ref: 261a306e87671cb561ed3905816d7389b1eddb50
iron-vpn/vpn-client
#! /bin/bash # Usage: $iron vpn-client# Summary: create OpenVPN client config # Help: OpenVPN client config generator APPNAME="iron" if [ "$#" != "2" ]; then echo "Usage: vpn-client " exit 1 fi servername=$1 vpn_client=$2 CFG_FILE=$HOME/.${APPNAME}/vpn/${servername}/${servername}.cfg CFGDIR=$(dirname ${CFG_FILE}) CURRDIR=$(pwd) EASY_RSA_HOME=/usr/share/easy-rsa/ test -f $CFG_FILE || echo "No such config: [${CFG_FILE}]" test -f $CFG_FILE || exit 1 source ${CFG_FILE} function ovpn_generate_client_nopass() { cd $CFGDIR client_dn=$1 export KEY_CN=${client_dn} ${EASY_RSA_HOME}/easyrsa build-client-full ${client_dn} nopass } function ovpn_generate_client_assembly() { cd $CFGDIR mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}" cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cat<<__EOT__>$CFGDIR/server/${code_organization}-client/${vpn_client}/${code_organization}.conf client dev tun proto tcp remote ${code_organization} 1194 resolv-retry infinite nobind comp-lzo persist-key persist-tun askpass /etc/openvpn/passwordfile ca /etc/openvpn/${vpn_client}/ca.crt cert /etc/openvpn/${vpn_client}/${vpn_client}.crt key /etc/openvpn/${vpn_client}/${vpn_client}.key verb 3 log-append /var/log/openvpn.${code_organization}-client.log __EOT__ cd ./server/${code_organization}-client/${vpn_client} tar cvfz $CURRDIR/${code_organization}-${vpn_client}.tar.gz . } function ovpn_generate_client_android() { ovpnfile=$CFGDIR/server/${code_organization}-client/${vpn_client}/${code_organization}-${vpn_client}.ovpn cd $CFGDIR mkdir -p "$CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}" cp $CFGDIR/pki/ca.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CFGDIR/pki/issued/${vpn_client}.crt $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cp $CFGDIR/pki/private/${vpn_client}.key $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client} cat<<__EOT__>$ovpnfile client dev tun proto tcp remote ${code_organization} 1194 resolv-retry infinite nobind comp-lzo persist-key persist-tun askpass /etc/openvpn/passwordfile verb 3 log-append /var/log/openvpn.${code_organization}-client.log #ca /etc/openvpn/${vpn_client}/ca.crt #cert /etc/openvpn/${vpn_client}/${vpn_client}.crt #key /etc/openvpn/${vpn_client}/${vpn_client}.key __EOT__ echo " " >> $ovpnfile cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/ca.crt >> $ovpnfile echo " " >> $ovpnfile echo "" >> $ovpnfile cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.crt \ | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \ >> $ovpnfile echo " " >> $ovpnfile echo "" >> $ovpnfile cat $CFGDIR/server/${code_organization}-client/${vpn_client}/${vpn_client}/${vpn_client}.key \ >> $ovpnfile echo " " >> $ovpnfile } # MAIN client_password=$(uuidgen) client_credentials="$CFGDIR/client-${vpn_client}-credentials.txt" test -d ${CFGDIR} || mkdir -p ${CFGDIR} echo "credentials for ${code_organization}:${vpn_client}:[${client_password}]">>$client_credentials ovpn_generate_client_nopass ${vpn_client} openssl rsa -aes256 -in $CFGDIR/pki/private/${vpn_client}.key\ -out $CFGDIR/pki/private/encrypted-${vpn_client}.key \ -passout pass:${client_password}\ && \ mv $CFGDIR/pki/private/encrypted-${vpn_client}.key \ $CFGDIR/pki/private/${vpn_client}.key ovpn_generate_client_android ovpn_generate_client_assembly