adding ovpn_listclients script
This commit is contained in:
parent
98f9681d3e
commit
d3fcec15f1
45
bin/ovpn_listclients
Executable file
45
bin/ovpn_listclients
Executable file
@ -0,0 +1,45 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ -z "$OPENVPN" ]; then
|
||||||
|
export OPENVPN="$PWD"
|
||||||
|
fi
|
||||||
|
if ! source "$OPENVPN/ovpn_env.sh"; then
|
||||||
|
echo "Could not source $OPENVPN/ovpn_env.sh."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$EASYRSA_PKI" ]; then
|
||||||
|
export EASYRSA_PKI="$OPENVPN/pki"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "$EASYRSA_PKI"
|
||||||
|
|
||||||
|
if [ -e crl.pem ]; then
|
||||||
|
cat ca.crt crl.pem > cacheck.pem
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "name,begin,end,status"
|
||||||
|
for name in issued/*.crt; do
|
||||||
|
path=$name
|
||||||
|
begin=$(openssl x509 -noout -startdate -in $path | awk -F= '{ print $2 }')
|
||||||
|
end=$(openssl x509 -noout -enddate -in $path | awk -F= '{ print $2 }')
|
||||||
|
|
||||||
|
name=${name%.crt}
|
||||||
|
name=${name#issued/}
|
||||||
|
if [ "$name" != "$OVPN_CN" ]; then
|
||||||
|
if [ -e crl.pem ]; then
|
||||||
|
if openssl verify -crl_check -CAfile cacheck.pem $path &> /dev/null; then
|
||||||
|
status="VALID"
|
||||||
|
else
|
||||||
|
status="REVOKED"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
status="VALID"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$name,$begin,$end,$status"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -e crl.pem ]; then
|
||||||
|
rm cacheck.pem
|
||||||
|
fi
|
@ -9,6 +9,12 @@ The [`ovpn_getclient`](/bin/ovpn_getclient) can produce two different versions o
|
|||||||
|
|
||||||
Note that some client software might be picky about which configuration format it accepts.
|
Note that some client software might be picky about which configuration format it accepts.
|
||||||
|
|
||||||
|
## Client List
|
||||||
|
|
||||||
|
See an overview of the configured clients, including revokation status:
|
||||||
|
|
||||||
|
docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn ovpn_listclients
|
||||||
|
|
||||||
## Batch Mode
|
## Batch Mode
|
||||||
|
|
||||||
If you have more than a few clients, you will want to generate and update your client configuration in batch. For this task the script [`ovpn_getclient_all`](/bin/ovpn_getclient_all) was written, which writes out the configuration for each client to a separate directory called `clients/$cn`.
|
If you have more than a few clients, you will want to generate and update your client configuration in batch. For this task the script [`ovpn_getclient_all`](/bin/ovpn_getclient_all) was written, which writes out the configuration for each client to a separate directory called `clients/$cn`.
|
||||||
|
@ -20,6 +20,8 @@ docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CL
|
|||||||
|
|
||||||
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn
|
||||||
|
|
||||||
|
docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT
|
||||||
|
|
||||||
#
|
#
|
||||||
# Fire up the server
|
# Fire up the server
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user