install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Configuration file for MAC OS.

Browse Source
This commit is contained in:
Christoph 2018-04-17 17:18:25 +02:00
parent a1bd46c9e8
commit ebff5a557b
2 changed files with 107 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
build_key-pass.sh
View File

@ -619,6 +619,13 @@ if $_copy_to_user_home_dir ; then
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
# - Configuration for Windows OpenVPN
# -
cp -a "$_client_conf_file" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn"
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
@ -649,6 +656,50 @@ EOF
else else
echo_ok echo_ok
fi fi
# - Create a folder with suffix '.tblk' containing the openvpn configuration in
# - a subfolder 'Contents/Resources' (its MAC OS specific)
# -
# - If the configuration file contains all keys/certs, only the configuration file
# - with its suffix '.ovpn' is needed.
# -
echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .."
target_macos_tblk_dir="${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk"
mkdir "$target_macos_tblk_dir" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
mkdir -p "${target_macos_tblk_dir}/Contents/Resources" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cp -a "$_client_conf_file" "${target_macos_tblk_dir}/Contents/Resources/config.ovpn" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cd "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}"
chown -R ${user_name}:$user_name "$target_macos_tblk_dir" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
zip -r "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" \
"${KEY_CN}-${NEW_KEY_NAME}.tblk" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
chown ${user_name}:$user_name "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
rm -r "${target_macos_tblk_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
fi fi

146
create_key_config.sh
View File

@ -575,6 +575,10 @@ cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/client-$(bas
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
fi fi
cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn"
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then if [[ $? -ne 0 ]] ; then
_failed=true _failed=true
@ -606,97 +610,59 @@ else
echo_ok echo_ok
fi fi
# - Create a folder with suffix '.tblk' containing the openvpn configuration in
# - a subfolder 'Contents/Resources' (its MAC OS specific)
# -
# - If the configuration file contains all keys/certs, only the configuration file
# - with its suffix '.ovpn' is needed.
# -
echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .."
target_macos_tblk_dir="${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk"
mkdir "$target_macos_tblk_dir" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
mkdir -p "${target_macos_tblk_dir}/Contents/Resources" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cp -a "$_client_conf_file" "${target_macos_tblk_dir}/Contents/Resources/config.ovpn" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
cd ${target_dir}/${KEY_CN}-${NEW_KEY_NAME} >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
chown -R ${user_name}:$user_name "$target_macos_tblk_dir" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
zip -r "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" \
"${KEY_CN}-${NEW_KEY_NAME}.tblk" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
chown ${user_name}:$user_name "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
rm -r "${target_macos_tblk_dir}" >> $log_file 2>&1
if [[ $? -ne 0 ]] ; then
_failed=true
fi
if $_failed ; then
echo_failed
error "$(cat $log_file)"
else
echo_ok
fi
info "Key material and OpenVPN for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m is stored at '${_home_dir}/VPN'" info "Key material and OpenVPN for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m is stored at '${_home_dir}/VPN'"
clean_up 0
# ---
# - Revoke Key
# ---
echo ""
echo -e "\033[32m--\033[m"
echo "Revoke Key ${NEW_KEY_NAME}.key .."
echo -e "\033[32m--\033[m"
echo ""
echononl "Change into key directory '$KEY_DIR'.."
cd "$KEY_DIR" > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl "Set Defaults .."
CRL="crl.pem"
RT="revoke-test.pem"
export KEY_CN=""
export KEY_OU=""
export KEY_NAME=""
echo_ok
echononl "Remove file '$RT'.."
rm -f "$RT" > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl "Revoke key ${NEW_KEY_NAME}.key and update data base .."
$OPENSSL ca -revoke "${NEW_KEY_NAME}.crt" -config "$KEY_CONFIG" > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
echononl "Generate a new CRL -- try to be compatible with intermediate PKIs"
$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" > "$log_file" 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
fatal "$(cat $log_file)"
fi
# ---
# - Check if Revokation was sucessfully.
# ---
echo ""
echo -e "\033[32m--\033[m"
echo "Check if Revokation of Key ${NEW_KEY_NAME} was sucessfully.."
echo -e "\033[32m--\033[m"
echo ""
echononl "Create CA file '$RT' from $CRL to check against.."
if [ -e export-ca.crt ]; then
cat export-ca.crt "$CRL" >"$RT" 2> "$log_file"
_retval=$?
else
cat ca.crt "$CRL" >"$RT" 2> "$log_file"
_retval=$?
fi
if [[ $_retval -eq 0 ]]; then
echo_ok
else
echo_failed
error "$(cat $log_file)"
fatal "Verifying the revocation is not possible!"
fi
echononl "Verify the revocation.."
$OPENSSL verify -CAfile "$RT" -crl_check "${NEW_KEY_NAME}.crt" > "$log_file" 2>&1
if [[ $? -eq 2 ]]; then
echo_ok
info "Key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m successfully revoked."
else
echo_failed
error "$(cat $log_file)"
fi
clean_up 0 clean_up 0