#!/bin/bash # # Get an OpenVPN client configuration file # if [ "$DEBUG" == "1" ]; then set -x fi set -e if [ -z "$OPENVPN" ]; then export OPENVPN="$PWD" fi if ! source "$OPENVPN/ovpn_env.sh"; then echo "Could not source $OPENVPN/ovpn_env.sh." exit 1 fi if [ -z "$EASYRSA_PKI" ]; then export EASYRSA_PKI="$OPENVPN/pki" fi cn="$1" parm="$2" if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then echo "Unable to find \"${cn}\", please try again or generate the key first" >&2 exit 1 fi get_client_config() { mode="$1" echo " client nobind dev tun remote-cert-tls server remote $OVPN_CN $OVPN_PORT $OVPN_PROTO " if [ "$mode" == "combined" ]; then echo " $(cat $EASYRSA_PKI/private/${cn}.key) $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt) $(cat $EASYRSA_PKI/ca.crt) $(cat $EASYRSA_PKI/dh.pem) $(cat $EASYRSA_PKI/ta.key) key-direction 1 " elif [ "$mode" == "separated" ]; then echo " key ${cn}.key ca ca.crt cert ${cn}.crt dh dh.pem tls-auth ta.key 1 $OVPN_ADDITIONAL_CLIENT_CONFIG " fi if [ "$OVPN_DEFROUTE" != "0" ];then echo "redirect-gateway def1" fi if [ -n "$OVPN_MTU" ]; then echo "tun-mtu $OVPN_MTU" fi } dir="$OPENVPN/clients/$cn" case "$parm" in "separated") mkdir -p "$dir" get_client_config "$parm" > "$dir/${cn}.ovpn" cp "$EASYRSA_PKI/private/${cn}.key" "$dir/${cn}.key" cp "$EASYRSA_PKI/ca.crt" "$dir/ca.crt" cp "$EASYRSA_PKI/issued/${cn}.crt" "$dir/${cn}.crt" cp "$EASYRSA_PKI/dh.pem" "$dir/dh.pem" cp "$EASYRSA_PKI/ta.key" "$dir/ta.key" ;; "" | "combined") get_client_config "combined" ;; "combined-save") get_client_config "combined" > "$dir/${cn}-combined.ovpn" ;; *) echo "This script can produce the client configuration in to formats:" >&2 echo " 1. combined (default): All needed configuration and cryptographic material is in one file (Use \"combined-save\" to write the configuration file in the same path as the separated parameter does)." >&2 echo " 2. separated: Separated files." >&2 echo "Please specific one of those options as second parameter." >&2 ;; esac