openvpn客戶端證書製作
阿新 • • 發佈:2019-01-28
#!/bin/bash # name: Alenx PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin action=$1 vpn_user=$2 server_ip=10.10.0.10 ovpn_file=/tmp/$vpn_user.ovpn expect_script=/opt/alenx/vpn_expect if [ "$#" -ne 2 ];then echo "Wrong number of argvs" echo "Usage: $0 {build|revoke} username" exit 1 fi # 製作客戶端證書 build_ovpn(){ cat > $ovpn_file <<- EOF client dev tun proto udp remote $server_ip 1194 resolv-retry infinite nobind persist-key persist-tun ns-cert-type server comp-lzo verb 3 EOF echo "<ca>" >> $ovpn_file cat keys/ca.crt >> $ovpn_file echo "</ca>" >> $ovpn_file echo "<cert>" >> $ovpn_file sed -n '/-----BEGIN/,/-----END/p' keys/$vpn_user.crt >> $ovpn_file echo -e "</cert>" >> $ovpn_file echo "<key>" >> $ovpn_file cat keys/$vpn_user.key >> $ovpn_file echo "</key>" >> $ovpn_file #echo "<tls-auth>" >> $ovpn_file #cat keys/ta.key >> $ovpn_file #echo "</tls-auth>" >> $ovpn_file } case $action in build) # 建立使用者 cd /usr/share/easy-rsa/2.0 source ./vars > /dev/null 2>&1 if [[ -f keys/$vpn_user.crt || -f keys/$vpn_user.key ]];then echo "User $vpn_user already exist." exit 1 fi if [[ ! -f keys/ca.crt ]];then echo "File keys/ca.crt or keys/ta.key not found." echo "pls run ./build-ca and openvpn --genkey --secret keys/ta.key first." exit 1 fi rpm -qa | grep -q "expect" if [ $? -ne 0 ];then echo "Pls yum install expect first." exit 1 fi if [ ! -f $expect_script ];then echo "Script $expect_script not found." exit 1 fi $expect_script $vpn_user > /dev/null 2>&1 build_ovpn echo "Build $vpn_user key success." echo "Download the file $ovpn_file to your client computer" ;; revoke) # 吊銷證書 cd /usr/share/easy-rsa/2.0 source ./vars > /dev/null 2>&1 ./revoke-full $vpn_user \cp keys/crl.pem /etc/openvpn/ rm keys/$vpn_user* -f rm $ovpn_file -f ;; *) echo "Undefine action" echo "Usage: $0 {build|revoke} username" exit 1 ;; esac