83 lines
2.2 KiB
Bash
83 lines
2.2 KiB
Bash
#!/bin/bash
|
|
# Make sure script is ran as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
exec sudo /bin/bash "$0" "$@"
|
|
fi
|
|
|
|
DIR=$(pwd)
|
|
for i in {1..255}; do
|
|
CLIENT_NAME="client$i"
|
|
if [ ! -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
|
break
|
|
fi
|
|
done
|
|
VPN_SUBNET=$(grep -E '^server ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
|
|
VPN_PUBLIC_HOST=$(grep -E '^#public-host ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
|
|
VPN_PUBLIC_PORT=$(grep -E '^port ' "/etc/openvpn/myserver.conf" | awk '{print $2}')
|
|
echo "Adding VPN client to $VPN_PUBLIC_HOST:$VPN_PUBLIC_PORT"
|
|
read -e -p "Enter client name: " -i "$CLIENT_NAME" CLIENT_NAME
|
|
if [ -f "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt" ]; then
|
|
echo Client $CLIENT_NAME already exists...
|
|
exit 1
|
|
fi
|
|
if grep -q "^auth-user-pass-verify" "/etc/openvpn/myserver.conf"; then
|
|
read -e -p "Enter username: " -i "$CLIENT_USERNAME" CLIENT_USERNAME
|
|
if grep -q "^$CLIENT_USERNAME" "/etc/openvpn/credentials"; then
|
|
echo "Username $CLIENT_USERNAME already exists"
|
|
exit 1
|
|
fi
|
|
read -e -p "Enter password: " -i "$CLIENT_PASSWORD" CLIENT_PASSWORD
|
|
CLIENT_PASSWORD_HASH=$(echo -n "$CLIENT_PASSWORD" | sha256sum | awk '{print $1}')
|
|
echo "$CLIENT_USERNAME:$CLIENT_PASSWORD_HASH:$CLIENT_NAME" >> "/etc/openvpn/credentials"
|
|
EXTRA_CONFIG = "auth-user-pass"
|
|
fi
|
|
read -e -p "Use static IP for this client? VPN subnet is $VPN_SUBNET (Leave empty for dynamic): " -i "" CLIENT_IP
|
|
if [ ! -z "${CLIENT_IP}" ]; then
|
|
echo Setting IP...
|
|
cat > "/etc/openvpn/ccd/$CLIENT_NAME" <<EOL
|
|
ifconfig-push $CLIENT_IP 255.255.255.0
|
|
EOL
|
|
fi
|
|
|
|
cd /etc/openvpn/easy-rsa
|
|
./easyrsa gen-req $CLIENT_NAME nopass
|
|
./easyrsa sign-req client $CLIENT_NAME
|
|
|
|
CA_CERT=$(cat "/etc/openvpn/ca.crt")
|
|
CLIENT_CERT=$(cat "/etc/openvpn/easy-rsa/pki/issued/$CLIENT_NAME.crt")
|
|
CLIENT_KEY=$(cat "/etc/openvpn/easy-rsa/pki/private/$CLIENT_NAME.key")
|
|
TA_KEY=$(cat "/etc/openvpn/ta.key")
|
|
|
|
cd "$DIR"
|
|
cat > $CLIENT_NAME.conf <<EOL
|
|
dev tun
|
|
persist-tun
|
|
persist-key
|
|
cipher AES-256-CBC
|
|
ncp-ciphers AES-256-GCM:AES-128-GCM
|
|
auth SHA1
|
|
tls-client
|
|
client
|
|
resolv-retry infinite
|
|
remote $VPN_PUBLIC_HOST $VPN_PUBLIC_PORT udp
|
|
remote-cert-tls server
|
|
float
|
|
verb 3
|
|
$EXTRA_CONFIG
|
|
|
|
<ca>
|
|
$CA_CERT
|
|
</ca>
|
|
<cert>
|
|
$CLIENT_CERT
|
|
</cert>
|
|
<key>
|
|
$CLIENT_KEY
|
|
</key>
|
|
key-direction 1
|
|
<tls-auth>
|
|
$TA_KEY
|
|
</tls-auth>
|
|
EOL
|
|
|