Skip to content

Instantly share code, notes, and snippets.

@laurenorsini
Last active June 28, 2024 05:47
Show Gist options
  • Save laurenorsini/10013430 to your computer and use it in GitHub Desktop.
Save laurenorsini/10013430 to your computer and use it in GitHub Desktop.
MakeOpenVPN.sh by Eric Jodoin
#!/bin/bash
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".3des.key"
CA="ca.crt"
TA="ta.key"
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client’s Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
exit
fi
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
exit
fi
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the
default file
cat $DEFAULT > $NAME$FILEEXT
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
cat $CA >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
cat $NAME$KEY >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
cat $TA >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin
\ No newline at end of file
@samueldolha
Copy link

There's a pound symbol (#) missing from the beginning of line 46, resulting in the following output: "default: command not found." Fortunately, it doesn't actually affect the functionality of the script, unless you have a program or alias named "default."

@kalaido
Copy link

kalaido commented Dec 28, 2015

Hi guys! Sorry I am still a Linux noob and just can't find the problem with the script.

I was using the latest script, however I keep on getting the following error:

Please enter an existing Client Name:
client1
[ERROR]: Client Public Key Certificate not found: client1.crt

However, the client1.crt file is located in the /keys folder.

Any ideas? Thank you very much!

@riazarbi
Copy link

@kalaido

I'm busy following the tutorial now, and encountered the same problem you did - the key existed in the folder, but ./MakeOVPN.sh returned Client Public Key Certificate not found.

I ended up succeeding, but I don't know what of the following worked. In order -

  1. Replace the code above with this newer version, save and commit - https://gist.githubusercontent.com/coolaj86/4120d90e57d1d01cd59f/raw/MakeOpenVPN.sh

  2. Reboot the Pi

  3. Open a terminal or go in with ssh

  4. sudo su

  5. cd /etc/openvpn/easy-rsa/keys/

  6. Execute the script

I suspect I was either no in the right directory, or that the Pi needed a reboot for something to take effect.

Hope it works for you!

@soehlert
Copy link

soehlert commented Feb 7, 2016

@riazarbi

It was step 5 that did if for you. If you weren't in the right directory, it wouldn't be able to find those files since the script is set up to look in the current working directory only for those files. You could hardcode the full path if you wanted to be able to run the script from elsewhere.

@ccclapp
Copy link

ccclapp commented Feb 17, 2016

Hi Lauren and others

Thank you very much for your code and tutorial!!!
I was not able to get OpenVPN working on a new Jessie install, but did find an auto-install fork (not actually a fork, but which credits your work). I ran it and it performs the install, server cert and client cert. I thought you and others may be interested in this approach, so I am linking to it here:

https://github.com/StarshipEngineer/OpenVPN-Setup

Thanks

@jordan31bit
Copy link

Commented out 2 lines that kept throwing an error.
https://gist.github.com/Trumpy/9a1326a2992028a5a8e3

@jdeeewp
Copy link

jdeeewp commented May 5, 2016

just followed this, i think using the latest script posted by trumpy

got "PolarSSL cert certificate is undefined" from my iphone

its because my Default.txt file needed a line break at the end (Or another script update)

basically <ca> needs to be on its own line in the ovpn file

@KossBoss1
Copy link

This is what got me passed the ta.key not found problem. Little weary that the first part of the installation did not do something it should of, but now I have a .ovpn file.

For some reason I did not have a ta.key file in the first place so I ran this

openvpn --genkey --secret /etc/openvpn/easy-rsa/keys

this will create the ta.key...

Using the scripts changes from coolaj86 and running the script from /etc/openvpn/easy-rsa/keys worked.

It created my .ovpn file.

On to the next step, hope that helps...

@Samrath4285
Copy link

How would I make this so I am able to use my VPN from any outside network?

Copy link

ghost commented Sep 13, 2016

I'm getting ta.key not found, this error exactly: [ERROR]: tls-auth Key not found: ta.key

@jose-goncabel
Copy link

I think in the line 46 a "#" is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment