iankelling.org / git / vpn-setup / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
minor improvements
[vpn-setup] / client-cert-helper
1 #!/bin/bash
2 set -eE -o pipefail
3
4 # Outputs the keyfiles to stdout as tar.gz
5
6 rm -f /tmp/vpn-mk-client-cert.log
7 exec 2>/tmp/vpn-mk-client-cert.log
8
9 date >&2
10
11 name=$1
12 common_name=$2
13
14 echo common_name=$common_name >&2
15
16 server_dir=/etc/openvpn
17 if [[ -e /etc/openvpn/server ]]; then
18 server_dir=/etc/openvpn/server
19 fi
20
21 cafile=$server_dir/ca-$name.crt
22
23 ### begin section roughly copied from vpn-server-setup
24 rsadir=/etc/openvpn/easy-rsa-$name
25 new=true
26 keyfiles=(
27 $rsadir/pki/private/$common_name.key
28 $rsadir/pki/issued/$common_name.crt
29 )
30 if [[ -e /etc/openvpn/easy-rsa-$name/build-ca ]]; then
31 new=false
32 keyfiles=(
33 $rsadir/keys/$common_name.key
34 $rsadir/keys/$common_name.crt
35 )
36 fi
37 ### end section roughly copied from vpn-server-setup
38
39 if [[ ! -e $cafile ]]; then
40 echo error: no cafile found at $cafile >/tmp/errors
41 exit 1
42 fi
43
44 exists=true
45 for x in ${keyfiles[@]}; do
46 if [[ ! -e $x ]]; then
47 exists=false
48 break
49 fi
50 done
51
52
53 if ! $exists; then
54 cd /etc/openvpn/easy-rsa-$name
55 if $new; then
56 ./easyrsa build-client-full $common_name nopass >/dev/null
57 else
58 source vars >/dev/null
59
60 { echo -e '\n\n\n\n\n'$common_name'\n\n\n\n\n'; sleep 2; echo -e 'y\ny\n'; } | ./build-key $name >/dev/null
61 fi
62 fi
63
64 d=$(mktemp -d)
65 cp $server_dir/ta-$name.key $cafile $d
66 for f in ${keyfiles[@]}; do
67 cp $f $d/$name.${f##*.}
68 done
69
70 tar cz -C $d .
71 rm -rf $d
Setup openvpn client & server