zdt-openvpn/bin/ovpn_create_client

38 lines
885 B
Plaintext
Raw Permalink Normal View History

#!/bin/bash
#
# Initialize the EasyRSA PKI
#
if [ "$DEBUG" == "1" ]; then
set -x
fi
set -e
if [ -z "$OPENVPN" ]; then
export OPENVPN="$PWD"
fi
[ -f $OPENVPN/server ] || { echo "Missing OpenVPN server setup!"; exit 1; }
cn="$1"
server="$(cat $OPENVPN/server)"
# generate client cert
if [ -f "$EASYRSA_PKI/issued/${cn}.crt" ]; then
echo "Certificate for \"${cn}\" already exists !" >&2
exit 1
fi
# Ensure folders exist
mkdir -p $OPENVPN/pki/reqs $OPENVPN/pki/issued $OPENVPN/pki/certs_by_serial $OPENVPN/otp $OPENVPN/ccd
2023-04-03 09:45:22 +00:00
cat << EOF | easyrsa build-client-full "$cn" nopass
yes
EOF
# Skip confirmation if not running in interctive mode. Essential for integration tests.
google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
-l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q