container-openvpn/bin/ovpn_getclient
Kyle Manna 4728990da3 ovpn_getclient: Verify server certificate
* Verify the server's certificate to avoid MITM attacks
2014-06-04 15:38:49 -07:00

50 lines
661 B
Bash
Executable File

#!/bin/sh
#
# Get an OpenVPN client configuration file
#
set -ex
cn=$1
if [ -z "$cn" ]; then
echo "Common name not specified"
exit 1
fi
if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
easyrsa build-server-full $cn nopass
fi
servername=$(cat $OPENVPN/servername)
cat <<EOF
client
nobind
dev tun
redirect-gateway def1
remote-cert-tls server
<key>
$(cat $EASYRSA_PKI/private/$cn.key)
</key>
<cert>
$(cat $EASYRSA_PKI/issued/$cn.crt)
</cert>
<ca>
$(cat $EASYRSA_PKI/ca.crt)
</ca>
<dh>
$(cat $EASYRSA_PKI/dh.pem)
</dh>
<tls-auth>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
key-direction 1
<connection>
remote $servername 1194 udp
</connection>
EOF