90 lines
2.2 KiB
Python
90 lines
2.2 KiB
Python
"""
|
|
Utility for generating OpenVPN client configuration files.
|
|
"""
|
|
|
|
import os
|
|
|
|
def generate_client_config(username: str):
|
|
"""
|
|
Generates a .ovpn file for a given user.
|
|
|
|
Args:
|
|
username: The username for which to generate the config.
|
|
"""
|
|
ca_path = "/home/arthur/openvpn-ca/pki/ca.crt"
|
|
ta_path = "/home/arthur/openvpn-ca/ta.key"
|
|
client_crt_path = f"/home/arthur/openvpn-ca/pki/issued/{username}.crt"
|
|
client_key_path = f"/home/arthur/openvpn-ca/pki/private/{username}.key"
|
|
output_path = f"/etc/openvpn/client/{username}.ovpn"
|
|
|
|
# Verify that all required files exist
|
|
for f in [ca_path, ta_path, client_crt_path, client_key_path]:
|
|
if not os.path.isfile(f):
|
|
print(f"Error: Cannot read file '{f}'.")
|
|
return
|
|
|
|
# Read the content of the files
|
|
try:
|
|
with open(ca_path, 'r') as f:
|
|
ca_content = f.read()
|
|
with open(client_crt_path, 'r') as f:
|
|
client_crt_content = f.read()
|
|
with open(client_key_path, 'r') as f:
|
|
client_key_content = f.read()
|
|
with open(ta_path, 'r') as f:
|
|
ta_content = f.read()
|
|
except IOError as e:
|
|
print(f"Error reading files: {e}")
|
|
return
|
|
|
|
# Assemble the .ovpn configuration
|
|
ovpn_config = f"""
|
|
client
|
|
dev tun
|
|
proto udp
|
|
remote 14.241.240.102 1194 # use FTP IP address
|
|
resolv-retry infinite
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
remote-cert-tls server
|
|
cipher AES-256-GCM
|
|
# push mac address info
|
|
push-peer-info
|
|
verb 3
|
|
|
|
<ca>
|
|
{ca_content}
|
|
</ca>
|
|
|
|
<cert>
|
|
{client_crt_content}
|
|
</cert>
|
|
|
|
<key>
|
|
{client_key_content}
|
|
</key>
|
|
|
|
<tls-auth>
|
|
{ta_content}
|
|
</tls-auth>
|
|
key-direction 1
|
|
"""
|
|
|
|
# Write the configuration to the output file
|
|
try:
|
|
# Ensure the output directory exists
|
|
output_dir = os.path.dirname(output_path)
|
|
if not os.path.exists(output_dir):
|
|
# This part is tricky because of permissions.
|
|
# For now, we assume the directory exists.
|
|
# On a real server, this would be handled by deployment scripts.
|
|
pass
|
|
|
|
with open(output_path, 'w') as f:
|
|
f.write(ovpn_config)
|
|
print(f"Successfully generated client config: {output_path}")
|
|
except IOError as e:
|
|
print(f"Error writing to file: {e}")
|
|
|