Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to generate an OpenVPN client configuration file in the unified format
#!/bin/sh
##
## Usage: ./ovpn-writer.sh SERVER CA_CERT CLIENT_CERT CLIENT_KEY SHARED_SECRET > client.ovpn
##
server=${1?"The server address is required"}
cacert=${2?"The path to the ca certificate file is required"}
client_cert=${3?"The path to the client certificate file is required"}
client_key=${4?"The path to the client private key file is required"}
tls_key=${5?"The path to the TLS shared secret file is required"}
cat << EOF
client
dev tun
remote ${server}
resolv-retry infinite
nobind
persist-key
persist-tun
ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1
verb 1
keepalive 10 120
port 1194
proto udp
cipher BF-CBC
comp-lzo
remote-cert-tls server
<ca>
EOF
cat ${cacert}
cat << EOF
</ca>
<cert>
EOF
cat ${client_cert}
cat << EOF
</cert>
<key>
EOF
cat ${client_key}
cat << EOF
</key>
<tls-auth>
EOF
cat ${tls_key}
cat << EOF
</tls-auth>
EOF
@jasontucker

This comment has been minimized.

jasontucker commented Jan 9, 2015

Thanks for this, its simple and just works :)

@crkochan

This comment has been minimized.

crkochan commented Apr 28, 2016

The iOS OpenVPN client balks at the ovpn files produced by this.

Specifically, it doesn't like the lines with '[inline]' in them. To get it to work, I have to remove those lines while retaining the actual cert data encapsulated in their respective xml style angle brackets.

Additionally, I have to add a 'key-direction' line.

@graysky2

This comment has been minimized.

graysky2 commented Jul 30, 2016

@trovao - Thank you for sharing this (hit #2 on a google search of "openvpn make ovpn file")
@crkochan - Any chance you can post the modified code you mentioned that generates an iOS-friendly ovpn file?

EDIT: See my fork which seems to be working on iOS 9.3.3.

@sfunk1x

This comment has been minimized.

sfunk1x commented Aug 26, 2016

Forked - added server cipher and auth digest for those that have locked down the service a bit more and require clients to provide matching values.

@vladimirOVV

This comment has been minimized.

vladimirOVV commented Nov 1, 2016

Today i got similar problem. I wrote app on java which is able to find in current directory all the files *.conf, ca.crt, ta.key, *.crt and *.key and correctly joining to *.ovpn files with corresponding sections. If you need it, send my request to rk_vladimir@mail.ru

@thosch66

This comment has been minimized.

thosch66 commented Jun 20, 2018

EDIT: See my fork which seems to be working on iOS 9.3.3.

@graysky2: Cannot find your fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment