wmhaynes/OpenVPN_Building_Script.sh

## OpenVPN_Building_Script.sh
#! /bin/bash
# Script to automate creating new OpenVPN clients
# Built off of H Cooper script of 5/2/11 at https://gist.github.com/hcooper/814247
# William Haynes - Sabai Technology
OPENVPN_RSA_DIR=/etc/openvpn/easy-rsa
OPENVPN_KEYS=$OPENVPN_RSA_DIR/keys
echo $OPENVPN_RSA_DIR
KEY_DOWNLOAD_PATH="/etc/openvpn/clients"
#Make sure that download path exists
if [ ! -d "$KEY_DOWNLOAD_PATH" ]; then
  mkdir $KEY_DOWNLOAD_PATH
fi
#Make sure that client file parts exist
if [ ! -d "$KEY_DOWNLOAD_PATH/clientfiles" ]; then
  mkdir "$KEY_DOWNLOAD_PATH/clientfiles"
  echo "client\ndev tun\nproto udp\nremote servername.yourdomain.com 1194\nresolv-retry infinite\ncomp-lzo\nlink-mtu 1542\nmssfix 1300\nnobind\ndhcp-option DNS 208.67.222.222\nscript-security 2\npersist-key\npersist-tun\n<ca>" > "$KEY_DOWNLOAD_PATH/clientfiles/head"
  echo "</ca>\n<cert>" > "$KEY_DOWNLOAD_PATH/clientfiles/cacert"
  echo "</cert>\n<key>" > "$KEY_DOWNLOAD_PATH/clientfiles/certkey"
  echo "</key>\nup /etc/openvpn/update-resolv-conf\ndown /etc/openvpn/update-resolv-conf" > "$KEY_DOWNLOAD_PATH/clientfiles/tail"
fi
# Either read the CN from $1 or prompt for it
if [ -z "$1" ]; then
        echo -n "Enter new client common name (CN): "
        read -e CN
else
        CN=$1
fi
# Ensure CN isn't blank
if [ -z "$CN" ]; then
        echo "You must provide a CN."
        exit
fi

# Check the CN doesn't already exist
if [ -f $OPENVPN_KEYS/$CN.crt ]
        then echo "Error: certificate with the CN $CN alread exists!"
                echo "    $OPENVPN_KEYS/$CN.crt"
        exit
fi

# Enter the easy-rsa directory and establish the default variables
cd $OPENVPN_RSA_DIR
. /etc/openvpn/easy-rsa/vars > /dev/null

# Copied from build-key script (to ensure it works!)
export EASY_RSA="${EASY_RSA:-.}"
"$EASY_RSA/pkitool" --batch $CN

# Take the new cert and place it somewhere it can be downloaded securely
#zip -q $KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`.zip keys/$CN.crt keys/$CN.key keys/ca.crt
dir_key=$KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`
mkdir $dir_key
cp keys/$CN.crt $dir_key/
cp keys/$CN.key $dir_key/
cp keys/ca.crt $dir_key/

#start numbering at 10 if ip list does not exist.
if [ ! -f /etc/openvpn/ccd/client_ip ]; then
    echo "10" > /etc/openvpn/ccd/client_ip
fi
read ip < /etc/openvpn/ccd/client_ip
# Celebrate!
echo ""
echo "##################################################################"
echo "COMPLETE! Find the $CN ovpn file in /home/william/$CN-`date +%d%m%y` "
echo "##################################################################"
echo "$CN ip is 10.8.0.$ip"
echo "##################################################################"
#change this configuration to whatever you need
echo "# $CN ccd configuration \nifconfig-push 10.8.0.$ip 255.255.255.0\npush \"dhcp-option DNS 10.8.101.1\"\npush \"dhcp-option DOMAIN test.cloudhub\"\n# Test Route Access\n#push \"route 192.168.1.200 255.255.255.255 10.8.101.16\"\n" > /etc/openvpn/ccd/$CN

#record the client list with IP and Name
if [ ! -f /etc/openvpn/ccd/client_list ]; then
    echo "$ip $CN" > /etc/openvpn/ccd/client_list
    else
    echo "$ip $CN" >> /etc/openvpn/ccd/client_list
fi

ip=$(( $ip + 1))
echo $ip > /etc/openvpn/ccd/client_ip
cd $dir_key
cat $KEY_DOWNLOAD_PATH/clientfiles/head > $CN.ovpn
cat $dir_key/ca.crt >> $CN.ovpn
cat $KEY_DOWNLOAD_PATH/clientfiles/cacert >> $CN.ovpn
cat $dir_key/$CN.crt >> $CN.ovpn
cat $KEY_DOWNLOAD_PATH/clientfiles/certkey >> $CN.ovpn
cat $dir_key/$CN.key >> $CN.ovpn
cat $KEY_DOWNLOAD_PATH/clientfiles/tail >> $CN.ovpn
sed -i '/<cert>/,/-----BEGIN/{//!d}' $CN.ovpn
cd  $KEY_DOWNLOAD_PATH
read -p "Press any key to get $CN.ovpn file listing... " ans
cat $dir_key/$CN.ovpn
cd /etc/openvpn
	#! /bin/bash
	# Script to automate creating new OpenVPN clients
	# Built off of H Cooper script of 5/2/11 at https://gist.github.com/hcooper/814247
	# William Haynes - Sabai Technology
	OPENVPN_RSA_DIR=/etc/openvpn/easy-rsa
	OPENVPN_KEYS=$OPENVPN_RSA_DIR/keys
	echo $OPENVPN_RSA_DIR
	KEY_DOWNLOAD_PATH="/etc/openvpn/clients"
	#Make sure that download path exists
	if [ ! -d "$KEY_DOWNLOAD_PATH" ]; then
	mkdir $KEY_DOWNLOAD_PATH
	fi
	#Make sure that client file parts exist
	if [ ! -d "$KEY_DOWNLOAD_PATH/clientfiles" ]; then
	mkdir "$KEY_DOWNLOAD_PATH/clientfiles"
	echo "client\ndev tun\nproto udp\nremote servername.yourdomain.com 1194\nresolv-retry infinite\ncomp-lzo\nlink-mtu 1542\nmssfix 1300\nnobind\ndhcp-option DNS 208.67.222.222\nscript-security 2\npersist-key\npersist-tun\n<ca>" > "$KEY_DOWNLOAD_PATH/clientfiles/head"
	echo "</ca>\n<cert>" > "$KEY_DOWNLOAD_PATH/clientfiles/cacert"
	echo "</cert>\n<key>" > "$KEY_DOWNLOAD_PATH/clientfiles/certkey"
	echo "</key>\nup /etc/openvpn/update-resolv-conf\ndown /etc/openvpn/update-resolv-conf" > "$KEY_DOWNLOAD_PATH/clientfiles/tail"
	fi
	# Either read the CN from $1 or prompt for it
	if [ -z "$1" ]; then
	echo -n "Enter new client common name (CN): "
	read -e CN
	else
	CN=$1
	fi
	# Ensure CN isn't blank
	if [ -z "$CN" ]; then
	echo "You must provide a CN."
	exit
	fi

	# Check the CN doesn't already exist
	if [ -f $OPENVPN_KEYS/$CN.crt ]
	then echo "Error: certificate with the CN $CN alread exists!"
	echo " $OPENVPN_KEYS/$CN.crt"
	exit
	fi

	# Enter the easy-rsa directory and establish the default variables
	cd $OPENVPN_RSA_DIR
	. /etc/openvpn/easy-rsa/vars > /dev/null

	# Copied from build-key script (to ensure it works!)
	export EASY_RSA="${EASY_RSA:-.}"
	"$EASY_RSA/pkitool" --batch $CN

	# Take the new cert and place it somewhere it can be downloaded securely
	#zip -q $KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`.zip keys/$CN.crt keys/$CN.key keys/ca.crt
	dir_key=$KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`
	mkdir $dir_key
	cp keys/$CN.crt $dir_key/
	cp keys/$CN.key $dir_key/
	cp keys/ca.crt $dir_key/

	#start numbering at 10 if ip list does not exist.
	if [ ! -f /etc/openvpn/ccd/client_ip ]; then
	echo "10" > /etc/openvpn/ccd/client_ip
	fi
	read ip < /etc/openvpn/ccd/client_ip
	# Celebrate!
	echo ""
	echo "##################################################################"
	echo "COMPLETE! Find the $CN ovpn file in /home/william/$CN-`date +%d%m%y` "
	echo "##################################################################"
	echo "$CN ip is 10.8.0.$ip"
	echo "##################################################################"
	#change this configuration to whatever you need
	echo "# $CN ccd configuration \nifconfig-push 10.8.0.$ip 255.255.255.0\npush \"dhcp-option DNS 10.8.101.1\"\npush \"dhcp-option DOMAIN test.cloudhub\"\n# Test Route Access\n#push \"route 192.168.1.200 255.255.255.255 10.8.101.16\"\n" > /etc/openvpn/ccd/$CN

	#record the client list with IP and Name
	if [ ! -f /etc/openvpn/ccd/client_list ]; then
	echo "$ip $CN" > /etc/openvpn/ccd/client_list
	else
	echo "$ip $CN" >> /etc/openvpn/ccd/client_list
	fi

	ip=$(( $ip + 1))
	echo $ip > /etc/openvpn/ccd/client_ip
	cd $dir_key
	cat $KEY_DOWNLOAD_PATH/clientfiles/head > $CN.ovpn
	cat $dir_key/ca.crt >> $CN.ovpn
	cat $KEY_DOWNLOAD_PATH/clientfiles/cacert >> $CN.ovpn
	cat $dir_key/$CN.crt >> $CN.ovpn
	cat $KEY_DOWNLOAD_PATH/clientfiles/certkey >> $CN.ovpn
	cat $dir_key/$CN.key >> $CN.ovpn
	cat $KEY_DOWNLOAD_PATH/clientfiles/tail >> $CN.ovpn
	sed -i '/<cert>/,/-----BEGIN/{//!d}' $CN.ovpn
	cd $KEY_DOWNLOAD_PATH
	read -p "Press any key to get $CN.ovpn file listing... " ans
	cat $dir_key/$CN.ovpn
	cd /etc/openvpn