divyavanmahajan/create_user.sh

## create_user.sh
#!/bin/bash -e

fatal() { echo "FATAL: $@" 1>&2; exit 1; }
warn() { echo "WARN: $@"; }
info() { echo "INFO: $@"; }

usage() {
cat <<EOF
Usage: sudo $0 client_or_profile_name
This will create two ovpn files in this directory (proxy and noproxy).
You can safely run this for existing users too - to regenerate their license files.
Example of client name - divya.mahajan, pritam.kumar

This must be run as sudo.
EOF
exit 1
}


EASY_RSA=/etc/openvpn/easy-rsa
SERVER_CFG=/etc/openvpn/server.conf
SERVER_CCD=/etc/openvpn/server.ccd

SERVER_ADDR=$(grep PUBLIC_ADDRESS $SERVER_CFG | awk '{print $3}')
[ "$SERVER_ADDR" ] || fatal "unable to determine PUBLIC_ADDRESS from $SERVER_CFG"

source $EASY_RSA/vars
[ -r $KEY_DIR ] || usage

if [[ "$#" < "1" ]]; then
    usage
fi

client_name=$1

if [ -e $KEY_DIR/$client_name.ovpn ]
then
	info "$KEY_DIR/$client_name.ovpn exists"
else
	openvpn-addclient $1 $1@philips.com
fi


cat > $1_proxy.ovpn <<EOF
# OVPN_ACCESS_SERVER_USERNAME=${client_name}_proxy
# OVPN_ACCESS_SERVER_PROFILE=${client_name}_proxy@$SERVER_ADDR
# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
http-proxy 104.129.192.34 10015
EOF
cat > $1_noproxy.ovpn <<EOF
# OVPN_ACCESS_SERVER_USERNAME=${client_name}_noproxy
# OVPN_ACCESS_SERVER_PROFILE=${client_name}_noproxy@$SERVER_ADDR
# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
EOF

cat > $client_name.ovpn <<EOF
remote $SERVER_ADDR 443 tcp
ns-cert-type server

client
dev tun
resolv-retry infinite
keepalive 10 120
nobind
comp-lzo
verb 3

;user nobody
;group nogroup

<ca>
$(cat $KEY_DIR/ca.crt)
</ca>

key-direction 1
<tls-auth>
$(cat $KEY_DIR/ta.key)
</tls-auth>

<cert>
$(cat $KEY_DIR/$client_name.crt)
</cert>

<key>
$(cat $KEY_DIR/$client_name.key)
</key>
EOF

cat $client_name.ovpn >> $1_proxy.ovpn
cat $client_name.ovpn >> $1_noproxy.ovpn
cp $1_*ovpn $KEY_DIR
rm $client_name.ovpn ${client_name}_proxy.ovpn ${client_name}_noproxy.ovpn
echo "${client_name} files"

TEMPLATE=/var/www/openvpn/template.html
PROFILES=/var/www/openvpn/htdocs/profiles
# Generate URL for Proxy OVPN
	OVPN_PATH=$KEY_DIR/${client_name}_proxy.ovpn
	[ -e $OVPN_PATH ] || warn "$OVPN_PATH does not exist"

	PROFILE_HASH=$(sha1sum $OVPN_PATH | cut -d " " -f 1)
	PROFILE_PATH=$PROFILES/$PROFILE_HASH

	mkdir -p $PROFILE_PATH
	cp $OVPN_PATH $PROFILE_PATH/
	sed "s|CLIENT_NAME|${client_name}_proxy|g" $TEMPLATE > $PROFILE_PATH/index.html
	chown -R www-data:www-data $PROFILES
	chmod 440 $PROFILE_PATH/${client_name}_proxy.ovpn

	echo "  URL for file with proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"

# Generate URL for OVPN without proxy

	OVPN_PATH=$KEY_DIR/${client_name}_noproxy.ovpn
	[ -e $OVPN_PATH ] || warn "$OVPN_PATH does not exist"

	PROFILE_HASH=$(sha1sum $OVPN_PATH | cut -d " " -f 1)
	PROFILE_PATH=$PROFILES/$PROFILE_HASH

	mkdir -p $PROFILE_PATH
	cp $OVPN_PATH $PROFILE_PATH/
	sed "s|CLIENT_NAME|${client_name}_noproxy|g" $TEMPLATE > $PROFILE_PATH/index.html
	chown -R www-data:www-data $PROFILES
	chmod 440 $PROFILE_PATH/${client_name}_noproxy.ovpn

	echo "  URL for file without proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"

# Clear downloaded profile links
/etc/cron.hourly/openvpn-profiles-delexpired
# To clear all profiles
# ls -l /var/www/openvpn/htdocs/profiles
# rm -rf /var/www/openvpn/htdocs/profiles/[0-9a-f]*
# ls -l /var/www/openvpn/htdocs/profiles

