├── MIT ├── README.md └── ovpngen /MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016-2018 graysky 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Overview 2 | A simple shell script that creates OpenVPN compatible tunnel profiles in the unified file format. Tested on: 3 | * Linux OpenVPN version 2.4.6 4 | * iOS version 3.0.0.(712) of OpenVPN Connect 5 | * Android version 0.6.73 of OpenVPN for Android 6 | 7 | ## Usage 8 | Invoke the script with 5 tokens and the profile is outputted to stdout. 9 | 1. Server Fully Qualified Domain Name of the OpenVPN server (or IP address). 10 | 2. Full path to the CA cert. 11 | 3. Full path to the client cert. 12 | 4. Full path to the client private key. 13 | 5. Full path to the server TLS shared secret key. 14 | 6. Optionally define a port number (defaults to 1194 if left blank). 15 | 7. Optionally define a protocol (defaults to udp if left blank). 16 | 17 | ### Example (run as root) using all 7 arguments to setup a profile working port 443 using TCP 18 | ``` 19 | CLIENT=foo 20 | 21 | ./ovpngen nipple.titty.org \ 22 | /etc/openvpn/server/ca.crt \ 23 | /etc/easy-rsa/pki/signed/$CLIENT.crt \ 24 | /etc/easy-rsa/pki/private/$CLIENT.key \ 25 | /etc/openvpn/server/ta.key \ 26 | 443 \ 27 | tcp > $CLIENT.ovpn 28 | ``` 29 | 30 | The resulting foo.ovpn may need to be edited. Pay attention to the commented lines! 31 | 32 | ### Credit 33 | Majority of the credit goes to the script's original author, [trovao](https://github.com/trovao). His version can be found [here](https://gist.github.com/trovao/18e428b5a758df24455b). 34 | -------------------------------------------------------------------------------- /ovpngen: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Tested and works with OpenVPN Connect 1.2.9 build 0 (iOS 64-bit) on iOS 11.4.1 4 | ## 5 | ## Majority of the credit goes to the script's original author, trovao 6 | ## Link to original script: https://gist.github.com/trovao/18e428b5a758df24455b 7 | 8 | usage() { 9 | echo "Usage: $0 SERVER CA_CERT CLIENT_CERT CLIENT_KEY SHARED_SECRET PORT PROTO" 10 | echo 11 | cat << EOF 12 | The first 5 tokens are required while the last are optional 13 | SERVER = Fully qualified domain name 14 | CA_CERT = Full path to the CA cert 15 | CLIENT_CERT = Full path to the client cert 16 | CLIENT_KEY = Full path to the client private key 17 | SHARED_SECRET = Full path to the server TLS shared secret key 18 | PORT = Port number (defaults to 1194 if left blank) 19 | PROTO = Protocol (defaults to udp if left blank) 20 | EOF 21 | echo 22 | echo 'For example:' 23 | echo 24 | echo 'CLIENT=jason' 25 | echo "$0 my.openvpn-server.com \\" 26 | echo ' /etc/openvpn/server/ca.crt \' 27 | echo ' /etc/easy-rsa/pki/signed/$CLIENT.crt \' 28 | echo ' /etc/easy-rsa/pki/private/$CLIENT.key \' 29 | echo ' /etc/openvpn/server/ta.key > $CLIENT.ovpn' 30 | exit 0 31 | } 32 | 33 | [[ -z "$1" ]] && usage 34 | 35 | server=${1?"The server address is required"} 36 | cacert=${2?"The path to the ca certificate file is required"} 37 | client_cert=${3?"The path to the client certificate file is required"} 38 | client_key=${4?"The path to the client private key file is required"} 39 | tls_key=${5?"The path to the TLS shared secret file is required"} 40 | 41 | # test for readable files 42 | for i in "$cacert" "$client_cert" "$client_key" "$tls_key"; do 43 | [[ -f "$i" ]] || { 44 | echo " I cannot find $i on the filesystem." 45 | echo " This could be due to permissions or that you did not define the full path correctly." 46 | echo " Check the path and try again." 47 | exit 1 48 | } 49 | [[ -r "$i" ]] || { 50 | echo " I cannot read $i. Try invoking $0 as root." 51 | exit 1 52 | } 53 | done 54 | [[ -z "$6" ]] && port=1194 || port="$6" 55 | [[ -z "$7" ]] && proto='udp' || proto="$7" 56 | 57 | cat << EOF 58 | client 59 | dev tun 60 | remote ${server} ${port} ${proto} 61 | resolv-retry infinite 62 | nobind 63 | persist-key 64 | persist-tun 65 | verb 3 66 | ### 67 | ### optionally uncomment and change both the cipher and auth lines to EXACTLY 68 | ### match the values specified in ${server} 69 | #cipher AES-256-CBC 70 | #auth SHA512 71 | ### 72 | ### scroll down and optionally change the tag set to 73 | ### to match how the server is configured since these options are mutually 74 | ### exclusive! 75 | ### 76 | remote-cert-tls server 77 | key-direction 1 78 | 79 | EOF 80 | cat "${cacert}" 81 | cat << EOF 82 | 83 | 84 | EOF 85 | cat "${client_cert}" 86 | cat << EOF 87 | 88 | 89 | EOF 90 | cat "${client_key}" 91 | cat << EOF 92 | 93 | 94 | EOF 95 | cat "${tls_key}" 96 | cat << EOF 97 | 98 | EOF 99 | 100 | # vim:set ts=2 sw=2 et: 101 | --------------------------------------------------------------------------------