mkopenvpn.sh - onfca - Gitiles

 #!/usr/bin/env bash

 set -xeu -o pipefail

 VPN_USER=$1

 VPN_SITE=${VPN_SITE:-example}

 # where PKI is generated are kept, same variable as Makefile
 export BASE_DIR=${BASE_DIR:-onf_pki}

 export IM_CA_NAME=openvpn_ca
 export LEAF_PURPOSE=client_cert_ext

 export LEAF_KEYPAIR=${VPN_USER}
 export LEAF_EMAIL=${LEAF_EMAIL:-"${VPN_USER}@opennetworking.org"}
 export LEAF_SAN="email:${LEAF_EMAIL}"

 make ${BASE_DIR}/certout/${VPN_USER}.pem

 # build config
 VPN_CONFIG=openvpn/${VPN_USER}_${VPN_SITE}.ovpn
 cat openvpn/generic_${VPN_SITE}.ovpn > $VPN_CONFIG

 cat << EOKEY >> $VPN_CONFIG

 # client key
 <key>
 EOKEY

 # add key
 cat ${BASE_DIR}/certout/${VPN_USER}.key >> $VPN_CONFIG

 cat << EOCERT >> $VPN_CONFIG
 </key>

 # client cert
 <cert>
 EOCERT

 # add pem
 cat ${BASE_DIR}/certout/${VPN_USER}.pem >> $VPN_CONFIG

 cat << EOF >> $VPN_CONFIG
 </cert>
 EOF
	#!/usr/bin/env bash

	set -xeu -o pipefail

	VPN_USER=$1

	VPN_SITE=${VPN_SITE:-example}

	# where PKI is generated are kept, same variable as Makefile
	export BASE_DIR=${BASE_DIR:-onf_pki}

	export IM_CA_NAME=openvpn_ca
	export LEAF_PURPOSE=client_cert_ext

	export LEAF_KEYPAIR=${VPN_USER}
	export LEAF_EMAIL=${LEAF_EMAIL:-"${VPN_USER}@opennetworking.org"}
	export LEAF_SAN="email:${LEAF_EMAIL}"

	make ${BASE_DIR}/certout/${VPN_USER}.pem

	# build config
	VPN_CONFIG=openvpn/${VPN_USER}_${VPN_SITE}.ovpn
	cat openvpn/generic_${VPN_SITE}.ovpn > $VPN_CONFIG

	cat << EOKEY >> $VPN_CONFIG

	# client key
	<key>
	EOKEY

	# add key
	cat ${BASE_DIR}/certout/${VPN_USER}.key >> $VPN_CONFIG

	cat << EOCERT >> $VPN_CONFIG
	</key>

	# client cert
	<cert>
	EOCERT

	# add pem
	cat ${BASE_DIR}/certout/${VPN_USER}.pem >> $VPN_CONFIG

	cat << EOF >> $VPN_CONFIG
	</cert>
	EOF