#!/bin/bash # Make sure script is ran as root if [[ $EUID -ne 0 ]]; then exec sudo /bin/bash "$0" "$@" fi DIR=$(pwd) for i in {1..255}; do CLIENT_NAME="client$i" if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then break fi done VPN_SUBNET=$(grep -E '^server ' "/etc/openvpn/myserver.conf" | awk '{print $2}') VPN_PUBLIC_HOST=$(grep -E '^#public-host ' "/etc/openvpn/myserver.conf" | awk '{print $2}') VPN_PUBLIC_PORT=$(grep -E '^port ' "/etc/openvpn/myserver.conf" | awk '{print $2}') echo "Adding VPN client to $VPN_PUBLIC_HOST:$VPN_PUBLIC_PORT" read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then echo Client $CLIENT_NAME already exists... exit 1 fi if grep -q "^auth-user-pass-verify" "/etc/openvpn/myserver.conf"; then read -e -p "Enter username: " -i "$CLIENT_NAME" CLIENT_USERNAME if grep -i -q "^$CLIENT_USERNAME" "/etc/openvpn/credentials"; then echo "Username $CLIENT_USERNAME already exists" exit 1 fi read -e -p "Enter password: " -i "$CLIENT_PASSWORD" CLIENT_PASSWORD CLIENT_PASSWORD_HASH=$(echo -n "$CLIENT_PASSWORD" | sha256sum | awk '{print $1}') echo "$CLIENT_USERNAME:$CLIENT_PASSWORD_HASH:$CLIENT_NAME" >> "/etc/openvpn/credentials" EXTRA_CONFIG="auth-user-pass" fi read -e -p "Use static IP for this client? VPN subnet is $VPN_SUBNET (Leave empty for dynamic): " -i "" CLIENT_IP if [ ! -z "${CLIENT_IP}" ]; then echo Setting IP... cat > "/etc/openvpn/ccd/$CLIENT_NAME" < $CLIENT_NAME.conf < $CA_CERT $CLIENT_CERT $CLIENT_KEY key-direction 1 $TA_KEY EOL