Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
MakeOpenVPN.sh by Eric Jodoin
#!/bin/bash
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".3des.key"
CA="ca.crt"
TA="ta.key"
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client’s Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
exit
fi
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
exit
fi
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the
default file
cat $DEFAULT > $NAME$FILEEXT
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
cat $CA >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
cat $NAME$KEY >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
cat $TA >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin
\ No newline at end of file
@kraoc

Please update from my Fork. You have some type and carriage problems :)

@laurenorsini

@kraoc, thank you so, so much. I warned people not to copy-paste and here I've done it myself!

@dvisor1

Based on your document at http://readwrite.com/2014/04/11/building-a-raspberry-pi-vpn-part-two-creating-an-encrypted-client-side#awesm=~oBCBdzyUX8lr5v, should DEFAULT="Defaults.txt" actually be DEFAULT="default.txt"

@laurenorsini

@dvisor1 good catch. Fixed so it's Default.txt for both now. It works either way, so long as you have the exact same name (complete with capitalization) in both places.

@lifeweaver

These quotes don't match, the starting quote is (") the ending quote is (”).

+echo "Done! $NAME$FILEEXT Successfully Created.”

@laurenorsini

@jmdearing thanks. Fixed!

@andrewjs18

Hi,

I keep getting this error when I run the script:
./MakeOPVN.sh: line 46: default: command not found

Here's line 45, 46 & 47:
#Ready to make a new .opvn file - Start by populating with the
default file
cat $DEFAULT > $NAME$FILEEXT

Should default file be on line 45?

@Ali3n0id

Have the same problem as Andrew above:

"Please enter an existing Client Name:
Client1
Client.s cert found: Client1
Client.s Private Key found: Client1.3des.key
CA public Key found: ca.crt
tls-auth Private Key found: ta.key
./MakeOPVN.sh: line 39: default: command not found
Done! Client1.ovpn Successfully Created."

Also it didn't like the last sentence on the script stating

"./MakeOPVN.sh: line 60: No:command not found!."

So I simply deleted everything on that line apart from "\"

@Tuxified

@laurenorsini line 46 default line belongs to its previous line, that's why people get these errors. So line 45 should be:
#Ready to make a new .opvn file - Start by populating with the default file.

@LewisLebentz

Imported the OVPN file to Android and iOS, both give me this error:

PolarSSL cert certificate is undefined

Someone in the comments of the article said he believes it may be related to this script?

@triplex0815

Hi,
i keep getting this error when I run the script:
cat: Default.txt: No such file or directory

Best regards
Kevin

@thardbarger

7ewis, I get the same error. Any luck finding the cause?

Regards,

Tom

@triplex0815

Hello,
i found the error.
I had the "Default.txt" in /etc/openvpn/easy-rsa and not in /keys...

Best regards
Kevin

@mmaybeno

I was getting a line 46 and 72 error until I realized the comments (#'s) are missing for those.. It should be:
# default file

and

# \ No newline at end of file

@smaroukis

I have a problem when I run ./MakeOPVN.sh
I get the first error message: [Error]: Client Public Key Certificate not found: .crt
But I can clearly see that I have a Client1.crt file in my .../easy-rsa/keys/ directory
Where else do I look? I've already cleared all the keys and started over once.

@entozoon

mmaybeno is absolutely right about those issues, the original post should be modified to fix it!!

@scoobykid92

Hello @smaroukis,

I had the same error and found the fix. Make sure you are using all caps to match the $NAME$... Since it only shows .crt that means name is not read correctly.
Best,

Tim

@bzyg7b

I keep getting a can't find TLS error? how do i create this file for my client files?

@WAGPHN

I figured out the error for TLS.

I accidentally wrote my script to look for a file called ta.crt
Turns out there is no such file. OpenVPN creates ta.key

Check to see if you made the same mistake.
If so, change the TA variable value at the top of the script to ta.key and you should not have a problem.

Hope this helps!

@branmart

Can confirm that @coolaj86 fix issues I had and successfully created the clients

@jamesd1978

This appears to work for me but when I run it it asks me to enter the client name which I do. It then displays
Client's cert found: jamespc
Client's Private Key found: jamespc.3des.key
CA Public Key Found: ca.crt
tls-auth Private Key found: ta.key

Then just appears to hang. Is anyone able to point me in the right direction of what may have gone wrong please? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.