Create a gist now

Instantly share code, notes, and snippets.

What would you like to do? by Eric Jodoin
# Default Variable Declarations
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client’s Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the
default file
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin
\ No newline at end of file

kraoc commented Apr 13, 2014

Please update from my Fork. You have some type and carriage problems :)


laurenorsini commented Apr 15, 2014

@kraoc, thank you so, so much. I warned people not to copy-paste and here I've done it myself!

dvisor1 commented Apr 16, 2014

Based on your document at, should DEFAULT="Defaults.txt" actually be DEFAULT="default.txt"


laurenorsini commented Apr 16, 2014

@dvisor1 good catch. Fixed so it's Default.txt for both now. It works either way, so long as you have the exact same name (complete with capitalization) in both places.

These quotes don't match, the starting quote is (") the ending quote is (”).

+echo "Done! $NAME$FILEEXT Successfully Created.”


laurenorsini commented Apr 23, 2014

@jmdearing thanks. Fixed!


I keep getting this error when I run the script:
./ line 46: default: command not found

Here's line 45, 46 & 47:

Ready to make a new .opvn file - Start by populating with the

default file

Should default file be on line 45?

Have the same problem as Andrew above:

"Please enter an existing Client Name:
Client.s cert found: Client1
Client.s Private Key found: Client1.3des.key
CA public Key found: ca.crt
tls-auth Private Key found: ta.key
./ line 39: default: command not found
Done! Client1.ovpn Successfully Created."

Also it didn't like the last sentence on the script stating

"./ line 60: No:command not found!."

So I simply deleted everything on that line apart from ""

@laurenorsini line 46 default line belongs to its previous line, that's why people get these errors. So line 45 should be:
#Ready to make a new .opvn file - Start by populating with the default file.

Imported the OVPN file to Android and iOS, both give me this error:

PolarSSL cert certificate is undefined

Someone in the comments of the article said he believes it may be related to this script?

i keep getting this error when I run the script:
cat: Default.txt: No such file or directory

Best regards

7ewis, I get the same error. Any luck finding the cause?



i found the error.
I had the "Default.txt" in /etc/openvpn/easy-rsa and not in /keys...

Best regards

I was getting a line 46 and 72 error until I realized the comments (#'s) are missing for those.. It should be:
# default file


# \ No newline at end of file

I have a problem when I run ./
I get the first error message: [Error]: Client Public Key Certificate not found: .crt
But I can clearly see that I have a Client1.crt file in my .../easy-rsa/keys/ directory
Where else do I look? I've already cleared all the keys and started over once.

entozoon commented Nov 6, 2014

mmaybeno is absolutely right about those issues, the original post should be modified to fix it!!

tcco commented Jan 14, 2015

Hello @smaroukis,

I had the same error and found the fix. Make sure you are using all caps to match the $NAME$... Since it only shows .crt that means name is not read correctly.


bzyg7b commented Mar 25, 2015

I keep getting a can't find TLS error? how do i create this file for my client files?

WAGPHN commented May 29, 2015

I figured out the error for TLS.

I accidentally wrote my script to look for a file called ta.crt
Turns out there is no such file. OpenVPN creates ta.key

Check to see if you made the same mistake.
If so, change the TA variable value at the top of the script to ta.key and you should not have a problem.

Hope this helps!

branmart commented Jun 9, 2015

Can confirm that @coolaj86 fix issues I had and successfully created the clients

This appears to work for me but when I run it it asks me to enter the client name which I do. It then displays
Client's cert found: jamespc
Client's Private Key found: jamespc.3des.key
CA Public Key Found: ca.crt
tls-auth Private Key found: ta.key

Then just appears to hang. Is anyone able to point me in the right direction of what may have gone wrong please? Thanks

Hi everyone, hopefully I'm not to late to the party, as I've got an issue with mine.

I have everything to work, and corrected the errors as mentioned above. However I get the following below.

Please enter an existing Client Name:
Client’s cert found: jamesiphone
Client’s Private Key found: jamesiphone.3des.key
CA public Key found: ca.crt
tls-auth Private Key found: ta.key
cat: Default.txt: No such file or directory
Done! jamesiphone.ovpn Successfully Created.

It says it has done it successfully, but I don't understand the cat: default.text error?

Any helps greatly appreciated , thanks.

There's a pound symbol (#) missing from the beginning of line 46, resulting in the following output: "default: command not found." Fortunately, it doesn't actually affect the functionality of the script, unless you have a program or alias named "default."

kalaido commented Dec 28, 2015

Hi guys! Sorry I am still a Linux noob and just can't find the problem with the script.

I was using the latest script, however I keep on getting the following error:

Please enter an existing Client Name:
[ERROR]: Client Public Key Certificate not found: client1.crt

However, the client1.crt file is located in the /keys folder.

Any ideas? Thank you very much!


I'm busy following the tutorial now, and encountered the same problem you did - the key existed in the folder, but ./ returned Client Public Key Certificate not found.

I ended up succeeding, but I don't know what of the following worked. In order -

  1. Replace the code above with this newer version, save and commit -

  2. Reboot the Pi

  3. Open a terminal or go in with ssh

  4. sudo su

  5. cd /etc/openvpn/easy-rsa/keys/

  6. Execute the script

I suspect I was either no in the right directory, or that the Pi needed a reboot for something to take effect.

Hope it works for you!

soehlert commented Feb 7, 2016


It was step 5 that did if for you. If you weren't in the right directory, it wouldn't be able to find those files since the script is set up to look in the current working directory only for those files. You could hardcode the full path if you wanted to be able to run the script from elsewhere.

ccclapp commented Feb 17, 2016

Hi Lauren and others

Thank you very much for your code and tutorial!!!
I was not able to get OpenVPN working on a new Jessie install, but did find an auto-install fork (not actually a fork, but which credits your work). I ran it and it performs the install, server cert and client cert. I thought you and others may be interested in this approach, so I am linking to it here:


Trumpy commented Mar 20, 2016

Commented out 2 lines that kept throwing an error.

jdeeewp commented May 5, 2016

just followed this, i think using the latest script posted by trumpy

got "PolarSSL cert certificate is undefined" from my iphone

its because my Default.txt file needed a line break at the end (Or another script update)

basically <ca> needs to be on its own line in the ovpn file

This is what got me passed the ta.key not found problem. Little weary that the first part of the installation did not do something it should of, but now I have a .ovpn file.

For some reason I did not have a ta.key file in the first place so I ran this

openvpn --genkey --secret /etc/openvpn/easy-rsa/keys

this will create the ta.key...

Using the scripts changes from coolaj86 and running the script from /etc/openvpn/easy-rsa/keys worked.

It created my .ovpn file.

On to the next step, hope that helps...

How would I make this so I am able to use my VPN from any outside network?

maans88 commented Sep 13, 2016

I'm getting ta.key not found, this error exactly: [ERROR]: tls-auth Key not found: ta.key

I think in the line 46 a "#" is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment