Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Using the "standard" locations for openvpn settings this will create a self contained file for connecting
sudo iptables -A INPUT -i tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
# be sure to replace with whatever is in your settings, this example for default install
sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
die () {
echo >&2 "$@"
exit 1
[ "$#" -eq 1 ] || die "1 USER argument required, $# provided"
# Users directory :: /etc/openvpn/users/
mkdir -p /etc/openvpn/users/$USER
# for example default install, otherwise use your own client.conf kept in a better spot for better defaults
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/users/$USER/$USER.ovpn
cd /etc/openvpn/easy-rsa
. ./vars
./pkitool $USER
cd /etc/openvpn/users/$USER
sed -i -- 's/ca ca.crt/# ca ca.crt/g' $USER.ovpn
sed -i -- 's/cert client.crt/# cert client.crt/g' $USER.ovpn
sed -i -- 's/key client.key/# key client.key/g' $USER.ovpn
echo "<ca>" >> $USER.ovpn
cat /etc/openvpn/ca.crt >> $USER.ovpn
echo "</ca>" >> $USER.ovpn
echo "<cert>" >> $USER.ovpn
cat /etc/openvpn/easy-rsa/keys/$USER.crt >> $USER.ovpn
echo "</cert>" >> $USER.ovpn
echo "<key>" >> $USER.ovpn
cat /etc/openvpn/easy-rsa/keys/$USER.key >> $USER.ovpn
echo "</key>" >> $USER.ovpn
cp $USER.ovpn /tmp/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment