52 lines
1.0 KiB
Bash
Executable File
52 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: $0 <client-name>"
|
|
exit 1
|
|
fi
|
|
|
|
CLIENT_NAME=$1
|
|
cd /etc/openvpn/server/easy-rsa
|
|
|
|
# Generate client certificate and key
|
|
./easyrsa gen-req $CLIENT_NAME nopass
|
|
./easyrsa sign-req client $CLIENT_NAME
|
|
|
|
# Make sure client directory exists
|
|
mkdir -p /etc/openvpn/client
|
|
|
|
# Create client configuration
|
|
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
|
|
client
|
|
dev tun
|
|
proto udp
|
|
remote $(curl -s ifconfig.me) 1194
|
|
resolv-retry infinite
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
remote-cert-tls server
|
|
cipher AES-256-GCM
|
|
data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
|
|
block-outside-dns
|
|
verb 3
|
|
dhcp-option DNS 1.1.1.1
|
|
dhcp-option DNS 1.0.0.1
|
|
<ca>
|
|
$(cat /etc/openvpn/server/ca.crt)
|
|
</ca>
|
|
<cert>
|
|
$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
|
|
</cert>
|
|
<key>
|
|
$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
|
|
</key>
|
|
EOL
|
|
|
|
echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn" |