Skip to content

Instantly share code, notes, and snippets.

@divyavanmahajan

divyavanmahajan/create_user.sh

Last active October 28, 2017 16:22
Show Gist options
  • Save divyavanmahajan/5374678b00375f58e03f to your computer and use it in GitHub Desktop.
Save divyavanmahajan/5374678b00375f58e03f to your computer and use it in GitHub Desktop.
Download ZIP
Turnkey OpenVPN - Add new users. It creates two OVPN files - with and without proxy and also generates the URLs to download them. Safely use for existing users - it just creates the OVPN files.
Raw
create_user.sh
#!/bin/bash -e
fatal() { echo "FATAL: $@" 1>&2; exit 1; }
warn() { echo "WARN: $@"; }
info() { echo "INFO: $@"; }
usage() {
cat <<EOF
Usage: sudo $0 client_or_profile_name
This will create two ovpn files in this directory (proxy and noproxy).
You can safely run this for existing users too - to regenerate their license files.
Example of client name - divya.mahajan, pritam.kumar
This must be run as sudo.
EOF
exit 1
}
EASY_RSA=/etc/openvpn/easy-rsa
SERVER_CFG=/etc/openvpn/server.conf
SERVER_CCD=/etc/openvpn/server.ccd
SERVER_ADDR=$(grep PUBLIC_ADDRESS $SERVER_CFG | awk '{print $3}')
[ "$SERVER_ADDR" ] || fatal "unable to determine PUBLIC_ADDRESS from $SERVER_CFG"
source $EASY_RSA/vars
[ -r $KEY_DIR ] || usage
if [[ "$#" < "1" ]]; then
usage
fi
client_name=$1
if [ -e $KEY_DIR/$client_name.ovpn ]
then
info "$KEY_DIR/$client_name.ovpn exists"
else
openvpn-addclient $1 [email protected]
fi
cat > $1_proxy.ovpn <<EOF
# OVPN_ACCESS_SERVER_USERNAME=${client_name}_proxy
# OVPN_ACCESS_SERVER_PROFILE=${client_name}_proxy@$SERVER_ADDR
# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
http-proxy 104.129.192.34 10015
EOF
cat > $1_noproxy.ovpn <<EOF
# OVPN_ACCESS_SERVER_USERNAME=${client_name}_noproxy
# OVPN_ACCESS_SERVER_PROFILE=${client_name}_noproxy@$SERVER_ADDR
# OVPN_ACCESS_SERVER_WSHOST=$SERVER_ADDR:443
EOF
cat > $client_name.ovpn <<EOF
remote $SERVER_ADDR 443 tcp
ns-cert-type server
client
dev tun
resolv-retry infinite
keepalive 10 120
nobind
comp-lzo
verb 3
;user nobody
;group nogroup
<ca>
$(cat $KEY_DIR/ca.crt)
</ca>
key-direction 1
<tls-auth>
$(cat $KEY_DIR/ta.key)
</tls-auth>
<cert>
$(cat $KEY_DIR/$client_name.crt)
</cert>
<key>
$(cat $KEY_DIR/$client_name.key)
</key>
EOF
cat $client_name.ovpn >> $1_proxy.ovpn
cat $client_name.ovpn >> $1_noproxy.ovpn
cp $1_*ovpn $KEY_DIR
rm $client_name.ovpn ${client_name}_proxy.ovpn ${client_name}_noproxy.ovpn
echo "${client_name} files"
TEMPLATE=/var/www/openvpn/template.html
PROFILES=/var/www/openvpn/htdocs/profiles
# Generate URL for Proxy OVPN
OVPN_PATH=$KEY_DIR/${client_name}_proxy.ovpn
[ -e $OVPN_PATH ] || warn "$OVPN_PATH does not exist"
PROFILE_HASH=$(sha1sum $OVPN_PATH | cut -d " " -f 1)
PROFILE_PATH=$PROFILES/$PROFILE_HASH
mkdir -p $PROFILE_PATH
cp $OVPN_PATH $PROFILE_PATH/
sed "s|CLIENT_NAME|${client_name}_proxy|g" $TEMPLATE > $PROFILE_PATH/index.html
chown -R www-data:www-data $PROFILES
chmod 440 $PROFILE_PATH/${client_name}_proxy.ovpn
echo " URL for file with proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"
# Generate URL for OVPN without proxy
OVPN_PATH=$KEY_DIR/${client_name}_noproxy.ovpn
[ -e $OVPN_PATH ] || warn "$OVPN_PATH does not exist"
PROFILE_HASH=$(sha1sum $OVPN_PATH | cut -d " " -f 1)
PROFILE_PATH=$PROFILES/$PROFILE_HASH
mkdir -p $PROFILE_PATH
cp $OVPN_PATH $PROFILE_PATH/
sed "s|CLIENT_NAME|${client_name}_noproxy|g" $TEMPLATE > $PROFILE_PATH/index.html
chown -R www-data:www-data $PROFILES
chmod 440 $PROFILE_PATH/${client_name}_noproxy.ovpn
echo " URL for file without proxy: http://$SERVER_ADDR/profiles/$PROFILE_HASH/"
# Clear downloaded profile links
/etc/cron.hourly/openvpn-profiles-delexpired
# To clear all profiles
# ls -l /var/www/openvpn/htdocs/profiles
# rm -rf /var/www/openvpn/htdocs/profiles/[0-9a-f]*
# ls -l /var/www/openvpn/htdocs/profiles
# List users in the system
#echo "Users setup in the system."
# ls /etc/openvpn/easy-rsa/keys/*ovpn|xargs -n 1 -I FNAME basename FNAME .ovpn|grep -v proxy|xargs -n 1 -I NAME echo " NAME"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment