Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 12:42:41 +01:00
Code Issues Projects Releases Wiki Activity

Add password option for clients (#160)

Browse Source
This commit is contained in:
Angristan
2018-08-18 19:40:07 +02:00
committed by GitHub
parent a0267c994d
commit 9ef0bbc47d
2 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
openvpn-install.sh
View File

@@ -113,12 +113,28 @@ if [[ -e /etc/openvpn/server.conf ]]; then
case $option in
1)
echo ""
echo "Do you want to protect the configuration file with a password?"
echo "(e.g. encrypt the private key with a password)"
echo " 1) Add a passwordless client"
echo " 2) Use a password for the client"
until [[ "$pass" =~ ^[1-2]$ ]]; do
read -rp "Select an option [1-2]: " -e -i 1 pass
done
echo ""
echo "Tell me a name for the client cert"
echo "Please, use one word only, no special characters"
read -rp "Client name: " -e -i newclient CLIENT
read -rp "Client name: " -e -i newclient CLIENT
cd /etc/openvpn/easy-rsa/ || return
./easyrsa build-client-full $CLIENT nopass
case $pass in
1)
./easyrsa build-client-full $CLIENT nopass
;;
2)
echo "⚠️ You will be asked for the client password below ⚠️"
./easyrsa build-client-full $CLIENT
;;
esac
# Generates the custom client.ovpn
newclient "$CLIENT"
@@ -365,6 +381,14 @@ else
;;
esac
echo ""
echo "Do you want to protect the configuration file with a password?"
echo "(e.g. encrypt the private key with a password)"
echo " 1) Add a passwordless client"
echo " 2) Use a password for the client"
until [[ "$pass" =~ ^[1-2]$ ]]; do
read -rp "Select an option [1-2]: " -e -i 1 pass
done
echo ""
echo "Finally, tell me a name for the client certificate and configuration"
while [[ $CLIENT = "" ]]; do
echo "Please, use one word only, no special characters"
@@ -524,7 +548,15 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
./easyrsa --batch build-ca nopass
openssl dhparam -out dh.pem $DH_KEY_SIZE
./easyrsa build-server-full $SERVER_NAME nopass
./easyrsa build-client-full $CLIENT nopass
case $pass in
1)
./easyrsa build-client-full $CLIENT nopass
;;
2)
echo "⚠️ You will be asked for the client password below ⚠️"
./easyrsa build-client-full $CLIENT
;;
esac
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# generate tls-auth key
openvpn --genkey --secret /etc/openvpn/tls-auth.key