Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenVPN Client Configuration Generate Script
#!/bin/bash
# https://gist.github.com/egonbraun/7176976fe05ece092410462facf0adb6
# OpenVPN configuration Directory
OPENVPN_CFG_DIR=/etc/openvpn
# Where this script should create the OpenVPN client config files
OUTPUT_DIR=~/ovpn-mfa/
# Base configuration for the client
BASE_CONFIG=/etc/openvpn/client-common.txt
# MFA Label
MFA_LABEL='OpenVPN Server'
# MFA User
MFA_USER=gauth
# MFA Directory
MFA_DIR=/etc/openvpn/google-authenticator
# ##############################################################################
function generate_mfa() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided to generate MFA token"
exit 1
fi
echo "INFO: Creating user ${user_id}"
useradd -s /bin/nologin "$user_id"
echo "INFO: Generating MFA Token"
su -c "google-authenticator -w3 -t -d -r3 -R30 -f -l \"${MFA_LABEL}\" -s $MFA_DIR/${user_id}" - $MFA_USER
}
function main() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided"
exit 1
fi
if [ ! -f /etc/openvpn/easy-rsa/pki/ca.crt ]; then
echo "ERROR: CA certificate not found"
exit 1
fi
if [ ! -f /etc/openvpn/easy-rsa/pki/issued/${user_id}.crt ]; then
echo "ERROR: User certificate not found"
exit 1
fi
if [ ! -f /etc/openvpn/easy-rsa/pki/private/${user_id}.key ]; then
echo "ERROR: User private key not found"
exit 1
fi
if [ ! -f ${OPENVPN_CFG_DIR}/ta.key ]; then
echo "ERROR: TLS Auth key not found"
exit 1
fi
cat ${BASE_CONFIG} \
<(echo -e '\nns-cert-type server\nauth-user-pass\n') \
<(echo -e '<ca>') \
/etc/openvpn/easy-rsa/pki/ca.crt \
<(echo -e '</ca>\n<cert>') \
/etc/openvpn/easy-rsa/pki/issued/${user_id}.crt \
<(echo -e '</cert>\n<key>') \
/etc/openvpn/easy-rsa/pki/private/${user_id}.key \
<(echo -e '</key>\n<tls-auth>') \
${OPENVPN_CFG_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OUTPUT_DIR}/${user_id}.ovpn
echo "INFO: Key created in ${OUTPUT_DIR}/${user_id}.ovpn"
generate_mfa $user_id
exit 0
}
# ##############################################################################
main $1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.