ref: 261a306e87671cb561ed3905816d7389b1eddb50
iron-vpn/openvpn-create-client.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
#! /bin/bash -x cd $(dirname $0) CURRDIR=$(pwd) #EASY_RSA_HOME=$CURRDIR/easy-rsa/easyrsa3 EASY_RSA_HOME=/usr/share/easy-rsa/ #.............................. code_country="IT" code_province="RM" code_city="Roma" code_organization="vpn.augentelematica.it" code_email="paolo@lulli.net" vpn_port="1194" #.............................. vpn_client="strange" #.............................. source $EASY_RSA_HOME/vars #cd $EASY_RSA_HOME function ovpn_generate_client() { client_dn=$1 #cd $EASY_RSA_HOME export KEY_CN=${client_dn} ${EASY_RSA_HOME}/easyrsa build-client-full ${client_dn} } function ovpn_generate_client_assembly() { cd $CURRDIR mkdir -p "$CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}" cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CURRDIR/pki/issued/${vpn_client}.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CURRDIR/pki/private/${vpn_client}.key $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cat<<__EOT__>$CURRDIR/server/${code_organization}-client/${vpn_client}/${code_organization}.conf client dev tun proto tcp #remote ${code_organization} remote 62.171.171.30 1194 resolv-retry infinite nobind comp-lzo persist-key persist-tun askpass /etc/openvpn/passwordfile ca /etc/openvpn/${vpn_client}/ca.crt cert /etc/openvpn/${vpn_client}/${vpn_client}.crt key /etc/openvpn/${vpn_client}/${vpn_client}.key verb 3 log-append /var/log/openvpn.${code_organization}-client.log __EOT__ cd ./server/${code_organization}-client/${vpn_client} tar cvfz $CURRDIR/${code_organization}-${vpn_client}.tar.gz . } function ovpn_generate_client_android() { ovpnfile=$CURRDIR/server/${code_organization}-client/${vpn_client}/${code_organization}-${vpn_client}.ovpn cd $CURRDIR mkdir -p "$CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}" cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CURRDIR/pki/issued/${vpn_client}.crt $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CURRDIR/pki/private/${vpn_client}.key $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cat<<__EOT__>$ovpnfile client dev tun proto tcp #remote ${code_organization} remote 62.171.171.30 1194 resolv-retry infinite nobind comp-lzo persist-key persist-tun askpass /etc/openvpn/passwordfile verb 3 log-append /var/log/openvpn.${code_organization}-client.log #ca /etc/openvpn/${vpn_client}/ca.crt #cert /etc/openvpn/${vpn_client}/${vpn_client}.crt #key /etc/openvpn/${vpn_client}/${vpn_client}.key __EOT__ echo "<ca>" >> $ovpnfile cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/ca.crt >> $ovpnfile echo "</ca>" >> $ovpnfile echo "<cert>" >> $ovpnfile cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.crt \ | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \ >> $ovpnfile echo "</cert>" >> $ovpnfile echo "<key>" >> $ovpnfile cat $CURRDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.key \ >> $ovpnfile echo "</key>" >> $ovpnfile } # MAIN ovpn_generate_client ${vpn_client} ovpn_generate_client_android ovpn_generate_client_assembly |