OpenVPN Client Key Generator

openvpn-client-key-gen.sh

#!/bin/bash

#
# OpenVPN Client Key Generation Script
#
# Author: rtfpessoa
# Date:   03-09-2016
#
# Based on the guide:
#   * https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
#

# First  argument: Client identifier
# Second argument: Generate key with password

client_key_name=$1
key_with_pass=$2

if [[ -z $client_key_name ]]; then
  echo "Missing client key name!"
  exit 1
fi

VPN_DIR=~/openvpn-ca
KEY_DIR=${VPN_DIR}/keys
CLIENT_CFG_DIR=~/client-configs
OUTPUT_DIR=${CLIENT_CFG_DIR}/files
BASE_CONFIG=${CLIENT_CFG_DIR}/base.conf

mkdir -p $OUTPUT_DIR
chmod 700 ~/client-configs/files
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf

cd ${VPN_DIR}
source vars
if [[ -n $key_with_pass ]]; then
  ./build-key-pass ${client_key_name}
else
  ./build-key ${client_key_name}
fi

cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn

openvpn-client-key-revoke.sh

#!/bin/bash

#
# OpenVPN Client Key Revocation Script
#
# Author: rtfpessoa
# Date:   03-09-2016
#
# Based on the guide:
#   * https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
#

# First  argument: Client identifier

client_key_name=$1

if [[ -z $client_key_name ]]; then
  echo "Missing client key name!"
  exit 1
fi

cd ~/openvpn-ca
source vars
./revoke-full ${client_key_name}

sudo cp -f ~/openvpn-ca/keys/crl.pem /etc/openvpn