Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenVPN Client Configuration Generate Script
#!/bin/bash
# OpenVPN configuration Directory
OPENVPN_CFG_DIR=/etc/openvpn
# Directory where EasyRSA outputs the client keys and certificates
KEY_DIR=/etc/openvpn/easy-rsa/keys
# Where this script should create the OpenVPN client config files
OUTPUT_DIR=/etc/openvpn/client-config
# Base configuration for the client
BASE_CONFIG=/etc/openvpn/client-config/client.conf
# MFA Label
MFA_LABEL='OpenVPN Server'
# MFA User
MFA_USER=gauth
# MFA Directory
MFA_DIR=/etc/openvpn/google-authenticator
# ##############################################################################
function send_mail() {
attachment=$1
which mutt 2>&1 >/dev/null
if [ $? -ne 0 ]; then
echo "INFO: mail program not found, an email will not be sent to the user"
else
echo -en "Please, provide the e-mail of the user\n> "
read email
echo "INFO: Sending email"
echo "Here is your OpenVPN client configuration" | mutt -s "Your OpenVPN configuration" -a "$attachment" -- "$email"
fi
}
function generate_mfa() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided to generate MFA token"
exit 1
fi
echo "INFO: Creating user ${user_id}"
useradd -s /bin/nologin "$user_id"
echo "> Please provide a password for the user"
passwd "$user_id"
echo "INFO: Generating MFA Token"
su -c "google-authenticator -t -d -r3 -R30 -f -l \"${MFA_LABEL}\" -s $MFA_DIR/${user_id}" - $MFA_USER
}
function main() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided"
exit 1
fi
if [ ! -f ${KEY_DIR}/ca.crt ]; then
echo "ERROR: CA certificate not found"
exit 1
fi
if [ ! -f ${KEY_DIR}/${user_id}.crt ]; then
echo "ERROR: User certificate not found"
exit 1
fi
if [ ! -f ${KEY_DIR}/${user_id}.key ]; then
echo "ERROR: User private key not found"
exit 1
fi
if [ ! -f ${OPENVPN_CFG_DIR}/ta.key ]; then
echo "ERROR: TLS Auth key not found"
exit 1
fi
cat ${BASE_CONFIG} \
<(echo -e '<ca>') \
${KEY_DIR}/ca.crt \
<(echo -e '</ca>\n<cert>') \
${KEY_DIR}/${user_id}.crt \
<(echo -e '</cert>\n<key>') \
${KEY_DIR}/${user_id}.key \
<(echo -e '</key>\n<tls-auth>') \
${OPENVPN_CFG_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OUTPUT_DIR}/${user_id}.ovpn
echo "INFO: Key created in ${OUTPUT_DIR}/${user_id}.ovpn"
generate_mfa $user_id
send_mail "${OUTPUT_DIR}/${user_id}.ovpn"
exit 0
}
# ##############################################################################
main $1
@AchuM

This comment has been minimized.

Copy link

@AchuM AchuM commented Oct 22, 2019

ERROR: No user id provided

Do I have to specify a user ID manually? Plus, how can I use this script along with this: https://github.com/angristan/openvpn-install

@egonbraun

This comment has been minimized.

Copy link
Owner Author

@egonbraun egonbraun commented Feb 28, 2020

Yes, you do.

@CharlesMcBaker

This comment has been minimized.

Copy link

@CharlesMcBaker CharlesMcBaker commented Feb 28, 2020

Yes, you do.

I also get "ERROR: No user id provided"

  1. How do you specify a user ID for the script?
  2. And who or what is the user you need to specify?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment