From c7d8455631572d9eaab2bffedce4eeae07995554 Mon Sep 17 00:00:00 2001 From: Siebren Kraak Date: Wed, 27 Jul 2022 14:19:07 +0200 Subject: [PATCH] Add PASSPHRASE support in headless mode --- README.md | 12 ++++++++++++ openvpn-install.sh | 11 +++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c769172..c65cacd 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,7 @@ If you want to customise your installation, you can export them or specify them - `CUSTOMIZE_ENC=n` - `CLIENT=clientname` - `PASS=1` +- `PASSPHRASE=V3ryS3cureP4ssword#123` If the server is behind NAT, you can specify its endpoint with the `ENDPOINT` variable. If the endpoint is the public IP address which it is behind, you can use `ENDPOINT=$(curl -4 ifconfig.co)` (the script will default to this). The endpoint can be an IPv4 or a domain. @@ -94,6 +95,17 @@ export PASS="1" ./openvpn-install.sh ``` +To add a user with a passphrase instead +```bash +#!/bin/bash +export MENU_OPTION="1" +export CLIENT="foo" +export PASS="2" +export PASSPHRASE="V3ryS3cureP4ssword#123" +./openvpn-install.sh +``` + + ## Features - Installs and configures a ready-to-use OpenVPN server diff --git a/openvpn-install.sh b/openvpn-install.sh index 64d8ed0..7a61cd2 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -1086,8 +1086,15 @@ function newClient() { ./easyrsa build-client-full "$CLIENT" nopass ;; 2) - echo "⚠️ You will be asked for the client password below ⚠️" - ./easyrsa build-client-full "$CLIENT" + if [[ -z "$PASSPHRASE" ]]; then + echo "⚠️ You will be asked for the client password below ⚠️" + ./easyrsa build-client-full "$CLIENT" + else + echo "The password for client was already set" + PASSPHRASE="pass:${PASSPHRASE}" + ./easyrsa --passin=$PASSPHRASE --passout=$PASSPHRASE build-client-full "$CLIENT" + + fi ;; esac echo "Client $CLIENT added."