70 lines
1.3 KiB
Bash
70 lines
1.3 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
|
set -euo pipefail
|
||
|
|
|
||
|
|
if [[ $# -ne 4 ]]; then
|
||
|
|
cat >&2 <<USAGE
|
||
|
|
Usage: $0 /path/to/ca.crt /path/to/clientname.crt /path/to/clientname.key /path/to/ta.key
|
||
|
|
Example: ./gen-client.sh /etc/openvpn/ca.crt ./client1.crt ./client1.key ./ta.key
|
||
|
|
This writes output to stdout and also saves to ./<clientname>.ovpn
|
||
|
|
USAGE
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
ca="$1"
|
||
|
|
cert="$2"
|
||
|
|
key="$3"
|
||
|
|
ta="$4"
|
||
|
|
|
||
|
|
# verify files exist and are readable
|
||
|
|
for f in "$ca" "$cert" "$key" "$ta"; do
|
||
|
|
if [[ ! -r "$f" ]]; then
|
||
|
|
echo "Error: cannot read file '$f'." >&2
|
||
|
|
exit 2
|
||
|
|
fi
|
||
|
|
done
|
||
|
|
|
||
|
|
# derive client name from certificate filename (remove extension)
|
||
|
|
clientname="$(basename "$cert")"
|
||
|
|
clientname="${clientname%.*}"
|
||
|
|
outfile="${clientname}.ovpn"
|
||
|
|
|
||
|
|
# build and write config (also send to stdout). Use a block to avoid command-substitution problems with large files.
|
||
|
|
{
|
||
|
|
cat <<'HEADER'
|
||
|
|
client
|
||
|
|
dev tun
|
||
|
|
proto udp
|
||
|
|
remote 14.241.240.102 1194 # use FTP IP address
|
||
|
|
resolv-retry infinite
|
||
|
|
nobind
|
||
|
|
persist-key
|
||
|
|
persist-tun
|
||
|
|
remote-cert-tls server
|
||
|
|
cipher AES-256-GCM
|
||
|
|
# push mac address info
|
||
|
|
push-peer-info
|
||
|
|
verb 3
|
||
|
|
|
||
|
|
HEADER
|
||
|
|
|
||
|
|
echo "<ca>"
|
||
|
|
cat "$ca"
|
||
|
|
echo "</ca>"
|
||
|
|
echo
|
||
|
|
echo "<cert>"
|
||
|
|
cat "$cert"
|
||
|
|
echo "</cert>"
|
||
|
|
echo
|
||
|
|
echo "<key>"
|
||
|
|
cat "$key"
|
||
|
|
echo "</key>"
|
||
|
|
echo
|
||
|
|
echo "<tls-auth>"
|
||
|
|
cat "$ta"
|
||
|
|
echo "</tls-auth>"
|
||
|
|
echo "key-direction 1"
|
||
|
|
} | tee "$outfile"
|
||
|
|
|
||
|
|
echo "Wrote config to ./${outfile}"
|
||
|
|
|