Create a new openvpn client

openvpn-new-client.sh

#!/bin/bash
# Create client for OpenVPN using easy-rsa
# create p12 certificate

PREFIX=lu
BASE_DIR="/etc/openvpn"
DEST_DIR="$BASE_DIR/clients"
EASY_DIR="$BASE_DIR/easy-rsa"

if [ "$#" -ne 1 ]; then
    echo "Illegal number of parameters. Please provide client name"
    exit 1
fi
NAME="${PREFIX}_${1}"
echo "Creating $NAME ..."

cd $EASY_DIR
source vars

./build-key "$NAME"
mv keys/$NAME.* $DEST_DIR

# create p12 certificate (for some clients)
cd $DEST_DIR
openssl pkcs12 -export -in $NAME.crt -inkey $NAME.key -certfile ../ca.crt -name $NAME -out $NAME.p12

echo 
echo Copy the required certificates to the particular machine/device (server or client)
echo
echo    The public ca.crt certificate is needed on all servers and clients
echo    The private ca.key key is secret and only needed on the key generating machine
echo    A server needs server.crt, dh2048.pem (public), server.key and ta.key (private)
echo    A client needs client.crt (public), client.key and ta.key (private)