iron.git

ref: 2cfc4e8e49793c994ae8bf739d3a0fbec32bb259

iron-vpn/vpn-server

#! /bin/bash -x
# Usage: $iron vpn-server 
# Summary: create OpenVPN CA and server config
# Help: OpenVPN CA and server config generator

APPNAME="iron"

if [ "$#" != "1" ]; then
   echo "Usage: vpn-server "
   exit 1
fi

servername=$1
CFG_FILE=$HOME/.${APPNAME}/vpn/${servername}.cfg

cd $(dirname $0)
CURRDIR=$(pwd)
#EASY_RSA_HOME=$CURRDIR/easy-rsa/easyrsa3
EASY_RSA_HOME=/usr/share/easy-rsa/

function write_empty_config()
{
  CFGDIR=$(dirname ${CFG_FILE})
  test -d ${CFGDIR} || mkdir -p ${CFGDIR}
  echo "code_country="> $CFG_FILE
  echo "code_province=">> $CFG_FILE
  echo "code_city=">> $CFG_FILE
  echo "code_organization=${servername}">> $CFG_FILE
  echo "code_email=">> $CFG_FILE
  echo "vpn_port=1194">> $CFG_FILE
  echo "Edit config file: [$CFG_FILE]"
  exit 1
}

function test_config()
{
  test -f $CFG_FILE || write_empty_config
}

function ovpn_generate_ca()
{
  
VARS_CONTENT=$(cat<<__EOT__
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650

export KEY_COUNTRY="${code_country}"
export KEY_PROVINCE="${code_province}"
export KEY_CITY="${code_city}"
export KEY_ORG="${code_organization}"
export KEY_EMAIL="${code_email}"
export KEY_CN=${code_organization}
export KEY_NAME=${code_organization}
export KEY_OU=${code_organization}
__EOT__)
  
  echo ${VARS_CONTENT} > $CURRDIR/vars
  source $CURRDIR/vars
  
  ${EASY_RSA_HOME}/easyrsa init-pki
  ${EASY_RSA_HOME}/easyrsa build-ca
  ${EASY_RSA_HOME}/easyrsa gen-dh
  
}

function ovpn_generate_server()
{
  ${EASY_RSA_HOME}/easyrsa build-server-full ${code_organization}
  # DISCOURAGED: not to give it a pass
  #./easyrsa build-server-full ${code_organization} nopass
}

function ovpn_generate_server_assembly()
{
  cd $CURRDIR
  mkdir -p "$CURRDIR/server/${code_organization}/${code_organization}"
  cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}/${code_organization}
  cp $CURRDIR/pki/dh.pem $CURRDIR/server/${code_organization}/${code_organization}
  cp $CURRDIR/pki/issued/${code_organization}.crt $CURRDIR/server/${code_organization}/${code_organization}
  cp $CURRDIR/pki/private/${code_organization}.key $CURRDIR/server/${code_organization}/${code_organization}
  
cat<<__EOT__>$CURRDIR/server/${code_organization}/${code_organization}.conf
port ${vpn_port}
proto tcp
dev tun
#askpass /etc/openvpn/passwordfile
ca /etc/openvpn/${code_organization}/ca.crt
cert /etc/openvpn/${code_organization}/${code_organization}.crt
key /etc/openvpn/${code_organization}/${code_organization}.key
dh /etc/openvpn/${code_organization}/dh.pem
server 10.0.0.0 255.255.0.0
# GOOD IP RANGES:
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255

ifconfig-pool-persist /etc/openvpn/${code_organization}/ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
client-to-client
__EOT__
  
  cd $CURRDIR/server/${code_organization}
  tar cvfz $CURRDIR/${code_organization}-server.tar.gz  .
}

# MAIN

test_config
source ${CFG_FILE}

ovpn_generate_ca
ovpn_generate_server
ovpn_generate_server_assembly