You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. #!/bin/bash
  2. if [ $# -ne 3 ]
  3. then
  4. echo "Usage: mkclient clientname password vpn" 1>&2
  5. echo "password can be -p to show prompt" 1>&2
  6. exit 1
  7. fi
  8. pass="$2"
  9. vpn="$3"
  10. clientname="$1-${vpn}"
  11. vpn="vpn_${vpn}"
  12. if [ ! -d "/etc/openvpn/${vpn}" ]
  13. then
  14. echo "VPN does not exists" 1>&2
  15. exit 2
  16. fi
  17. if [ $(echo "${clientname}" | grep -c -E "^[a-zA-Z0-9\._\-]+$") != 1 ]
  18. then
  19. echo "Invalid client name"
  20. exit 3
  21. fi
  22. cd "/etc/openvpn/${vpn}/easy-rsa/keys"
  23. clientsdir="/etc/openvpn/${vpn}/clients/"
  24. clientdir="$clientsdir${clientname}/"
  25. clientslinkdir="/var/vpn/${vpn}/"
  26. if [ -a "${clientname}.crt" ] || [ -a "${clientname}.csr" ] || [ -a "${clientname}.key" ] || [ -d $clientdir ]
  27. then
  28. echo "Client ${clientname} already exists or is revoked"
  29. exit 4
  30. fi
  31. if [ "${pass}" == "-p" ]
  32. then
  33. echo -n "Password: "
  34. read -s pass
  35. fi
  36. cd ..
  37. source ./vars
  38. KEY_CN="${clientname}" KEY_NAME="${clientname}" ./pkitool ${clientname}
  39. ret=$?
  40. if [ $ret != 0 ]
  41. then
  42. echo "pkitool exited with code $ret"
  43. exit 5
  44. fi
  45. cd keys
  46. echo "Copying generated files"
  47. mkdir -p $clientdir
  48. cp "${clientname}.crt" "$clientdir/${clientname}-${vpn}.crt"
  49. cp "${clientname}.key" "$clientdir/${clientname}-${vpn}.key"
  50. echo "Copying ca and ta"
  51. cd "/etc/openvpn/${vpn}"
  52. cp ca.crt "$clientdir/ca-${vpn}.crt"
  53. cp ta.key "$clientdir/ta-${vpn}.key"
  54. echo "Creating client-${vpn}.conf"
  55. cd $clientsdir
  56. sed "s/%%client%%/${clientname}/g" client.conf > "$clientdir/${clientname}.conf"
  57. echo "Creating ${clientname}.tar.bz2"
  58. cd $clientdir
  59. tar cfj "${clientname}.tar.bz2" *
  60. echo "Creating symlink"
  61. ln -s "$clientdir${clientname}.tar.bz2" "$clientslinkdir${clientname}.tar.bz2"
  62. echo "Adding apache user"
  63. echo -e "<Files ${clientname}.tar.bz2>\n\tRequire user ${clientname} ovpn-root\n</Files>" >> $clientslinkdir'.htaccess'
  64. htpasswd -b "/var/vpn/${vpn}/.htpasswd" ${clientname} ${pass}
  65. echo "mkclient completed"
  66. exit 0