Created
July 4, 2018 09:03
-
-
Save askobara/74b276f5c1cfc1dac42cd1598af0656a to your computer and use it in GitHub Desktop.
generates .ovpn config for the new user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
NAME=$1 | |
if [ -z "$NAME" ]; then | |
echo "$0 NAME" | |
exit | |
fi | |
IP=$(ip route get 8.8.8.8 | awk 'NR==1 {print $7}') | |
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) | |
PROTOCOL="udp" | |
PORT=1194 | |
newclient() { | |
local name=$1 | |
local ca=$(cat "/etc/openvpn/easy-rsa/keys/ca.crt") | |
local cert=$(cat "/etc/openvpn/easy-rsa/keys/${name}.crt") | |
local key=$(cat "/etc/openvpn/easy-rsa/keys/${name}.key") | |
local tls_auth=$(sudo cat "/etc/openvpn/ta.key") | |
mkdir -p "$DIR/$name" | |
tee "$DIR/$name/softliger.ovpn" > /dev/null <<EOF | |
client | |
tls-client | |
dev tun | |
proto $PROTOCOL | |
sndbuf 0 | |
rcvbuf 0 | |
remote $IP $PORT | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
remote-cert-tls server | |
#auth SHA512 | |
cipher AES-256-CBC | |
comp-lzo | |
setenv opt block-outside-dns | |
key-direction 1 | |
verb 3 | |
<ca> | |
$ca | |
</ca> | |
<cert> | |
$cert | |
</cert> | |
<key> | |
$key | |
</key> | |
<tls-auth> | |
$tls_auth | |
</tls-auth> | |
EOF | |
} | |
cd /etc/openvpn/easy-rsa | |
source ./vars | |
export KEY_NAME=$NAME | |
./pkitool $NAME | |
newclient $NAME |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment