Created
May 2, 2011 22:06
-
-
Save pklaus/952469 to your computer and use it in GitHub Desktop.
Automation for client files creation on OpenVPN setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# <http://blog.philippklaus.de/2010/09/openvpn/> | |
set -x | |
#SERVERNAME=$(hostname) | |
SERVERNAME=$(ifconfig | grep -A 5 eth0 | grep -w 'inet addr' | tr '\t' ' ' | cut -d ':' -f 2 | cut -d ' ' -f 1) | |
read -e -p "Please enter the server you want your clients to connect to [default: $SERVERNAME]: " input | |
SERVERNAME="${input:-$SERVERNAME}" | |
HOSTNAME="somehost"; input='' | |
read -e -p "Please enter the hostname you want to create the certificates for [default: $HOSTNAME]: " input | |
HOSTNAME="${input:-$HOSTNAME}" | |
olddir=`pwd`; cd /etc/openvpn/easy-rsa | |
# Check if all needed files are available: | |
if [ ! -f vars ]; then | |
echo "The file \`vars\` does not exist. Stopping"; exit 1 | |
fi | |
source vars | |
# Create a folder for all the keys, configuration files and helpers: | |
to="/etc/openvpn/easy-rsa/keys/$SERVERNAME" | |
mkdir $to | |
# Create the certificates $HOSTNAME.crt and $HOSTNAME.key | |
./pkitool $HOSTNAME | |
cp keys/$HOSTNAME.crt keys/$HOSTNAME.key $to | |
# Create a file with all the custom variables: | |
cat << EOF > $to/settings.conf.sh | |
#!/bin/bash | |
# This file contains all the shell script variables for your OpenVPN setup | |
HOSTNAME="$HOSTNAME" | |
SERVERNAME="$SERVERNAME" | |
CONFDIR="/etc/openvpn/$SERVERNAME" | |
CONFFILE="$HOSTNAME.ovpn" | |
PIDDIR="/var/run/openvpn" | |
PIDFILE="$SERVERNAME.pid" | |
EOF | |
cd /etc/openvpn | |
# Customize the client configuration file template | |
cp template.client.ovpn $to/$HOSTNAME.ovpn | |
sed -i "s/HOSTNAME/$HOSTNAME/g" $to/$HOSTNAME.ovpn | |
# Copy other needed files: | |
cp template.start-vpn.sh $to/start-vpn.sh | |
cp template.stop-vpn.sh $to/stop-vpn.sh | |
cp template.up.sh $to/up.sh | |
cp template.down.sh $to/down.sh | |
cp ca.crt ta.key $to | |
chmod +x $to/up.sh $to/down.sh $to/start-vpn.sh $to/stop-vpn.sh | |
cd /etc/openvpn/easy-rsa/keys | |
# Create a bundle with all the files needed by the client and move it: | |
tar cjf $HOSTNAME.tar.bz2 $SERVERNAME && rm -rf $SERVERNAME && chmod 777 $HOSTNAME.tar.bz2 && mv $HOSTNAME.tar.bz2 /etc/openvpn | |
echo "Created the file /etc/openvpn/$HOSTNAME.tar.bz2 with all the files needed for the OpenVPN configuration on the client. | |
If you want to revoke a certificate, run \`cd /etc/openvpn/easy-rsa; . vars; revoke-full $HOSTNAME\`. More information on <http://openvpn.net/howto.html#revoke>" | |
cd $olddir |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
client | |
dev tun | |
auth-nocache | |
proto tcp-client | |
remote philippklaus.de 1194 | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
ca ca.crt | |
cert HOSTNAME.crt | |
key HOSTNAME.key | |
ns-cert-type server | |
tls-auth ta.key 1 | |
comp-lzo | |
verb 3 | |
log ./openvpn.log | |
; now also set the dns entry: | |
up ./up.sh | |
script-security 2 | |
down ./down.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
mv /etc/resolv.conf.hold /etc/resolv.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
source settings.conf.sh | |
mkdir -p $PIDDIR | |
rm $PIDDIR/$PIDFILE | |
cd $CONFDIR | |
openvpn --daemon --cd $CONFDIR --config $CONFDIR/$CONFFILE --writepid $PIDDIR/$PIDFILE | |
sleep 4 | |
### If the client you are connecting here is a router and you want it to forward the traffic for its subnet to the VPN (and your OpenVPN server configuration is set to forward all traffic through the tunnel), then uncomment these lines: | |
#iptables -I FORWARD -o tun+ -j ACCEPT | |
#iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
source settings.conf.sh | |
proc_id=`cat $PIDDIR/$PIDFILE` | |
kill -SIGTERM $proc_id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# <http://openvpn.net/archive/openvpn-users/2006-10/msg00217.html> | |
# script to automatically set DNS information on connection | |
mv /etc/resolv.conf /etc/resolv.conf.hold # back up old file | |
for OPTION in "${foreign_option_1}" "${foreign_option_2}" "${foreign_option_3}" "${foreign_option_4}" "${foreign_option_5}" "${foreign_option_6}" | |
do | |
if [ -z "${OPTION}" ]; then | |
break | |
fi | |
if [ -n "$(echo ${OPTION} | grep DOMAIN)" ] || [ -n "$(echo ${OPTION} | grep DNS)" ]; then | |
echo ${OPTION} |sed -e 's/dhcp-option DOMAIN/search/g' -e 's/dhcp-option DNS/nameserver/g' >> /etc/resolv.conf | |
fi | |
done | |
if [ ! -f /etc/resolv.conf ]; then # openvpn did not set any DNS information | |
mv /etc/resolv.conf.hold /etc/resolv.conf | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment