install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

create_key_config.sh: add support for new easyrsa layout.

Browse Source
This commit is contained in:
Christoph 2019-07-16 00:07:24 +02:00
parent d325eb2a24
commit 0a8856aa4e
1 changed files with 115 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
create_key_config.sh
View File

@ -97,8 +97,52 @@ echo_skipped() {
echo -e "\033[80G[ \033[37mskipped\033[m ]" echo -e "\033[80G[ \033[37mskipped\033[m ]"
} }
detect_os_1 () {
if $(which lsb_release > /dev/null 2>&1) ; then
os_dist="$(lsb_release -i | awk '{print tolower($3)}')"
os_version="$(lsb_release -r | awk '{print tolower($2)}')"
os_codename="$(lsb_release -c | awk '{print tolower($2)}')"
if [[ "$os_dist" = "debian" ]]; then
if $(echo "$os_version" | grep -q '\.') ; then
os_version=$(echo "$os_version" | cut --delimiter='.' -f1)
fi
fi
elif [[ -e "/etc/os-release" ]]; then
. /etc/os-release
os_dist=$ID
os_version=${os_version_ID}
fi
# remove whitespace from os_dist and os_version
os_dist="${os_dist// /}"
os_version="${os_version// /}"
}
trap clean_up SIGHUP SIGINT SIGTERM trap clean_up SIGHUP SIGINT SIGTERM
#---------------------------------------
#-----------------------------
# Check some prerequisites
#-----------------------------
#---------------------------------------
# - Set variable
# - os_dist
# - os_version
# - os_codename
# -
detect_os_1
clear clear
echo "" echo ""
@ -197,6 +241,29 @@ fi
EASY_RSA_DIR="${OPENVPN_BASE_DIR}/easy-rsa" EASY_RSA_DIR="${OPENVPN_BASE_DIR}/easy-rsa"
if [[ -d "${OPENVPN_BASE_DIR}/pki" ]] ; then
EASYRSA_LAYOUT_NEW=true
else
EASYRSA_LAYOUT_NEW=false
fi
if [[ -z "$OPENVPN_KEY_DIR" ]] ; then
if $EASYRSA_LAYOUT_NEW ; then
OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/pki"
else
OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/keys"
fi
fi
if [[ -z "$OPENVPN_CCD_DIR" ]] ; then
if $EASYRSA_LAYOUT_NEW ; then
OPENVPN_CCD_DIR="${OPENVPN_BASE_DIR}/ccd"
else
OPENVPN_CCD_DIR="${OPENVPN_BASE_DIR}/ccd/server-${OPENVPN_NAME}"
fi
fi
_CA_CERT="${OPENVPN_KEY_DIR}/ca.crt"
_TA_KEY="${OPENVPN_KEY_DIR}/ta.key"
echo "" echo ""
@ -216,6 +283,23 @@ if [ -z "$NEW_KEY_NAME" ]; then
done done
fi fi
if $EASYRSA_LAYOUT_NEW ; then
_CLIENT_CERT="${OPENVPN_KEY_DIR}/issued/${KEY_CN}-${NEW_KEY_NAME}.crt"
_CLIENT_KEY="${OPENVPN_KEY_DIR}/private/${KEY_CN}-${NEW_KEY_NAME}.key"
else
_CLIENT_CERT="${OPENVPN_KEY_DIR}/${NEW_KEY_NAME}.crt"
_CLIENT_KEY="${OPENVPN_KEY_DIR}/${NEW_KEY_NAME}.key"
fi
if [[ ! -f "${_CLIENT_KEY}" ]]; then
fatal "Key for '$NEW_KEY_NAME' not found"
fi
for _name in $key_names_reserverd ; do
[[ "$_name" = "$NEW_KEY_NAME" ]] && fatal "Name '$NEW_KEY_NAME' cannot be used - its a reserved name!"
done
echo "" echo ""
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
echo "" echo ""
@ -230,14 +314,6 @@ if [[ -z "$(trim $KEY_PW)" ]] ; then
fi fi
for _name in $key_names_reserverd ; do
[[ "$_name" = "$NEW_KEY_NAME" ]] && fatal "Name '$NEW_KEY_NAME' cannot be used - its a reserved name!"
done
if [[ ! -f "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.key" ]]; then
fatal "Key '$NEW_KEY_NAME' not found!"
fi
echo "" echo ""
echo -e "\033[32m--\033[m" echo -e "\033[32m--\033[m"
@ -275,7 +351,7 @@ if getent passwd "$user_name" > /dev/null 2>&1; then
else else
fatal "User '$user_name' does not exist!" fatal "User '$user_name' does not exist!"
fi fi
target_dir="${_home_dir}/VPN" _target_dir="${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}"
clear clear
@ -285,8 +361,10 @@ echo "Create OpenVPN configuration and save also key material."
echo -e "\033[32m==========\033[m" echo -e "\033[32m==========\033[m"
echo "" echo ""
echo "Key Name ...............: $NEW_KEY_NAME" echo "Key Name ...............: $NEW_KEY_NAME"
echo "Client Key..............: $(basename "$_CLIENT_KEY")"
echo "Client Cert.............: $(basename "$_CLIENT_CERT")"
echo "Key Password............: $KEY_PW" echo "Key Password............: $KEY_PW"
echo "Target directory........: $target_dir" echo "Target directory........: $_target_dir"
info "Going to create configuration for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m.." info "Going to create configuration for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m.."
echo -n "To continue type uppercase 'YES': " echo -n "To continue type uppercase 'YES': "
@ -307,18 +385,6 @@ fi
echo "" echo ""
# ---
# - source file vars
# ---
echononl " Load configuration '${EASY_RSA_DIR}/vars'.."
source ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fi
_client_conf_dir="${OPENVPN_BASE_DIR}/client-configs" _client_conf_dir="${OPENVPN_BASE_DIR}/client-configs"
_client_conf_file="${_client_conf_dir}/${NEW_KEY_NAME}.conf" _client_conf_file="${_client_conf_dir}/${NEW_KEY_NAME}.conf"
@ -392,7 +458,7 @@ persist-tun
<ca> <ca>
EOF EOF
_file="${OPENVPN_BASE_DIR}/keys/ca.crt" _file="${_CA_CERT}"
_found=false _found=false
while IFS='' read -r line || [[ -n $line ]]; do while IFS='' read -r line || [[ -n $line ]]; do
if [[ "$line" =~ "-----BEGIN" ]] ; then if [[ "$line" =~ "-----BEGIN" ]] ; then
@ -413,7 +479,7 @@ cat << EOF >> "$_client_conf_file" 2> $log_file
<cert> <cert>
EOF EOF
_file="${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" _file="${_CLIENT_CERT}"
_found=false _found=false
while IFS='' read -r line || [[ -n $line ]]; do while IFS='' read -r line || [[ -n $line ]]; do
if [[ "$line" =~ "-----BEGIN" ]] ; then if [[ "$line" =~ "-----BEGIN" ]] ; then
@ -434,7 +500,7 @@ cat << EOF >> "$_client_conf_file" 2> $log_file
<key> <key>
EOF EOF
_file="${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.key" _file="${_CLIENT_KEY}"
_found=false _found=false
while IFS='' read -r line || [[ -n $line ]]; do while IFS='' read -r line || [[ -n $line ]]; do
if [[ "$line" =~ "-----BEGIN" ]] ; then if [[ "$line" =~ "-----BEGIN" ]] ; then
@ -483,7 +549,7 @@ key-direction 1
<tls-auth> <tls-auth>
EOF EOF
_file="${OPENVPN_BASE_DIR}/keys/ta.key" _file="${_TA_KEY}"
_found=false _found=false
while IFS='' read -r line || [[ -n $line ]]; do while IFS='' read -r line || [[ -n $line ]]; do
if [[ "$line" =~ "-----BEGIN" ]] ; then if [[ "$line" =~ "-----BEGIN" ]] ; then
@ -568,9 +634,10 @@ else
fi fi
echo "" echo ""
echononl " Create directory '$target_dir'.."
if [[ ! -d "$target_dir" ]] ; then echononl " Create directory '$(dirname "$_target_dir")'.."
mkdir "$target_dir" > $log_file 2>&1 if [[ ! -d "$(dirname "$_target_dir")" ]] ; then
mkdir "$(dirname "$_target_dir")" > $log_file 2>&1
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
else else
@ -582,58 +649,54 @@ else
fi fi
_failed=false _failed=false
echononl " Copy key material into dir '${target_dir}/${KEY_CN}-${NEW_KEY_NAME}'.." echononl " Copy key material into dir '${_target_dir}/${KEY_CN}-${NEW_KEY_NAME}'.."
if [[ -d "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" ]]; then if [[ -d "${_target_dir}" ]]; then
mv "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}.$_date" > $log_file 2>&1 mv "${_target_dir}" "${_target_dir}.$_date" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
fi fi
mkdir "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" > $log_file 2>&1 mkdir "${_target_dir}" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.key" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${_CLIENT_KEY}" "${_target_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
if [[ -n "$ORG_SHORTCUT" ]]; then if [[ -n "$ORG_SHORTCUT" ]]; then
cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${ORG_SHORTCUT}-${NEW_KEY_NAME}.conf" cp -a "$_client_conf_file" "${_target_dir}/${ORG_SHORTCUT}-$(basename $_client_conf_file)" >> $log_file 2>&1
else else
cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN/VPN-/}-${NEW_KEY_NAME}.conf" cp -a "$_client_conf_file" "${_target_dir}/${KEY_CN/VPN-/}-$(basename $_client_conf_file)" >> $log_file 2>&1
fi fi
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
#cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/client-$(basename $_client_conf_file)" cp -a "$_client_conf_file" "${_target_dir}/${KEY_CN}-${NEW_KEY_NAME}.ovpn"
#if [[ $? -ne 0 ]] ; then
# _failed=true
#fi
cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn"
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${_CLIENT_CERT}" "${_target_dir}/" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cp -a "${OPENVPN_BASE_DIR}/keys/ca.crt" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${_CA_CERT}" "${_target_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cp -a "${OPENVPN_BASE_DIR}/keys/ta.key" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${_TA_KEY}" "${_target_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cat << EOF > "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/passwd.txt" cat << EOF > "${_target_dir}/passwd.txt"
key...............: ${NEW_KEY_NAME}.key key...............: $(basename "$_CLIENT_KEY")
common name.......: ${KEY_CN}-${NEW_KEY_NAME} common name.......: $(basename "${_CLIENT_KEY%.*}")
password..........: ${KEY_PW} password..........: ${KEY_PW}
EOF EOF
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
echo "${KEY_PW}" > "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/ovpn_pass" echo "${KEY_PW}" > "${_target_dir}/ovpn_pass"
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
@ -655,8 +718,9 @@ fi
# - If the configuration file contains all keys/certs, only the configuration file # - If the configuration file contains all keys/certs, only the configuration file
# - with its suffix '.ovpn' is needed. # - with its suffix '.ovpn' is needed.
# - # -
_failed=false
echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .." echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .."
target_macos_tblk_dir="${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk" target_macos_tblk_dir="${_target_dir}/${KEY_CN}-${NEW_KEY_NAME}.tblk"
mkdir "$target_macos_tblk_dir" > $log_file 2>&1 mkdir "$target_macos_tblk_dir" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
@ -669,7 +733,7 @@ cp -a "$_client_conf_file" "${target_macos_tblk_dir}/Contents/Resources/config.o
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cd ${target_dir}/${KEY_CN}-${NEW_KEY_NAME} >> $log_file 2>&1 cd "${_target_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
@ -700,7 +764,7 @@ fi
info "Key material and OpenVPN for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m is stored at '${_home_dir}/VPN'" info "Key material and OpenVPN config for \033[37m\033[1m${NEW_KEY_NAME}\033[m is stored at '${_home_dir}/VPN'"
clean_up 0 clean_up 0