#!/bin/bash if [ $# -ne 3 ] then echo "Usage: mkclient clientname password vpn" 1>&2 echo "password can be -p to show prompt" 1>&2 exit 1 fi pass="$2" vpn="$3" clientname="$1-${vpn}" vpn="vpn_${vpn}" if [ ! -d "/etc/openvpn/${vpn}" ] then echo "VPN does not exists" 1>&2 exit 2 fi if [ $(echo "${clientname}" | grep -c -E "^[a-zA-Z0-9\._\-]+$") != 1 ] then echo "Invalid client name" exit 3 fi cd "/etc/openvpn/${vpn}/easy-rsa/keys" clientsdir="/etc/openvpn/${vpn}/clients/" clientdir="$clientsdir${clientname}/" clientslinkdir="/var/vpn/${vpn}/" if [ -a "${clientname}.crt" ] || [ -a "${clientname}.csr" ] || [ -a "${clientname}.key" ] || [ -d $clientdir ] then echo "Client ${clientname} already exists or is revoked" exit 4 fi if [ "${pass}" == "-p" ] then echo -n "Password: " read -s pass fi cd .. source ./vars KEY_CN="${clientname}" KEY_NAME="${clientname}" ./pkitool ${clientname} ret=$? if [ $ret != 0 ] then echo "pkitool exited with code $ret" exit 5 fi cd keys echo "Copying generated files" mkdir -p $clientdir cp "${clientname}.crt" "$clientdir/${clientname}-${vpn}.crt" cp "${clientname}.key" "$clientdir/${clientname}-${vpn}.key" echo "Copying ca and ta" cd "/etc/openvpn/${vpn}" cp ca.crt "$clientdir/ca-${vpn}.crt" cp ta.key "$clientdir/ta-${vpn}.key" echo "Creating client-${vpn}.conf" cd $clientsdir sed "s/%%client%%/${clientname}/g" client.conf > "$clientdir/${clientname}.conf" echo "Creating ${clientname}.tar.bz2" cd $clientdir tar cfj "${clientname}.tar.bz2" * echo "Creating symlink" ln -s "$clientdir${clientname}.tar.bz2" "$clientslinkdir${clientname}.tar.bz2" echo "Adding apache user" echo -e "\n\tRequire user ${clientname} ovpn-root\n" >> $clientslinkdir'.htaccess' htpasswd -b "/var/vpn/${vpn}/.htpasswd" ${clientname} ${pass} echo "mkclient completed" exit 0