# List users in the system
#echo "Users setup in the system."
# ls /etc/openvpn/easy-rsa/keys/*ovpn|xargs -n 1 -I FNAME basename FNAME .ovpn|grep -v proxy|xargs -n 1 -I NAME echo "    NAME"
	#!/bin/bash -e

	fatal() { echo "FATAL: $@" 1>&2; exit 1; }
	warn() { echo "WARN: $@"; }
	info() { echo "INFO: $@"; }

	usage() {
	cat <<EOF
	Usage: sudo $0 client_or_profile_name
	This will create two ovpn files in this directory (proxy and noproxy).
	You can safely run this for existing users too - to regenerate their license files.
	Example of client name - divya.mahajan, pritam.kumar

	This must be run as sudo.
	EOF
	exit 1
	}


	EASY_RSA=/etc/openvpn/easy-rsa
	SERVER_CFG=/etc/openvpn/server.conf
	SERVER_CCD=/etc/openvpn/server.ccd

	SERVER_ADDR=$(grep PUBLIC_ADDRESS $SERVER_CFG \| awk '{print $3}')
	[ "$SERVER_ADDR" ] \|\| fatal "unable to determine PUBLIC_ADDRESS from $SERVER_CFG"

	source $EASY_RSA/vars
	[ -r $KEY_DIR ] \|\| usage

	if [[ "$#" < "1" ]]; then
	usage
	fi

	client_name=$1

	if [ -e $KEY_DIR/$client_name.ovpn ]
	then
	info "$KEY_DIR/$client_name.ovpn exists"
	else
	openvpn-addclient $1 $1@philips.com
	fi


	cat > $1_proxy.ovpn <<EOF
	# OVPN_ACCESS_SERVER_USERNAME=${client_name}_proxy
	# OVPN_ACCESS_SERVER_PROFILE=${client_name}_proxy@$SERVER_ADDR
	# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
	http-proxy 104.129.192.34 10015
	EOF
	cat > $1_noproxy.ovpn <<EOF
	# OVPN_ACCESS_SERVER_USERNAME=${client_name}_noproxy
	# OVPN_ACCESS_SERVER_PROFILE=${client_name}_noproxy@$SERVER_ADDR
	# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
	EOF

	cat > $client_name.ovpn <<EOF
	remote $SERVER_ADDR 443 tcp
	ns-cert-type server

	client
	dev tun
	resolv-retry infinite
	keepalive 10 120
	nobind
	comp-lzo
	verb 3

	;user nobody
	;group nogroup

	<ca>
	$(cat $KEY_DIR/ca.crt)
	</ca>

	key-direction 1
	<tls-auth>
	$(cat $KEY_DIR/ta.key)
	</tls-auth>

	<cert>
	$(cat $KEY_DIR/$client_name.crt)
	</cert>

	<key>
	$(cat $KEY_DIR/$client_name.key)
	</key>
	EOF

	cat $client_name.ovpn >> $1_proxy.ovpn
	cat $client_name.ovpn >> $1_noproxy.ovpn
	cp $1_*ovpn $KEY_DIR
	rm $client_name.ovpn ${client_name}_proxy.ovpn ${client_name}_noproxy.ovpn
	echo "${client_name} files"

	TEMPLATE=/var/www/openvpn/template.html
	PROFILES=/var/www/openvpn/htdocs/profiles
	# Generate URL for Proxy OVPN
	OVPN_PATH=$KEY_DIR/${client_name}_proxy.ovpn
	[ -e $OVPN_PATH ] \|\| warn "$OVPN_PATH does not exist"

	PROFILE_HASH=$(sha1sum $OVPN_PATH \| cut -d " " -f 1)
	PROFILE_PATH=$PROFILES/$PROFILE_HASH

	mkdir -p $PROFILE_PATH
	cp $OVPN_PATH $PROFILE_PATH/
	sed "s\|CLIENT_NAME\|${client_name}_proxy\|g" $TEMPLATE > $PROFILE_PATH/index.html
	chown -R www-data:www-data $PROFILES
	chmod 440 $PROFILE_PATH/${client_name}_proxy.ovpn

	echo " URL for file with proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"

	# Generate URL for OVPN without proxy

	OVPN_PATH=$KEY_DIR/${client_name}_noproxy.ovpn
	[ -e $OVPN_PATH ] \|\| warn "$OVPN_PATH does not exist"

	PROFILE_HASH=$(sha1sum $OVPN_PATH \| cut -d " " -f 1)
	PROFILE_PATH=$PROFILES/$PROFILE_HASH

	mkdir -p $PROFILE_PATH
	cp $OVPN_PATH $PROFILE_PATH/
	sed "s\|CLIENT_NAME\|${client_name}_noproxy\|g" $TEMPLATE > $PROFILE_PATH/index.html
	chown -R www-data:www-data $PROFILES
	chmod 440 $PROFILE_PATH/${client_name}_noproxy.ovpn

	echo " URL for file without proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"

	# Clear downloaded profile links
	/etc/cron.hourly/openvpn-profiles-delexpired
	# To clear all profiles
	# ls -l /var/www/openvpn/htdocs/profiles
	# rm -rf /var/www/openvpn/htdocs/profiles/[0-9a-f]*
	# ls -l /var/www/openvpn/htdocs/profiles

	# List users in the system
	#echo "Users setup in the system."
	# ls /etc/openvpn/easy-rsa/keys/*ovpn\|xargs -n 1 -I FNAME basename FNAME .ovpn\|grep -v proxy\|xargs -n 1 -I NAME echo " NAME"