| Zack Williams | ba5c9d3 | 2022-06-05 21:49:18 -0700 | [diff] [blame] | 1 | #!/usr/bin/env bash |
| 2 | |
| 3 | set -xeu -o pipefail |
| 4 | |
| 5 | VPN_USER=$1 |
| 6 | |
| 7 | VPN_SITE=${VPN_SITE:-example} |
| 8 | |
| Zack Williams | 003658b | 2022-10-25 11:13:06 -0700 | [diff] [blame^] | 9 | # where PKI is generated are kept, same variable as Makefile |
| 10 | export BASE_DIR=${BASE_DIR:-onf_pki} |
| 11 | |
| Zack Williams | ba5c9d3 | 2022-06-05 21:49:18 -0700 | [diff] [blame] | 12 | export IM_CA_NAME=openvpn_ca |
| 13 | export LEAF_PURPOSE=client_cert_ext |
| 14 | |
| 15 | export LEAF_KEYPAIR=${VPN_USER} |
| 16 | export LEAF_EMAIL=${LEAF_EMAIL:-"${VPN_USER}@opennetworking.org"} |
| 17 | export LEAF_SAN="email:${LEAF_EMAIL}" |
| 18 | |
| Zack Williams | 003658b | 2022-10-25 11:13:06 -0700 | [diff] [blame^] | 19 | make ${BASE_DIR}/certout/${VPN_USER}.pem |
| Zack Williams | ba5c9d3 | 2022-06-05 21:49:18 -0700 | [diff] [blame] | 20 | |
| 21 | # build config |
| 22 | VPN_CONFIG=openvpn/${VPN_USER}_${VPN_SITE}.ovpn |
| 23 | cat openvpn/generic_${VPN_SITE}.ovpn > $VPN_CONFIG |
| 24 | |
| 25 | cat << EOKEY >> $VPN_CONFIG |
| 26 | |
| 27 | # client key |
| 28 | <key> |
| 29 | EOKEY |
| 30 | |
| 31 | # add key |
| Zack Williams | 003658b | 2022-10-25 11:13:06 -0700 | [diff] [blame^] | 32 | cat ${BASE_DIR}/certout/${VPN_USER}.key >> $VPN_CONFIG |
| Zack Williams | ba5c9d3 | 2022-06-05 21:49:18 -0700 | [diff] [blame] | 33 | |
| 34 | cat << EOCERT >> $VPN_CONFIG |
| 35 | </key> |
| 36 | |
| 37 | # client cert |
| 38 | <cert> |
| 39 | EOCERT |
| 40 | |
| 41 | # add pem |
| Zack Williams | 003658b | 2022-10-25 11:13:06 -0700 | [diff] [blame^] | 42 | cat ${BASE_DIR}/certout/${VPN_USER}.pem >> $VPN_CONFIG |
| Zack Williams | ba5c9d3 | 2022-06-05 21:49:18 -0700 | [diff] [blame] | 43 | |
| 44 | cat << EOF >> $VPN_CONFIG |
| 45 | </cert> |
| 46 | EOF |