Created
May 4, 2016 10:36
-
-
Save selankon/9329358a39fd3a6008e417d72c920644 to your computer and use it in GitHub Desktop.
Create OVPN client and configuration file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script create a client and his .ovpn file | |
| # Works on easy-rsa v3.0.0, in the easy-rsa root folder. | |
| # 1- Create certificate protected or not for password | |
| # 2- Sign it | |
| # 3- Encrypt or not the certificate using 3des | |
| # 4- Creates the ovpn file | |
| # Default Variable Declarations | |
| FILEEXT=".ovpn" | |
| CRT=".crt" | |
| KEY=".key" | |
| PKI="pki/" | |
| DEFAULT=$PKI"Default.txt" | |
| CA=$PKI"ca.crt" | |
| TA=$PKI"ta.key" | |
| ISS=$PKI"issued/" | |
| PRIV=$PKI"private/" | |
| echo "pki default: $DEFAULT" | |
| #Ask for a Client name | |
| echo "Please enter a new Client Name:" | |
| read NAME | |
| #Ask for nopass option | |
| echo "Set certificate protected by a password? (yes)" | |
| read NOPASS | |
| #1st Verify that client’s Public Key Exists | |
| if [ $NOPASS = "yes" ]; then | |
| ./easyrsa gen-req $NAME | |
| else | |
| ./easyrsa gen-req $NAME nopass | |
| fi | |
| echo "Gen req created" | |
| echo "++++++++++++++++++++++++++" | |
| echo "++++++++ Sign Key ++++++++" | |
| echo "++++++++++++++++++++++++++" | |
| ./easyrsa sign-req client $NAME | |
| echo "++++++++++++++++++++++++++++++++" | |
| echo "Encrypting certificate with 3des" | |
| echo "++++++++++++++++++++++++++++++++" | |
| echo "\n Do you want to encrypt the certificate with 3des algo? (write yes)" | |
| read DES | |
| if [ $DES = "yes" ]; then | |
| openssl rsa -in $PRIV$NAME.key -des3 -out $PRIV$NAME.3des.key | |
| KEY=".3des.key" | |
| fi | |
| echo "+++++++++++++++++++++++++" | |
| echo "Creating OVPN config file" | |
| echo "+++++++++++++++++++++++++" | |
| #Creating OVPN file | |
| #1st Verify that client’s Public Key Exists | |
| if [ ! -f $ISS$NAME$CRT ]; then | |
| echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT" | |
| exit | |
| fi | |
| echo "Client’s cert found: $ISS$NAME$CR" | |
| #Then, verify that there is a private key for that client | |
| if [ ! -f $PRIV$NAME$KEY ]; then | |
| echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY" | |
| exit | |
| fi | |
| echo "Client’s Private Key found: $PRIV$NAME$KEY" | |
| #Confirm the CA public key exists | |
| if [ ! -f $CA ]; then | |
| echo "[ERROR]: CA Public Key not found: $CA" | |
| exit | |
| fi | |
| echo "CA public Key found: $CA" | |
| #Confirm the tls-auth ta key file exists | |
| if [ ! -f $TA ]; then | |
| echo "[ERROR]: tls-auth Key not found: $TA" | |
| exit | |
| fi | |
| echo "tls-auth Private Key found: $TA" | |
| #Ready to make a new .opvn file - Start by populating with the | |
| default file | |
| cat $DEFAULT > $NAME$FILEEXT | |
| #Now, append the CA Public Cert | |
| echo "<ca>" >> $NAME$FILEEXT | |
| cat $CA >> $NAME$FILEEXT | |
| echo "</ca>" >> $NAME$FILEEXT | |
| #Next append the client Public Cert | |
| echo "<cert>" >> $NAME$FILEEXT | |
| cat $ISS$NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT | |
| echo "</cert>" >> $NAME$FILEEXT | |
| #Then, append the client Private Key | |
| echo "<key>" >> $NAME$FILEEXT | |
| cat $PRIV$NAME$KEY >> $NAME$FILEEXT | |
| echo "</key>" >> $NAME$FILEEXT | |
| #Finally, append the TA Private Key | |
| echo "<tls-auth>" >> $NAME$FILEEXT | |
| cat $TA >> $NAME$FILEEXT | |
| echo "</tls-auth>" >> $NAME$FILEEXT | |
| echo "Done! $NAME$FILEEXT Successfully Created." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment