-f Force. Proceed even if cert already exists.
-n CONFIG_NAME default is client
-o SERVER_CONFIG_NAME Default is CONFIG_NAME
--r Install certs to the current directory instead of /etc/openvpn
+-r Install certs to the current directory instead of /etc/openvpn/client
-s SCRIPT_PATH Use custom up/down script at SCRIPT_PATH. If client host is
not localhost, the script is copied to it. The default
script used to be /etc/openvpn/update-resolv-conf, but now
keydir=/etc/openvpn/client
fi
-port=$(echo '/^port/ {print $2}' | ssh $ssh_arg root@$host awk -f - /etc/openvpn/server/$name.conf | tail -n1)
+if ! $force; then
+ cert_to_test=$f
+ if [[ $client_host ]]; then
+ cert_to_test=$(mktemp)
+ ssh $ssh_arg root@$client_host cat $f 2>/dev/null >$cert_to_test ||:
+ fi
+ if openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in $cert_to_test &>/dev/null; then
+ if [[ $client_host ]]; then
+ prefix="$shell"
+ fi
+ if $prefix test -s $keydir/ta-$name.key -a -s $keydir/ca-$name.crt; then
+ echo "$0: cert already exists. exiting early"
+ exit 0
+ fi
+ fi
+fi
+
+port=$(echo '/^port/ {print $2}' | ssh $ssh_arg root@$host awk -f - /etc/openvpn/server/$name.conf | tail -n1)
$shell "dd of=$keydir/$name.conf" <<EOF
# From example config, from debian stretch to buster
$shell 'cd /etc/openvpn; for f in client/*; do ln -sf $f .; done'
fi
-cert_to_test=$f
-if [[ $client_host ]]; then
- cert_to_test=$(mktemp)
- ssh $ssh_arg root@$client_host cat $f 2>/dev/null >$cert_to_test ||:
-fi
-if ! $force && openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in $cert_to_test &>/dev/null; then
- if [[ $client_host ]]; then
- prefix="$shell"
- fi
- if $prefix test -s $keydir/ta-$name.key -a -s $keydir/ca-$name.crt; then
- echo "$0: cert already exists. exiting early"
- fi
- exit 0
-fi
-
if ! $rel; then
dirarg="-C $keydir"
fi
iankelling.org / git / vpn-setup / blobdiff