Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save mastier/102d6f5ebe513dc1ba61a1fb2d547156 to your computer and use it in GitHub Desktop.
Save mastier/102d6f5ebe513dc1ba61a1fb2d547156 to your computer and use it in GitHub Desktop.
openvpn-embed-certificates.sh
#!/bin/bash
set +e
backup() {
if [[ -e "$1.backup" ]]; then
echo "Backup file already exists! Remove if necessary."
exit 10
fi
echo "Creating backup of $1 in $1.backup" >&2
cp "$1"{,.backup}
}
embed_credential() {
config_path="$1"
file_type="$2"
file_path="$3"
{ echo "###############" ;
echo "<$file_type>" ;
grep -zoP '(-----BEGIN)(?s).*(-----END).*(-----)' "$file_path" | tr -d '\0';
#tr -d '\0' < "$file_path" ;
echo ;
echo "</$file_type>" ;} >> "$config_path"
}
embed() {
config_path="$1"
if ! grep -E "^(tls-auth|ca|cert|key) " "$config_path" >/dev/null; then
echo "No certificates to embed!"
exit 2
fi
key_direction="$(grep -E "^tls-auth " "$config_path" | awk '{ print $3;}')"
echo "key-direction $key_direction" >> "$config_path"
for ftype in tls-auth ca cert key; do
file_path="$(grep -E "^$ftype " "$config_path" | awk '{ print $2;}')"
embed_credential "$config_path" "$ftype" "$file_path"
sed -i -e "/^$ftype .*$/d" "$config_path"
done
echo "Certificates successfully embedded!"
}
remove_default_route() {
config_path="$1"
{ echo "pull-filter ignore \"redirect-gateway\"";
echo "pull-filter ignore \"route 0.0.0.0 0.0.0.0\""; } >> "$config_path"
}
main() {
if [[ ! -f "$1" ]]; then
echo "ERROR! No such file $1"
exit 1
fi
backup "$1"
remove_default_route "$1"
embed "$1"
}
main "$1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment