iron.git

diff --git a/iron-vpn/openvpn-create-client.sh b/iron-vpn/openvpn-create-client.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b6296568616a48bf50ef4976ffd6c8167338e8a5
--- /dev/null
+++ b/iron-vpn/openvpn-create-client.sh
@@ -0,0 +1,113 @@
+#! /bin/bash -x
+
+cd $(dirname $0)
+CURRDIR=$(pwd)
+#EASY_RSA_HOME=$CURRDIR/easy-rsa/easyrsa3
+EASY_RSA_HOME=/usr/share/easy-rsa/
+
+#..............................
+code_country="IT"
+code_province="RM"
+code_city="Roma"
+code_organization="vpn.augentelematica.it"
+code_email="paolo@lulli.net"
+vpn_port="1194"
+
+#..............................
+vpn_client="strange"
+#..............................
+
+source $EASY_RSA_HOME/vars
+
+#cd $EASY_RSA_HOME
+
+
+function ovpn_generate_client()
+{
+  client_dn=$1
+  #cd $EASY_RSA_HOME
+  export KEY_CN=${client_dn}
+  
+  ${EASY_RSA_HOME}/easyrsa build-client-full ${client_dn}
+}
+
+function ovpn_generate_client_assembly()
+{
+  cd $CURRDIR
+  mkdir -p "$CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}"
+  cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  cp $CURRDIR/pki/issued/${vpn_client}.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  cp $CURRDIR/pki/private/${vpn_client}.key $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  
+cat<<__EOT__>$CURRDIR/server/${code_organization}-client/${vpn_client}/${code_organization}.conf
+client
+dev tun
+proto tcp
+#remote ${code_organization}
+remote 62.171.171.30 1194
+resolv-retry infinite
+nobind
+comp-lzo
+persist-key
+persist-tun
+askpass /etc/openvpn/passwordfile
+ca   /etc/openvpn/${vpn_client}/ca.crt
+cert /etc/openvpn/${vpn_client}/${vpn_client}.crt
+key  /etc/openvpn/${vpn_client}/${vpn_client}.key
+verb 3
+log-append /var/log/openvpn.${code_organization}-client.log
+__EOT__
+  
+  cd ./server/${code_organization}-client/${vpn_client}
+  tar cvfz $CURRDIR/${code_organization}-${vpn_client}.tar.gz  .
+}
+
+function ovpn_generate_client_android()
+{
+  ovpnfile=$CURRDIR/server/${code_organization}-client/${vpn_client}/${code_organization}-${vpn_client}.ovpn
+  cd $CURRDIR
+  mkdir -p "$CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}"
+  cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  cp $CURRDIR/pki/issued/${vpn_client}.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  cp $CURRDIR/pki/private/${vpn_client}.key $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}
+  
+cat<<__EOT__>$ovpnfile
+client
+dev tun
+proto tcp
+#remote ${code_organization}
+remote 62.171.171.30 1194
+resolv-retry infinite
+nobind
+comp-lzo
+persist-key
+persist-tun
+askpass /etc/openvpn/passwordfile
+verb 3
+log-append /var/log/openvpn.${code_organization}-client.log
+#ca   /etc/openvpn/${vpn_client}/ca.crt
+#cert /etc/openvpn/${vpn_client}/${vpn_client}.crt
+#key  /etc/openvpn/${vpn_client}/${vpn_client}.key
+__EOT__
+  
+  echo "<ca>" >> $ovpnfile
+  cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/ca.crt >> $ovpnfile
+  echo "</ca>" >> $ovpnfile
+  
+  echo "<cert>" >> $ovpnfile
+  cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.crt  \
+  | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \
+  >> $ovpnfile
+  echo "</cert>" >> $ovpnfile
+  
+  echo "<key>" >> $ovpnfile
+  cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.key \
+  >> $ovpnfile
+  echo "</key>" >> $ovpnfile
+}
+
+# MAIN
+
+ovpn_generate_client ${vpn_client}
+ovpn_generate_client_android
+ovpn_generate_client_assembly




diff --git a/iron-vpn/openvpn-create-server.sh b/iron-vpn/openvpn-create-server.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a0195b12c8bf33d71bf8e79055970c5172159715
--- /dev/null
+++ b/iron-vpn/openvpn-create-server.sh
@@ -0,0 +1,95 @@
+#! /bin/bash -x
+
+cd $(dirname $0)
+CURRDIR=$(pwd)
+#EASY_RSA_HOME=$CURRDIR/easy-rsa/easyrsa3
+EASY_RSA_HOME=/usr/share/easy-rsa/
+
+#..............................
+code_country="IT"
+code_province="RM"
+code_city="Roma"
+code_organization="vpn.augentelematica.it"
+code_email="paolo@lulli.net"
+vpn_port="1194"
+#..............................
+
+function ovpn_generate_ca()
+{
+  
+VARS_CONTENT=$(cat<<__EOT__
+export KEY_SIZE=2048
+export CA_EXPIRE=3650
+export KEY_EXPIRE=3650
+
+export KEY_COUNTRY="${code_country}"
+export KEY_PROVINCE="${code_province}"
+export KEY_CITY="${code_city}"
+export KEY_ORG="${code_organization}"
+export KEY_EMAIL="${code_email}"
+export KEY_CN=${code_organization}
+export KEY_NAME=${code_organization}
+export KEY_OU=${code_organization}
+__EOT__)
+  
+  echo ${VARS_CONTENT} > $CURRDIR/vars
+  source $CURRDIR/vars
+  
+  ${EASY_RSA_HOME}/easyrsa init-pki
+  ${EASY_RSA_HOME}/easyrsa build-ca
+  ${EASY_RSA_HOME}/easyrsa gen-dh
+  
+}
+
+function ovpn_generate_server()
+{
+  ${EASY_RSA_HOME}/easyrsa build-server-full ${code_organization}
+  # DISCOURAGED: not to give it a pass
+  #./easyrsa build-server-full ${code_organization} nopass
+}
+
+function ovpn_generate_server_assembly()
+{
+  cd $CURRDIR
+  mkdir -p "$CURRDIR/server/${code_organization}/${code_organization}"
+  cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}/${code_organization}
+  cp $CURRDIR/pki/dh.pem $CURRDIR/server/${code_organization}/${code_organization}
+  cp $CURRDIR/pki/issued/${code_organization}.crt $CURRDIR/server/${code_organization}/${code_organization}
+  cp $CURRDIR/pki/private/${code_organization}.key $CURRDIR/server/${code_organization}/${code_organization}
+  
+cat<<__EOT__>$CURRDIR/server/${code_organization}/${code_organization}.conf
+port ${vpn_port}
+proto tcp
+dev tun
+#askpass /etc/openvpn/passwordfile
+ca /etc/openvpn/${code_organization}/ca.crt
+cert /etc/openvpn/${code_organization}/${code_organization}.crt
+key /etc/openvpn/${code_organization}/${code_organization}.key
+dh /etc/openvpn/${code_organization}/dh.pem
+server 10.0.0.0 255.255.0.0
+# GOOD IP RANGES:
+# 10.0.0.0 - 10.255.255.255
+# 172.16.0.0 - 172.31.255.255
+# 192.168.0.0 - 192.168.255.255
+
+ifconfig-pool-persist /etc/openvpn/${code_organization}/ipp.txt
+keepalive 10 120
+comp-lzo
+user nobody
+group users
+persist-key
+persist-tun
+status /var/log/openvpn-status.log
+log-append /var/log/openvpn.log
+verb 3
+client-to-client
+__EOT__
+  
+  cd $CURRDIR/server/${code_organization}
+  tar cvfz $CURRDIR/${code_organization}-server.tar.gz  .
+}
+# MAIN
+
+ovpn_generate_ca
+ovpn_generate_server
+ovpn_generate_server_assembly