2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
9 # Copyright 2024 Ian Kelling
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
15 # http://www.apache.org/licenses/LICENSE-2.0
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
25 # Outputs the keyfiles to stdout as tar.gz
27 rm -f /tmp
/vpn-mk-client-cert.log
28 exec 2>/tmp
/vpn-mk-client-cert.log
31 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
32 shopt -s inherit_errexit
2>/dev
/null ||
: # ignore fail in bash < 4.4
34 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
42 server_dir
=/etc
/openvpn
43 if [[ -e /etc
/openvpn
/server
]]; then
44 server_dir
=/etc
/openvpn
/server
47 cafile
=$server_dir/ca-
$name.crt
49 ### begin section roughly copied from vpn-server-setup
50 rsadir
=/etc
/openvpn
/easy-rsa-
$name
51 new
=true
# newer easy-rsa version
53 $rsadir/pki
/private
/$common_name.key
54 $rsadir/pki
/issued
/$common_name.crt
56 if [[ -e /etc
/openvpn
/easy-rsa-
$name/build-ca
]]; then
59 $rsadir/keys
/$common_name.key
60 $rsadir/keys
/$common_name.crt
63 ### end section roughly copied from vpn-server-setup
65 if [[ ! -e $cafile ]]; then
66 echo error
: no cafile found
at $cafile >&2
71 for x
in ${keyfiles[@]}; do
72 if [[ ! -e $x ]]; then
80 cd /etc
/openvpn
/easy-rsa-
$name
82 .
/easyrsa build-client-full
$common_name nopass
>/dev
/null
84 source vars
>/dev
/null
86 { echo -e '\n\n\n\n\n'$common_name'\n\n\n\n\n'; sleep 2; echo -e 'y\ny\n'; } | .
/build-key
$name >/dev
/null
91 cp $server_dir/ta-
$name.key
$cafile $d
92 for f
in ${keyfiles[@]}; do
93 cp $f $d/$name.
${f##*.}