Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenVPN Client Configuration Generate Script
#!/bin/bash
# OpenVPN configuration Directory
OPENVPN_CFG_DIR=/etc/openvpn
# Directory where EasyRSA outputs the client keys and certificates
KEY_DIR=/etc/openvpn/easy-rsa/keys
# Where this script should create the OpenVPN client config files
OUTPUT_DIR=/etc/openvpn/client-config
# Base configuration for the client
BASE_CONFIG=/etc/openvpn/client-config/client.conf
# MFA Label
MFA_LABEL='OpenVPN Server'
# MFA User
MFA_USER=gauth
# MFA Directory
MFA_DIR=/etc/openvpn/google-authenticator
# ##############################################################################
function send_mail() {
attachment=$1
which mutt 2>&1 >/dev/null
if [ $? -ne 0 ]; then
echo "INFO: mail program not found, an email will not be sent to the user"
else
echo -en "Please, provide the e-mail of the user\n> "
read email
echo "INFO: Sending email"
echo "Here is your OpenVPN client configuration" | mutt -s "Your OpenVPN configuration" -a "$attachment" -- "$email"
fi
}
function generate_mfa() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided to generate MFA token"
exit 1
fi
echo "INFO: Creating user ${user_id}"
useradd -s /bin/nologin "$user_id"
echo "> Please provide a password for the user"
passwd "$user_id"
echo "INFO: Generating MFA Token"
su -c "google-authenticator -t -d -r3 -R30 -f -l \"${MFA_LABEL}\" -s $MFA_DIR/${user_id}" - $MFA_USER
}
function main() {
user_id=$1
if [ "$user_id" == "" ]; then
echo "ERROR: No user id provided"
exit 1
fi
if [ ! -f ${KEY_DIR}/ca.crt ]; then
echo "ERROR: CA certificate not found"
exit 1
fi
if [ ! -f ${KEY_DIR}/${user_id}.crt ]; then
echo "ERROR: User certificate not found"
exit 1
fi
if [ ! -f ${KEY_DIR}/${user_id}.key ]; then
echo "ERROR: User private key not found"
exit 1
fi
if [ ! -f ${OPENVPN_CFG_DIR}/ta.key ]; then
echo "ERROR: TLS Auth key not found"
exit 1
fi
cat ${BASE_CONFIG} \
<(echo -e '<ca>') \
${KEY_DIR}/ca.crt \
<(echo -e '</ca>\n<cert>') \
${KEY_DIR}/${user_id}.crt \
<(echo -e '</cert>\n<key>') \
${KEY_DIR}/${user_id}.key \
<(echo -e '</key>\n<tls-auth>') \
${OPENVPN_CFG_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OUTPUT_DIR}/${user_id}.ovpn
echo "INFO: Key created in ${OUTPUT_DIR}/${user_id}.ovpn"
generate_mfa $user_id
send_mail "${OUTPUT_DIR}/${user_id}.ovpn"
exit 0
}
# ##############################################################################
main $1
@AchuM

This comment has been minimized.

Copy link

AchuM commented Oct 22, 2019

ERROR: No user id provided

Do I have to specify a user ID manually? Plus, how can I use this script along with this: https://github.com/angristan/openvpn-install

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.