67 lines
1.4 KiB
Bash
67 lines
1.4 KiB
Bash
# Make sure script is ran as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
exec sudo /bin/bash "$0" "$@"
|
|
fi
|
|
|
|
DIR=$(pwd)
|
|
for i in {1..255}; do
|
|
CLIENT_NAME="client$i"
|
|
if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
|
break
|
|
fi
|
|
done
|
|
read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME
|
|
if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
|
echo Client $CLIENT_NAME already exists...
|
|
exit 1
|
|
fi
|
|
VPN_SUBNET=$(grep -E '^server ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
|
|
read -e -p "Use static IP for this client? VPN subnet is $VPN_SUBNET (Leave empty for dynamic): " -i "" CLIENT_IP
|
|
if [ ! -z "${CLIENT_IP}" ]; then
|
|
echo Setting IP...
|
|
cat > "/etc/openvpn/ccd/$CLIENT_NAME" <<EOL
|
|
ifconfig-push $CLIENT_IP 255.255.255.0
|
|
EOL
|
|
fi
|
|
|
|
cd /etc/openvpn/easy-rsa
|
|
./easyrsa gen-req $CLIENT_NAME nopass
|
|
./easyrsa sign-req client $CLIENT_NAME
|
|
|
|
CA_CERT=$(cat "/etc/openvpn/ca.crt")
|
|
CLIENT_CERT=$(cat "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt")
|
|
CLIENT_KEY=$(cat "/etc/openvpn/easy-rsa/pki/private/$CLIENT_NAME.key")
|
|
TA_KEY=$(cat "/etc/openvpn/ta.key")
|
|
|
|
cd "$DIR"
|
|
cat > $CLIENT_NAME.conf <<EOL
|
|
dev tun
|
|
persist-tun
|
|
persist-key
|
|
cipher AES-256-CBC
|
|
ncp-ciphers AES-256-GCM:AES-128-GCM
|
|
auth SHA1
|
|
# tls-client
|
|
client
|
|
resolv-retry infinite
|
|
remote home.myspace.nu 1294 udp
|
|
# remote-cert-tls server
|
|
float
|
|
verb 3
|
|
|
|
<ca>
|
|
$CA_CERT
|
|
</ca>
|
|
<cert>
|
|
$CLIENT_CERT
|
|
</cert>
|
|
<key>
|
|
$CLIENT_KEY
|
|
</key>
|
|
key-direction 1
|
|
<tls-auth>
|
|
$TA_KEY
|
|
</tls-auth>
|
|
EOL
|
|
|