#!/usr/bin/env bash # Usage: $0 with no args set -e PATH="/sbin:/bin:/usr/sbin:/usr/bin:/sbin:$PATH" MAIL_TO='[email protected]' SCRIPTS_DIR=/etc/openvpn/easy-rsa ACCOUNTS_DIR=/etc/openvpn/KEYS ##################################### function error_print { echo "ERROR $1" 1>&2 exit 1; } # read account [[ -z $account ]] && echo -n "Provide account name to add: " || error_print "No account provided" read account [[ -z $account ]] && error_print "No account provided" # cd scripts dir [[ -d $SCRIPTS_DIR ]] && cd $SCRIPTS_DIR || error_print "No such dir $SCRIPTS_DIR" # read vars [[ -f vars ]] && source vars || error_print "No such file vars" echo "Creating cert and key for $account" # build key [[ -x pkitool ]] && ./pkitool $account || error_print "No such file pkitool" # make account dir mkdir -p /etc/openvpn/KEYS/$account # copy account cert & key cp $SCRIPTS_DIR/keys/${account}.crt $SCRIPTS_DIR/keys/${account}.key $ACCOUNTS_DIR/$account/ # copy ca cert and tls key cp $SCRIPTS_DIR/keys/ca.crt $SCRIPTS_DIR/keys/ta.key $ACCOUNTS_DIR/$account/ # generate ovpn config cat > $ACCOUNTS_DIR/$account/${account}.ovpn << EOF client remote SERVER'S.EXTERNAL.IP port 1194 proto tcp dev tun nobind persist-key persist-tun ca ca.crt cert ${account}.crt key ${account}.key tls-auth ta.key 1 cipher BF-CBC #log-append /var/log/ovpn_$account.log EOF # remove old archive if exists [[ -f $ACCOUNTS_DIR/${account}.zip ]] && rm -f $ACCOUNTS_DIR/${account}.zip cd $ACCOUNTS_DIR # creating archive [[ -f `which zip 2>/dev/null` ]] && zip ${account}.zip -r $account # sending email [[ -f `which uuencode 2>/dev/null` ]] && uuencode ${account}.zip ${account}.zip | sendmail $MAIL_TO