Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Generator of .ovpn files with hardened client config and embedded cert, key and ta.key.
client
dev tun
proto udp
remote <SERVER> <PORT>
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1 # <-- DO NOT change this! (server.conf must have: tls-auth ta.key 0)
cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
remote-cert-tls server # https://openvpn.net/howto.html#mitm
compress lzo
verb 3
#!/bin/bash
if [ ! $# -eq 3 ]; then
echo "Usage: ./ovpn_generator.sh [client_name] [server] [port]"
exit 1
fi
client_name="$1"
filename="$client_name"".ovpn"
server="$2"
port="$3"
if [ ! -f $client_name".crt" ]; then
echo "Error: $client_name.crt is missing. Have you generated the client cert and key?"
exit 1
fi
if [ ! -f $client_name".key" ]; then
echo "Error: $client_name.key is missing. Have you generated the client cert and key?"
exit 1
fi
if [ ! -f ta.key ]; then
echo "Error: ta.key is missing. Have you configured ta.key ?"
echo "Check https://openvpn.net/howto.html#mitm for more information."
exit 1
fi
echo "Building $filename ..."
cat ovpn_generator.conf > $filename
echo "<ca>" >> $filename
echo "</ca>" >> $filename
echo "<cert>" >> $filename
cat $client_name".crt" >> $filename
echo "</cert>" >> $filename
echo "<key>" >> $filename
cat $client_name".key" >> $filename
echo "</key>" >> $filename
echo "<tls-auth>" >> $filename
cat ta.key >> $filename
echo "</tls-auth>" >> $filename
sed -i "s/<SERVER>/$server/g" $filename
sed -i "s/<PORT>/$port/g" $filename
echo "Done!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.