4 # Outputs the keyfiles to stdout as tar.gz
6 rm -f /tmp
/vpn-mk-client-cert.log
7 exec 2>/tmp
/vpn-mk-client-cert.log
10 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
11 shopt -s inherit_errexit
2>/dev
/null ||
: # ignore fail in bash < 4.4
13 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
21 server_dir
=/etc
/openvpn
22 if [[ -e /etc
/openvpn
/server
]]; then
23 server_dir
=/etc
/openvpn
/server
26 cafile
=$server_dir/ca-
$name.crt
28 ### begin section roughly copied from vpn-server-setup
29 rsadir
=/etc
/openvpn
/easy-rsa-
$name
30 new
=true
# newer easy-rsa version
32 $rsadir/pki
/private
/$common_name.key
33 $rsadir/pki
/issued
/$common_name.crt
35 if [[ -e /etc
/openvpn
/easy-rsa-
$name/build-ca
]]; then
38 $rsadir/keys
/$common_name.key
39 $rsadir/keys
/$common_name.crt
42 ### end section roughly copied from vpn-server-setup
44 if [[ ! -e $cafile ]]; then
45 echo error
: no cafile found
at $cafile >&2
50 for x
in ${keyfiles[@]}; do
51 if [[ ! -e $x ]]; then
59 cd /etc
/openvpn
/easy-rsa-
$name
61 .
/easyrsa build-client-full
$common_name nopass
>/dev
/null
63 source vars
>/dev
/null
65 { echo -e '\n\n\n\n\n'$common_name'\n\n\n\n\n'; sleep 2; echo -e 'y\ny\n'; } | .
/build-key
$name >/dev
/null
70 cp $server_dir/ta-
$name.key
$cafile $d
71 for f
in ${keyfiles[@]}; do
72 cp $f $d/$name.
${f##*.}