forked from kylemanna/docker-openvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ovpn_getclient
executable file
·132 lines (115 loc) · 2.91 KB
/
ovpn_getclient
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
#
# Get an OpenVPN client configuration file
#
if [ "$DEBUG" == "1" ]; then
set -x
fi
set -e
if [ -z "$OPENVPN" ]; then
export OPENVPN="$PWD"
fi
if ! source "$OPENVPN/ovpn_env.sh"; then
echo "Could not source $OPENVPN/ovpn_env.sh."
exit 1
fi
if [ -z "$EASYRSA_PKI" ]; then
export EASYRSA_PKI="$OPENVPN/pki"
fi
cn="$1"
parm="$2"
if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
echo "Unable to find \"${cn}\", please try again or generate the key first" >&2
exit 1
fi
get_client_config() {
mode="$1"
echo "
client
nobind
dev $OVPN_DEVICE
remote-cert-tls server
remote $OVPN_CN $OVPN_PORT $OVPN_PROTO"
if [ "$OVPN_PROTO" == "udp6" ]; then
echo "remote $OVPN_CN $OVPN_PORT udp"
fi
if [ "$OVPN_PROTO" == "tcp6" ]; then
echo "remote $OVPN_CN $OVPN_PORT tcp"
fi
for i in "${OVPN_EXTRA_CLIENT_CONFIG[@]}"; do
echo "$i"
done
if [ "$mode" == "combined" ]; then
echo "
<key>
$(cat $EASYRSA_PKI/private/${cn}.key)
</key>
<cert>
$(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt)
</cert>
<ca>
$(cat $EASYRSA_PKI/ca.crt)
</ca>
key-direction 1
<tls-auth>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
"
elif [ "$mode" == "separated" ]; then
echo "
key ${cn}.key
ca ca.crt
cert ${cn}.crt
tls-auth ta.key 1
"
fi
if [ "$OVPN_DEFROUTE" != "0" ];then
echo "redirect-gateway def1"
fi
if [ -n "$OVPN_MTU" ]; then
echo "tun-mtu $OVPN_MTU"
fi
if [ -n "$OVPN_TLS_CIPHER" ]; then
echo "tls-cipher $OVPN_TLS_CIPHER"
fi
if [ -n "$OVPN_CIPHER" ]; then
echo "cipher $OVPN_CIPHER"
fi
if [ -n "$OVPN_AUTH" ]; then
echo "auth $OVPN_AUTH"
fi
if [ -n "$OVPN_OTP_AUTH" ]; then
echo "auth-user-pass"
echo "auth-nocache"
fi
if [ "$OVPN_COMP_LZO" == "1" ]; then
echo "comp-lzo"
fi
if [ -n "$OVPN_OTP_AUTH" ]; then
echo reneg-sec 0
fi
}
dir="$OPENVPN/clients/$cn"
case "$parm" in
"separated")
mkdir -p "$dir"
get_client_config "$parm" > "$dir/${cn}.ovpn"
cp "$EASYRSA_PKI/private/${cn}.key" "$dir/${cn}.key"
cp "$EASYRSA_PKI/ca.crt" "$dir/ca.crt"
cp "$EASYRSA_PKI/issued/${cn}.crt" "$dir/${cn}.crt"
cp "$EASYRSA_PKI/ta.key" "$dir/ta.key"
;;
"" | "combined")
get_client_config "combined"
;;
"combined-save")
mkdir -p "$dir"
get_client_config "combined" > "$dir/${cn}-combined.ovpn"
;;
*)
echo "This script can produce the client configuration in two formats:" >&2
echo " 1. combined (default): All needed configuration and cryptographic material is in one file (Use \"combined-save\" to write the configuration file in the same path as the separated parameter does)." >&2
echo " 2. separated: Separated files." >&2
echo "Please specify one of those options as second parameter." >&2
;;
esac