

[INDENT=2]#

Cannot use -a --archive: both imply -rlptgoD

-g --group “preserve group” is not supported by a WD MyBookWorld.

Add --inplace after --stats if there are directories with the “sticky” bit set . . .

Usually add --inplace after --stats if really large files (databases) need to be cloned.

#[/INDENT]

  • In many cases it is nice to inform the user that something has happened (Bash again):

[INDENT=2]echo ‘** Finished!!’
[/INDENT]

Returning to the root password issue:
You could run your script by invoking it via ‘sudo’. The following URL is a reasonable tutorial for setting-up ‘sudo’: <https://wiki.archlinux.org/index.php/sudo>

I wan’t planning on an official announce yet,
But I’ve been compiling some interesting scriptlet code I’ve used in the past to do some things.
Each example illustrates different BASH scripting concepts.

They start on this page.
Because this is not an an official announcement, it’s all very rough and will likely undergo complete transformations periodically until I settle on at least a presentation format.

https://en.opensuse.org/User:Tsu2/Scripts_and_Scriplets

Currently, it contains working examples for…
Creating your first BASH script and a link to Shell Check to debug your scripting
Auto-detecting your OS and/or your openSUSE distro version so you can tailor code for the installed system.
Various zypper unattended installs
Configure MySQL/MariaDB Secure setup in one command
Disable the common virtualization “dbus” error

TSU

Regarding the first post in this thread,

I’d suggest taking a look at my MySQL/Mariadb code example which automatically inserts answers when running an interactive script (which requires the User to type answers into the console).

Again, I still don’t know how the Username and Password are generated, if that either a variable or the code used to generate the username and passwords were inserted into my code, you would be able to automate your openvpn startup.

TSU

Hi,

systemd has an option to start specific vpn tunnel by just pointing to the correct file, but that requires you to rename the files ending in *.ovpn to *.conf files afaik.
For example you have all the files ending in *.ovpn in one directory you could cd inside that directory and do

for f in *.ovpn; do echo mv -v "$f" "${f%.ovpn}.conf"; done

Remove the echo if you want to actually rename the files. Remember you need proper permissions on those files in order to rename them.

Now create a file with ONLY your username and password for your vpn provider in it and the order matters. Name it to something like credentials.txt but thats arbitrary

username
password

replace the entries accordingly.

Edit the *.conf files to add the file that has your username and password, in our case credentials.txt
Assuming your *.ovpn files has a line that starts with

auth-user-pass

Then this code should do.

for f in *.conf; do echo ex -sc '/^auth-user-pass/s/$/ credentials.txt/' -cx "$f"; done

Again remove the echo to edit the files. Also rememder credentials.txt is just an example, name it to your own hearts contents :slight_smile:

One more thing to add in that conf file is the auth-nocache, something like

for f in *.conf; do echo ex -sc '/^auth-user-pass/a|auth-nocache' -cx "$f"; done

Remove the echo and it should add that entry just below the line containing **auth-user-pass
**
You can now copy those files *.conf files the credentials.txt and also the key certificates that came with your vpn provider, the files that ends in .crt and .pem etc in the directory

/etc/openvpn

Assuming all the files are inside one directory you can go inside it and do

cp -v * /etc/openvpn

To start connecting to Findland you can do

systemctl start openvpn@Finland

Assuming you have a *.conf file named Finland
to check the status

systemctl status -l openvpn@Finland

Of course you need a working internet connection for that to work :wink:
Also remember proper permissions (root) when copying files to /etc/openvpn since editing the files can be done by a normal user.
Good luck…

I admit to not “reading” all of this thread – I rely heavily on text-to-speech and it got a bit confusing – BUT …

I think that you should take a look at “expect” - A Tool for Automating Interactive Programs. This has been in the default repositories as long as I can remember. I use it mostly for monitoring connections and rebooting routers/modems.

Yes,
Expect is a popular app and approach to providing automated answers to interactive scripts…

But, awhile back I came across the method I describe that does the same thing, but doesn’t require installing an app to do this, and is very simple and straightforward.

I highly recommend using what I described, and provide a real world working example to set up MySQL/MariaDB security
https://en.opensuse.org/User:Tsu2/MySQL_and_Mariadb

TSU

Hi,

Let just assume that the rest of us here does not know how to use expect can you enlighten us? :wink:

Hi,

That syntax is called a heredoc

command <<EOF
blah..blah
blah..blah
....
EOF

which is POSIX shell syntax and that should be portable accross any Unix shell that is posix compliant.
Now the thing is some shell is not posix or is not even a decendant of the ancient Bourne shell like csh and the most recent fish shell etc. I know some folks here are *csh users so they can confirm what I’m talking about (prove me wrong). Also iirc zsh shel has some release that broke POSIX compatibilty. To make the long story short one should be aware which syntax is available or supported on his/her interactive shell, otherwise just create a script and put the correct shebang.

Thx for identifying the method which I’ve sometimes seen in various guises but never identified properly. After your identification, it’s possible to look up and understand the many possible ways to modify and implement a HereDoc, and I’ve accordingly updated my Wikipage. The TLDP link on my Wiki page lists shells that are known to support HereDoc.

TSU

Hi,

The bash manual has an entry about the here-documents

PAGER='less +/Here\ Documents' man bash

The POSIX webpage also has a short explanation.

http://pubs.opengroup.org/onlinepubs/007904875/utilities/xcu_chap02.html#tag_02_07_04
http://pubs.opengroup.org/onlinepubs/7908799/xcu/chap2.html#tag_001_007_004

Since ex was mentioned in that TLDP site, there is note about ex by some Unix historians

**In the beginning, there was ed. ed begat ex, and ex begat vi, and vi begat Vim. **
*“The Old Testament of Unix”
*

In openSUSE and probably SLE[SD] ex is a symlink to vim so the output of

file /bin/ex
readlink -f /bin/ex
realpath /bin/ex

Should confirm that. A heredoc may work with ex but is not needed since ex can edit files on its own because it has its own syntax. jfyi :slight_smile: