update for multiple servers on one host

[vpn-setup] / vpn-mk-client-cert

diff --git a/vpn-mk-client-cert b/vpn-mk-client-cert
index f4e5762d78c52024dfad15245960599140c813a6..1aa9b4166aca033059b65b25328c829a68677b15 100755 (executable)
--- a/vpn-mk-client-cert
+++ b/vpn-mk-client-cert
@@ -101,6 +101,8 @@ if ! ssh root@$host bash -s -- $name $common_name < client-cert-helper \
   exit 1
 fi
 
+port=$(echo '/^port/ {print $2}' | ssh root@$host awk -f - /etc/openvpn/server/$name.conf | tail -n1)
+
 
 f=/etc/openvpn/client/$name.crt
 if ! $shell "test -s $f"; then
@@ -115,24 +117,18 @@ $shell "dd of=/etc/openvpn/client/$name.conf" <<EOF
 client
 dev tun
 proto udp
-remote $host 1194
+remote $host $port
 resolv-retry infinite
 nobind
 persist-key
 persist-tun
-ca $name-ca.crt
+ca ca-$name.crt
 cert $name.crt
 key $name.key
 # disabled for better performance
 #comp-lzo
 verb 3
 
-# This script will update local dns
-# to what the server sends, if it sends dns.
-script-security 2
-up "$script"
-down "$script"
-
 # matching server config
 cipher AES-256-CBC
 
@@ -148,12 +144,22 @@ persist-key
 # The minimum of the client & server config is what is used by openvpn.
 reneg-sec 432000
 
-tls-auth $name-ta.key 1
+tls-auth ta-$name.key 1
 EOF
 
-if [[ $client_host ]] && $custom_script; then
-  $shell "dd of=$script" <$script
-  $shell "chmod +x $script"
+if [[ $script ]]; then
+  $shell "tee -a /etc/openvpn/client/$name.conf" <<EOF
+# This script will update local dns
+# to what the server sends, if it sends dns.
+script-security 2
+up "$script"
+down "$script"
+EOF
+
+  if [[ $client_host ]] && $custom_script; then
+    $shell "dd of=$script" <$script
+    $shell "chmod +x $script"
+  fi
 fi
 
 $shell 'cd /etc/openvpn; for f in client/*; do ln -sf $f .; done'