-
-
Save laurenorsini/10013430 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
# Default Variable Declarations | |
DEFAULT="Default.txt" | |
FILEEXT=".ovpn" | |
CRT=".crt" | |
KEY=".3des.key" | |
CA="ca.crt" | |
TA="ta.key" | |
#Ask for a Client name | |
echo "Please enter an existing Client Name:" | |
read NAME | |
#1st Verify that client’s Public Key Exists | |
if [ ! -f $NAME$CRT ]; then | |
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT" | |
exit | |
fi | |
echo "Client’s cert found: $NAME$CR" | |
#Then, verify that there is a private key for that client | |
if [ ! -f $NAME$KEY ]; then | |
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY" | |
exit | |
fi | |
echo "Client’s Private Key found: $NAME$KEY" | |
#Confirm the CA public key exists | |
if [ ! -f $CA ]; then | |
echo "[ERROR]: CA Public Key not found: $CA" | |
exit | |
fi | |
echo "CA public Key found: $CA" | |
#Confirm the tls-auth ta key file exists | |
if [ ! -f $TA ]; then | |
echo "[ERROR]: tls-auth Key not found: $TA" | |
exit | |
fi | |
echo "tls-auth Private Key found: $TA" | |
#Ready to make a new .opvn file - Start by populating with the | |
default file | |
cat $DEFAULT > $NAME$FILEEXT | |
#Now, append the CA Public Cert | |
echo "<ca>" >> $NAME$FILEEXT | |
cat $CA >> $NAME$FILEEXT | |
echo "</ca>" >> $NAME$FILEEXT | |
#Next append the client Public Cert | |
echo "<cert>" >> $NAME$FILEEXT | |
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT | |
echo "</cert>" >> $NAME$FILEEXT | |
#Then, append the client Private Key | |
echo "<key>" >> $NAME$FILEEXT | |
cat $NAME$KEY >> $NAME$FILEEXT | |
echo "</key>" >> $NAME$FILEEXT | |
#Finally, append the TA Private Key | |
echo "<tls-auth>" >> $NAME$FILEEXT | |
cat $TA >> $NAME$FILEEXT | |
echo "</tls-auth>" >> $NAME$FILEEXT | |
echo "Done! $NAME$FILEEXT Successfully Created." | |
#Script written by Eric Jodoin | |
\ No newline at end of file |
Hi Lauren and others
Thank you very much for your code and tutorial!!!
I was not able to get OpenVPN working on a new Jessie install, but did find an auto-install fork (not actually a fork, but which credits your work). I ran it and it performs the install, server cert and client cert. I thought you and others may be interested in this approach, so I am linking to it here:
https://github.com/StarshipEngineer/OpenVPN-Setup
Thanks
Commented out 2 lines that kept throwing an error.
https://gist.github.com/Trumpy/9a1326a2992028a5a8e3
just followed this, i think using the latest script posted by trumpy
got "PolarSSL cert certificate is undefined" from my iphone
its because my Default.txt file needed a line break at the end (Or another script update)
basically <ca>
needs to be on its own line in the ovpn file
This is what got me passed the ta.key not found problem. Little weary that the first part of the installation did not do something it should of, but now I have a .ovpn file.
For some reason I did not have a ta.key file in the first place so I ran this
openvpn --genkey --secret /etc/openvpn/easy-rsa/keys
this will create the ta.key...
Using the scripts changes from coolaj86 and running the script from /etc/openvpn/easy-rsa/keys worked.
It created my .ovpn file.
On to the next step, hope that helps...
How would I make this so I am able to use my VPN from any outside network?
I'm getting ta.key not found, this error exactly: [ERROR]: tls-auth Key not found: ta.key
I think in the line 46 a "#" is missing.
@riazarbi
It was step 5 that did if for you. If you weren't in the right directory, it wouldn't be able to find those files since the script is set up to look in the current working directory only for those files. You could hardcode the full path if you wanted to be able to run the script from elsewhere.