Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to generate an OpenVPN client configuration file in the unified format
#!/bin/sh
##
## Usage: ./ovpn-writer.sh SERVER CA_CERT CLIENT_CERT CLIENT_KEY SHARED_SECRET > client.ovpn
##
server=${1?"The server address is required"}
cacert=${2?"The path to the ca certificate file is required"}
client_cert=${3?"The path to the client certificate file is required"}
client_key=${4?"The path to the client private key file is required"}
tls_key=${5?"The path to the TLS shared secret file is required"}
cat << EOF
client
dev tun
remote ${server}
resolv-retry infinite
nobind
persist-key
persist-tun
ca [inline]
cert [inline]
key [inline]
tls-auth [inline] 1
verb 1
keepalive 10 120
port 1194
proto udp
cipher BF-CBC
comp-lzo
remote-cert-tls server
<ca>
EOF
cat ${cacert}
cat << EOF
</ca>
<cert>
EOF
cat ${client_cert}
cat << EOF
</cert>
<key>
EOF
cat ${client_key}
cat << EOF
</key>
<tls-auth>
EOF
cat ${tls_key}
cat << EOF
</tls-auth>
EOF
@jasontucker

This comment has been minimized.

Copy link

commented Jan 9, 2015

Thanks for this, its simple and just works :)

@crkochan

This comment has been minimized.

Copy link

commented Apr 28, 2016

The iOS OpenVPN client balks at the ovpn files produced by this.

Specifically, it doesn't like the lines with '[inline]' in them. To get it to work, I have to remove those lines while retaining the actual cert data encapsulated in their respective xml style angle brackets.

Additionally, I have to add a 'key-direction' line.

@graysky2

This comment has been minimized.

Copy link

commented Jul 30, 2016

@trovao - Thank you for sharing this (hit #2 on a google search of "openvpn make ovpn file")
@crkochan - Any chance you can post the modified code you mentioned that generates an iOS-friendly ovpn file?

EDIT: See my fork which seems to be working on iOS 9.3.3.

@sfunk1x

This comment has been minimized.

Copy link

commented Aug 26, 2016

Forked - added server cipher and auth digest for those that have locked down the service a bit more and require clients to provide matching values.

@vladimirOVV

This comment has been minimized.

Copy link

commented Nov 1, 2016

Today i got similar problem. I wrote app on java which is able to find in current directory all the files *.conf, ca.crt, ta.key, *.crt and *.key and correctly joining to *.ovpn files with corresponding sections. If you need it, send my request to rk_vladimir@mail.ru

@thosch66

This comment has been minimized.

Copy link

commented Jun 20, 2018

EDIT: See my fork which seems to be working on iOS 9.3.3.

@graysky2: Cannot find your fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.