-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcreate-client
96 lines (84 loc) · 2.28 KB
/
create-client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
set -e
echo -e "\n\033[1m || OPENSETUP CREATE-CLIENT || \033[0m\n"
PORT="443"
PROTO="tcp"
SERVER_NAME="openserver"
OPENSETUP_DIR="$HOME/.opensetup"
CA_DIR="$OPENSETUP_DIR/ca"
CLIENT_CONF_DIR="$OPENSETUP_DIR/client"
function set_key_variables() {
echo -e "Exporting key variables...\n"
export EASY_RSA="$CA_DIR"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="[email protected]"
export KEY_OU="MyVPN"
export KEY_NAME="$SERVER_NAME"
}
function generate_client_cert() {
echo -e "Generating client certificates...\n"
export EASY_RSA="${EASY_RSA:-.}"
"$EASY_RSA/pkitool" --batch $CLIENT_NAME
}
function create_client_conf() {
echo -e "Creating client configuration(.ovpn) for client: $CLIENT_NAME...\n"
OVPN_OUTPUT_DIR=$CLIENT_CONF_DIR/files
CLIENT_BASE_CONFIG=$CLIENT_CONF_DIR/client.conf
mkdir -p $OVPN_OUTPUT_DIR
chmod -R 700 $CLIENT_CONF_DIR
echo -e "client
dev tun
proto $PROTO
remote $(curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//') $PORT
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher AES-128-CBC
auth SHA256
key-direction 1
remote-cert-tls server
comp-lzo
verb 3
# UPDATE RESOLVE CONF (UBUNTU)
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf" > $CLIENT_BASE_CONFIG
cat ${CLIENT_BASE_CONFIG} \
<(echo -e '<ca>') \
${KEY_DIR}/ca.crt \
<(echo -e '</ca>\n<cert>') \
${KEY_DIR}/${CLIENT_NAME}.crt \
<(echo -e '</cert>\n<key>') \
${KEY_DIR}/${CLIENT_NAME}.key \
<(echo -e '</key>\n<tls-auth>') \
${KEY_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OVPN_OUTPUT_DIR}/${CLIENT_NAME}.ovpn
}
if [ -z "$1" ];
then
CLIENT_NAME="openclient"
echo -e "CLIENT_NAME is set to default: openclient\n"
else
CLIENT_NAME=$1
fi
set_key_variables
generate_client_cert
create_client_conf
echo -e "Client configuration(.ovpn) for client: ${OVPN_OUTPUT_DIR}/${CLIENT_NAME}.ovpn\n"