#!/bin/bash # # Initialize the EasyRSA PKI # if [ "$DEBUG" == "1" ]; then set -x fi set -e if [ -z "$OPENVPN" ]; then export OPENVPN="$PWD" fi [ -f $OPENVPN/server ] || { echo "Missing OpenVPN server setup!"; exit 1; } cn="$1" server="$(cat $OPENVPN/server)" # generate client cert if [ -f "$EASYRSA_PKI/issued/${cn}.crt" ]; then echo "Certificate for \"${cn}\" already exists !" >&2 exit 1 fi easyrsa build-client-full "$cn" nopass 1>/dev/null 2>&1 # Generate OpenVPN users via google authenticator # Skip confirmation if not running in interctive mode. Essential for integration tests. google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ -l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q