2022-07-07 12:44:39 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
#
|
|
|
|
# Initialize the EasyRSA PKI
|
|
|
|
#
|
|
|
|
|
|
|
|
if [ "$DEBUG" == "1" ]; then
|
|
|
|
set -x
|
|
|
|
fi
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
if [ -z "$OPENVPN" ]; then
|
|
|
|
export OPENVPN="$PWD"
|
|
|
|
fi
|
|
|
|
|
|
|
|
[ -f $OPENVPN/server ] || { echo "Missing OpenVPN server setup!"; exit 1; }
|
|
|
|
|
|
|
|
cn="$1"
|
|
|
|
server="$(cat $OPENVPN/server)"
|
|
|
|
|
|
|
|
# generate client cert
|
|
|
|
if [ -f "$EASYRSA_PKI/issued/${cn}.crt" ]; then
|
|
|
|
echo "Certificate for \"${cn}\" already exists !" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2024-11-18 17:10:30 +00:00
|
|
|
# Ensure folders exist
|
|
|
|
mkdir -p $OPENVPN/pki/reqs $OPENVPN/pki/issued $OPENVPN/pki/certs_by_serial $OPENVPN/otp $OPENVPN/ccd
|
|
|
|
|
2023-04-03 09:45:22 +00:00
|
|
|
cat << EOF | easyrsa build-client-full "$cn" nopass
|
|
|
|
yes
|
|
|
|
EOF
|
2022-07-07 12:44:39 +00:00
|
|
|
|
|
|
|
# Skip confirmation if not running in interctive mode. Essential for integration tests.
|
|
|
|
google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
|
|
|
|
-l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q
|