diff --git a/util/client/generate_client.py b/util/client/generate_client.py index 59e9acc..00e00af 100644 --- a/util/client/generate_client.py +++ b/util/client/generate_client.py @@ -3,6 +3,7 @@ Utility for generating OpenVPN client configuration files. """ import os +import subprocess def generate_client_config(username: str): """ @@ -11,19 +12,42 @@ def generate_client_config(username: str): Args: username: The username for which to generate the config. """ + easyrsa_dir = "/etc/openvpn/easy-rsa/" ca_path = "/home/arthur/openvpn-ca/pki/ca.crt" ta_path = "/home/arthur/openvpn-ca/ta.key" client_crt_path = f"/home/arthur/openvpn-ca/pki/issued/{username}.crt" client_key_path = f"/home/arthur/openvpn-ca/pki/private/{username}.key" output_path = f"/etc/openvpn/client/{username}.ovpn" - # Verify that all required files exist + # Step 1: Generate the client certificate + print(f"Generating certificate for user: {username}...") + try: + command = ["./easyrsa", "build-client-full", username, "nopass"] + process = subprocess.run( + command, + cwd=easyrsa_dir, + check=True, + capture_output=True, + text=True + ) + print(process.stdout) + print("Certificate generated successfully.") + except FileNotFoundError: + print(f"Error: 'easyrsa' script not found in {easyrsa_dir}. Please check the path.") + return + except subprocess.CalledProcessError as e: + print(f"Error generating certificate for user: {username}") + print(f"Return code: {e.returncode}") + print(f"Stderr: {e.stderr}") + return + + # Step 2: Verify that all required files exist for f in [ca_path, ta_path, client_crt_path, client_key_path]: if not os.path.isfile(f): - print(f"Error: Cannot read file '{f}'.") + print(f"Error: Cannot read file '{f}'. File not found after generation.") return - # Read the content of the files + # Step 3: Read the content of the files try: with open(ca_path, 'r') as f: ca_content = f.read() @@ -37,7 +61,7 @@ def generate_client_config(username: str): print(f"Error reading files: {e}") return - # Assemble the .ovpn configuration + # Step 4: Assemble the .ovpn configuration ovpn_config = f""" client dev tun @@ -71,19 +95,25 @@ verb 3 key-direction 1 """ - # Write the configuration to the output file + # Step 5: Write the configuration to the output file try: - # Ensure the output directory exists output_dir = os.path.dirname(output_path) - if not os.path.exists(output_dir): - # This part is tricky because of permissions. - # For now, we assume the directory exists. - # On a real server, this would be handled by deployment scripts. - pass + # Check if dir exists and if we have write permission + if not os.path.isdir(output_dir) or not os.access(output_dir, os.W_OK): + print(f"Error: Output directory '{output_dir}' does not exist or is not writable.") + print("Please ensure you have the correct permissions to write to this directory.") + # As a fallback, save to a local directory + local_output_dir = "generated-clients" + if not os.path.exists(local_output_dir): + os.makedirs(local_output_dir) + local_output_path = os.path.join(local_output_dir, f"{username}.ovpn") + with open(local_output_path, 'w') as f: + f.write(ovpn_config) + print(f"Could not write to server path. Saved config locally to: {local_output_path}") + return with open(output_path, 'w') as f: f.write(ovpn_config) print(f"Successfully generated client config: {output_path}") except IOError as e: - print(f"Error writing to file: {e}") - + print(f"Error writing to file: {e}") \ No newline at end of file