Created
April 7, 2013 14:16
-
-
Save dewey/5330673 to your computer and use it in GitHub Desktop.
Add OpenVPN clients and publish encrypted directory containing cert and config files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
cd /etc/openvpn/easy-rsa/2.0/keys | |
if [ ! -f $1-openvpn.key ]; | |
then | |
echo "Please generate the client certificate using: . /etc/openvpn/easy-rsa/2.0/build-key $1-openvpn" | |
echo "and reinvoke the script." | |
else | |
DIRNAME="$1-openvpn" | |
TMPDIR="/tmp/$DIRNAME" | |
ENCPW=`openssl rand -base64 32` | |
mkdir $TMPDIR | |
cd /etc/openvpn/easy-rsa/2.0/keys | |
cp -R ca.crt $DIRNAME.crt $DIRNAME.key $TMPDIR | |
cp /root/openvpn/client.conf.example $TMPDIR | |
cd $TMPDIR | |
sed -i 's/changeme/'$1'/g' client.conf.example | |
mv client.conf.example $DIRNAME-switzerland.conf | |
cd /tmp/ | |
chown -R dewey:dewey $TMPDIR | |
tar cvzf $DIRNAME.tar.gz $DIRNAME | |
openssl enc -aes-256-cbc -salt -in $DIRNAME.tar.gz -out $DIRNAME.tar.gz.enc -k $ENCPW | |
mv $DIRNAME.tar.gz.enc /usr/share/nginx/www/share/ | |
chown -R dewey:dewey /usr/share/nginx/www/share/$DIRNAME.tar.gz.enc | |
echo "Client $1 added. Decrypt with: openssl enc -d -aes-256-cbc -in $DIRNAME.tar.gz.enc -out $DIRNAME.tar.gz -k $ENCPW" | |
rm -r $TMPDIR | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment