summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c34b9b4)
raw | patch | inline | side by side (parent: c34b9b4)
| author | Ian Kelling <iank@fsf.org> | |
| Mon, 31 Aug 2020 19:37:31 +0000 (15:37 -0400) | ||
| committer | Ian Kelling <iank@fsf.org> | |
| Mon, 31 Aug 2020 19:37:31 +0000 (15:37 -0400) |
| client-cert-helper | patch | blob | history | |
| vpn-mk-client-cert | patch | blob | history |
diff --git a/client-cert-helper b/client-cert-helper
index 6589c40b15f1f243a18d0b724afb18b7384b57b6..40078aad9562c5a84ac0f6e6f422e2fcca7dee5d 100755 (executable)
--- a/client-cert-helper
+++ b/client-cert-helper
rm -f /tmp/vpn-mk-client-cert.log
exec 2>/tmp/vpn-mk-client-cert.log
+date >&2
+
name=$1
common_name=$2
diff --git a/vpn-mk-client-cert b/vpn-mk-client-cert
index 1aa9b4166aca033059b65b25328c829a68677b15..baecdf1cf30b5ee5539b8829db9e4cd4aa7e9705 100755 (executable)
--- a/vpn-mk-client-cert
+++ b/vpn-mk-client-cert
cat <<'EOF'
usage: ${0##*/} VPN_SERVER_HOST
--b COMMON_NAME By default, use $HOSTNAME or $CLIENT_HOST. If the cert
- already exists on the server, with the CLIENT_NAME
- name, we use the existing one. See comment below if we
- ever want to check existing common names. They must be
- unique per server, so you can use $(uuidgen) if
- needed. You used to be able to create multiple with the
- same name, but not connect at the same time, but now,
- the generator keeps track, so you can't generate.
--c CLIENT_HOST default is localhost. Else we ssh to root@CLIENT_HOST
+-b COMMON_NAME By default, use $CLIENT_HOST or if it is not given,
+ $HOSTNAME. If the cert already exists on the server,
+ with the CLIENT_NAME name, we use the existing one. See
+ comment below if we ever want to check existing common
+ names. They must be unique per server, so you can use
+ $(uuidgen) if needed. You used to be able to create
+ multiple with the same name, but not connect at the
+ same time, but now, the generator keeps track, so you
+ can't generate.
+
+-c CLIENT_HOST Default is localhost. Else we ssh to root@CLIENT_HOST.
-n CONFIG_NAME default is client
-s SCRIPT_PATH Use custom up/down script at SCRIPT_PATH. copied to same path
on client, if client is not localhost.
####### end command line parsing and checking ##############
-
# bash or else we get motd spam. note sleep 2, sleep 1 failed.
+$shell '[[ -e /etc/openvpn ]] || apt install openvpn'
if ! ssh root@$host bash -s -- $name $common_name < client-cert-helper \
| $shell 'id -u | grep -xF 0 || s=sudo; $s tar xzv -C /etc/openvpn/client'; then
echo ssh root@$host cat /tmp/vpn-mk-client-cert.log: