User Tools

Site Tools


Sidebar


Tags Cloud
openvpn_cert_add

Скрипт добавления клиентского сертификата для OpenVPN

#!/usr/bin/env bash

# Usage: $0 with no args

set -e

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/sbin:$PATH"
MAIL_TO='[email protected]'
SCRIPTS_DIR=/etc/openvpn/easy-rsa
ACCOUNTS_DIR=/etc/openvpn/KEYS

#####################################

function error_print
{
  echo "ERROR $1" 1>&2
  exit 1;
}

# read account
[[ -z $account ]] && echo -n "Provide account name to add: " || error_print "No account provided"
read account
[[ -z $account ]] && error_print "No account provided"

# cd scripts dir
[[ -d $SCRIPTS_DIR ]] && cd $SCRIPTS_DIR || error_print "No such dir $SCRIPTS_DIR"

# read vars
[[ -f vars ]] && source vars || error_print "No such file vars"

echo "Creating cert and key for $account"

# build key
[[ -x pkitool ]] && ./pkitool $account || error_print "No such file pkitool"

# make account dir
mkdir -p /etc/openvpn/KEYS/$account

# copy account cert & key
cp $SCRIPTS_DIR/keys/${account}.crt $SCRIPTS_DIR/keys/${account}.key $ACCOUNTS_DIR/$account/

# copy ca cert and tls key
cp $SCRIPTS_DIR/keys/ca.crt $SCRIPTS_DIR/keys/ta.key $ACCOUNTS_DIR/$account/

# generate ovpn config
cat > $ACCOUNTS_DIR/$account/${account}.ovpn << EOF
client
remote SERVER'S.EXTERNAL.IP
port 1194
proto tcp
dev tun
nobind
persist-key
persist-tun
ca ca.crt
cert ${account}.crt
key ${account}.key
tls-auth ta.key 1
cipher BF-CBC
#log-append /var/log/ovpn_$account.log
EOF

# remove old archive if exists
[[ -f $ACCOUNTS_DIR/${account}.zip ]] && rm -f $ACCOUNTS_DIR/${account}.zip

cd $ACCOUNTS_DIR

# creating archive
[[ -f `which zip 2>/dev/null` ]] && zip ${account}.zip -r $account

# sending email
[[ -f `which uuencode 2>/dev/null` ]] && uuencode ${account}.zip ${account}.zip | sendmail $MAIL_TO
openvpn_cert_add.txt · Last modified: 2013/12/19 23:10 by kyxap