Created
September 4, 2013 03:27
-
-
Save gabrielkfr/6432469 to your computer and use it in GitHub Desktop.
Script bash que permite generar llaves y certificados para los Roadwarriors de una VPN montada mediante OpenVPN.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# -- Definicion de variables globales | |
PWD_ACTUAL=`pwd` | |
source $PWD_ACTUAL/vars > /dev/null | |
CLIENT="" | |
CA_CRT=$KEY_DIR/ca.crt | |
TA_KEY=$KEY_DIR/ta.key | |
DEFAULT_SERVER_IP="ip_o_dominio_servidor" | |
DEFAULT_SERVER_PORT="1194" | |
WIN_CFG_FILE=client.ovpn | |
LIN_CFG_FILE=client.conf | |
# -- Se verifica que se haya pasado el parámetro | |
# correspondiente al cliente y que exista la | |
# carpeta en donde se van a colocar la llave y | |
# los certificados. | |
if [ -z "$1" ]; then | |
echo "Debe Especificar el nombre del cliente!" | |
exit | |
else | |
CLIENT=$KEY_DIR/$1 | |
fi | |
if ! [ -d "$CLIENT" ]; then | |
mkdir -p $CLIENT | |
fi | |
# -- Se procede a crear la llave y el certificado para | |
# el nuevo cliente. | |
$PWD_ACTUAL/pkitool $1 | |
mv $KEY_DIR/$1.* $CLIENT | |
cp $CA_CRT $CLIENT | |
cp $TA_KEY $CLIENT | |
# -- Se crean los archivos de configuración para el nuevo | |
# cliente, tanto para Windows como para linux. | |
echo "client" > $CLIENT/$WIN_CFG_FILE | |
echo "dev tun" >> $CLIENT/$WIN_CFG_FILE | |
echo "proto udp" >> $CLIENT/$WIN_CFG_FILE | |
echo "resolv-retry infinite" >> $CLIENT/$WIN_CFG_FILE | |
echo "nobind" >> $CLIENT/$WIN_CFG_FILE | |
echo "persist-key" >> $CLIENT/$WIN_CFG_FILE | |
echo "persist-tun" >> $CLIENT/$WIN_CFG_FILE | |
echo "ns-cert-type server" >> $CLIENT/$WIN_CFG_FILE | |
echo "comp-lzo" >> $CLIENT/$WIN_CFG_FILE | |
echo "verb 3" >> $CLIENT/$WIN_CFG_FILE | |
echo "ca ca.crt" >> $CLIENT/$WIN_CFG_FILE | |
echo "tls-auth ta.key 1" >> $CLIENT/$WIN_CFG_FILE | |
echo "cert $1.crt" >> $CLIENT/$WIN_CFG_FILE | |
echo "key $1.key" >> $CLIENT/$WIN_CFG_FILE | |
# -- Se arma la directiva para especificar el servidor y | |
# el puerto del servidor openvpn para un cliente windows. | |
if ! [ -z "$2" ]; then | |
# -- Se verifica si el puerto se recibió como argumento. | |
if ! [ -z "$3" ]; then | |
echo "remote $2 $3" >> $CLIENT/$WIN_CFG_FILE | |
else | |
echo "remote $2 $DEFAULT_SERVER_PORT" >> $CLIENT/$WIN_CFG_FILE | |
fi | |
else | |
echo "remote $DEFAULT_SERVER_IP $DEFAULT_SERVER_PORT" >> $CLIENT/$WIN_CFG_FILE | |
fi | |
# -- Se crea el archivo de configuración para Linux a partir del | |
# archivo de configuración de Windows generado anteriormente. | |
cp $CLIENT/$WIN_CFG_FILE $CLIENT/$LIN_CFG_FILE | |
echo "log-append /var/log/openvpn.log" >> $CLIENT/$LIN_CFG_FILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment