Last active
April 7, 2016 21:25
-
-
Save wmhaynes/b336dc1f93667855d7ce2d7b74a5faae to your computer and use it in GitHub Desktop.
Builds OpenVPN Client Files Automagically
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# Script to automate creating new OpenVPN clients | |
# Built off of H Cooper script of 5/2/11 at https://gist.github.com/hcooper/814247 | |
# William Haynes - Sabai Technology | |
OPENVPN_RSA_DIR=/etc/openvpn/easy-rsa | |
OPENVPN_KEYS=$OPENVPN_RSA_DIR/keys | |
echo $OPENVPN_RSA_DIR | |
KEY_DOWNLOAD_PATH="/etc/openvpn/clients" | |
#Make sure that download path exists | |
if [ ! -d "$KEY_DOWNLOAD_PATH" ]; then | |
mkdir $KEY_DOWNLOAD_PATH | |
fi | |
#Make sure that client file parts exist | |
if [ ! -d "$KEY_DOWNLOAD_PATH/clientfiles" ]; then | |
mkdir "$KEY_DOWNLOAD_PATH/clientfiles" | |
echo "client\ndev tun\nproto udp\nremote servername.yourdomain.com 1194\nresolv-retry infinite\ncomp-lzo\nlink-mtu 1542\nmssfix 1300\nnobind\ndhcp-option DNS 208.67.222.222\nscript-security 2\npersist-key\npersist-tun\n<ca>" > "$KEY_DOWNLOAD_PATH/clientfiles/head" | |
echo "</ca>\n<cert>" > "$KEY_DOWNLOAD_PATH/clientfiles/cacert" | |
echo "</cert>\n<key>" > "$KEY_DOWNLOAD_PATH/clientfiles/certkey" | |
echo "</key>\nup /etc/openvpn/update-resolv-conf\ndown /etc/openvpn/update-resolv-conf" > "$KEY_DOWNLOAD_PATH/clientfiles/tail" | |
fi | |
# Either read the CN from $1 or prompt for it | |
if [ -z "$1" ]; then | |
echo -n "Enter new client common name (CN): " | |
read -e CN | |
else | |
CN=$1 | |
fi | |
# Ensure CN isn't blank | |
if [ -z "$CN" ]; then | |
echo "You must provide a CN." | |
exit | |
fi | |
# Check the CN doesn't already exist | |
if [ -f $OPENVPN_KEYS/$CN.crt ] | |
then echo "Error: certificate with the CN $CN alread exists!" | |
echo " $OPENVPN_KEYS/$CN.crt" | |
exit | |
fi | |
# Enter the easy-rsa directory and establish the default variables | |
cd $OPENVPN_RSA_DIR | |
. /etc/openvpn/easy-rsa/vars > /dev/null | |
# Copied from build-key script (to ensure it works!) | |
export EASY_RSA="${EASY_RSA:-.}" | |
"$EASY_RSA/pkitool" --batch $CN | |
# Take the new cert and place it somewhere it can be downloaded securely | |
#zip -q $KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`.zip keys/$CN.crt keys/$CN.key keys/ca.crt | |
dir_key=$KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y` | |
mkdir $dir_key | |
cp keys/$CN.crt $dir_key/ | |
cp keys/$CN.key $dir_key/ | |
cp keys/ca.crt $dir_key/ | |
#start numbering at 10 if ip list does not exist. | |
if [ ! -f /etc/openvpn/ccd/client_ip ]; then | |
echo "10" > /etc/openvpn/ccd/client_ip | |
fi | |
read ip < /etc/openvpn/ccd/client_ip | |
# Celebrate! | |
echo "" | |
echo "##################################################################" | |
echo "COMPLETE! Find the $CN ovpn file in /home/william/$CN-`date +%d%m%y` " | |
echo "##################################################################" | |
echo "$CN ip is 10.8.0.$ip" | |
echo "##################################################################" | |
#change this configuration to whatever you need | |
echo "# $CN ccd configuration \nifconfig-push 10.8.0.$ip 255.255.255.0\npush \"dhcp-option DNS 10.8.101.1\"\npush \"dhcp-option DOMAIN test.cloudhub\"\n# Test Route Access\n#push \"route 192.168.1.200 255.255.255.255 10.8.101.16\"\n" > /etc/openvpn/ccd/$CN | |
#record the client list with IP and Name | |
if [ ! -f /etc/openvpn/ccd/client_list ]; then | |
echo "$ip $CN" > /etc/openvpn/ccd/client_list | |
else | |
echo "$ip $CN" >> /etc/openvpn/ccd/client_list | |
fi | |
ip=$(( $ip + 1)) | |
echo $ip > /etc/openvpn/ccd/client_ip | |
cd $dir_key | |
cat $KEY_DOWNLOAD_PATH/clientfiles/head > $CN.ovpn | |
cat $dir_key/ca.crt >> $CN.ovpn | |
cat $KEY_DOWNLOAD_PATH/clientfiles/cacert >> $CN.ovpn | |
cat $dir_key/$CN.crt >> $CN.ovpn | |
cat $KEY_DOWNLOAD_PATH/clientfiles/certkey >> $CN.ovpn | |
cat $dir_key/$CN.key >> $CN.ovpn | |
cat $KEY_DOWNLOAD_PATH/clientfiles/tail >> $CN.ovpn | |
sed -i '/<cert>/,/-----BEGIN/{//!d}' $CN.ovpn | |
cd $KEY_DOWNLOAD_PATH | |
read -p "Press any key to get $CN.ovpn file listing... " ans | |
cat $dir_key/$CN.ovpn | |
cd /etc/openvpn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment