-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmakeOVPN.sh
executable file
·74 lines (61 loc) · 2.01 KB
/
makeOVPN.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".key"
CA="ca.crt"
NAME=$1
BUFFER=$2
COMP=$3
TLSAUTH=$4
CIPHERAUTH=$5
AUTH=$6
#1st Verify that client’s Public Key Exists
if [ ! -f easyrsa3/pki/issued/$NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f easyrsa3/pki/private/$NAME$KEY ]; then
echo "[ERROR]: Client Private Key not found: $NAME$KEY"
exit
fi
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the tls-key key exists
if [ "$TLSAUTH" == "ENABLED" ]; then
if [ ! -f easyrsa3/tls-auth.key ]; then
echo "[ERROR]: tls-auth Key not found: tls-auth.key"
exit
fi
fi
echo "tls-auth Key found: tls-auth.key"
#Confirm the CA public key exists
if [ ! -f easyrsa3/pki/$CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
#Ready to make a new .opvn file - Start by populating with the
#default file
cat $DEFAULT > ./client/$NAME/$NAME$FILEEXT
echo "resolv-retry infinite" >> ./client/$NAME/$NAME$FILEEXT
echo "remote-cert-tls server" >> ./client/$NAME/$NAME$FILEEXT
echo "nobind" >> ./client/$NAME/$NAME$FILEEXT
echo "ca ca.crt" >> ./client/$NAME/$NAME$FILEEXT
echo "cert "$NAME".crt" >> ./client/$NAME/$NAME$FILEEXT
echo "key "$NAME".key" >> ./client/$NAME/$NAME$FILEEXT
echo "persist-key" >> ./client/$NAME/$NAME$FILEEXT
echo "persist-tun" >> ./client/$NAME/$NAME$FILEEXT
#Confirm the CA public key exists
if [ "$TLSAUTH" == "ENABLED" ]; then
echo "tls-auth tls-auth.key 1" >> ./client/$NAME/$NAME$FILEEXT
fi
echo "sndbuf $BUFFER" >> ./client/$NAME/$NAME$FILEEXT
echo "rcvbuf $BUFFER" >> ./client/$NAME/$NAME$FILEEXT
echo "comp-lzo $COMP" >> ./client/$NAME/$NAME$FILEEXT
echo "cipher $CIPHERAUTH" >> ./client/$NAME/$NAME$FILEEXT
echo "auth $AUTH" >> ./client/$NAME/$NAME$FILEEXT
echo "verb 3" >> ./client/$NAME/$NAME$FILEEXT