This repository has been archived by the owner on Mar 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathopenvpn_gen
executable file
·196 lines (166 loc) · 5.53 KB
/
openvpn_gen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#!/usr/bin/python
import os, sys
import zipfile
def help():
print """Usage: openvpn_gen [-w, -m, -l, -a] client
--help, -h\tDisplay this help message
-w\tCreate a Windows bundle
-m\tCreate a Mac bundle
-l\tCreate a Linux bundle
-a\tCreate an Android Bundle
client is the name of the key you wish to create. It is also the name you use to revoke a client"""
confhelp()
def confhelp():
print """You must create a settings file at /etc/openvpn/clients/server.conf in the following format:
server=server
port=port
proto=proto
port is optional and will default to 1194. proto may be tcp or udp, is optional and will default to udp.
server is mandatory and may be a hostname or ip address
"""
sys.exit(0)
# check parameters
try:
if sys.argv[1] in ['-h', '--help']:
help()
if sys.argv[1] not in ['-w', '-m', '-l','-a']:
help()
client = sys.argv[2]
except IndexError:
help()
# make sure we are root
if os.geteuid() != 0:
print "You must run this utility as root!"
sys.exit(0)
# make sure config exists
if not os.path.isfile('/etc/openvpn/clients/server.conf'):
confhelp()
# get all settings from file
else:
try:
print "Reading Settings"
f = open('/etc/openvpn/clients/server.conf')
config = [y.split('=') for y in f.read().strip().split('\n')]
f.close()
settings = dict()
for setting in config:
settings[setting[0]] = setting[1]
if 'server' not in settings:
confhelp()
else:
server = settings['server']
if 'port' in settings:
port = settings['port']
else:
port = '1194'
if 'proto' in settings:
proto = settings['proto']
else:
proto = 'udp'
except:
print "Error parsing configuration file"
confhelp()
print "Using server: {0}, port: {1}, proto: {2}".format(server,port,proto)
# check if files already exists
print "Checking for previous certificates"
keycheck = os.path.isfile('/etc/openvpn/easy-rsa/keys/{0}.key'.format(client))
certcheck = os.path.isfile('/etc/openvpn/easy-rsa/keys/{0}.crt'.format(client))
# if not create them
if not keycheck or not certcheck:
print "Not found. Creating files"
os.system('cd /etc/openvpn/easy-rsa && . ./vars && ./pkitool {0}'.format(client))
keycheck = os.path.isfile('/etc/openvpn/easy-rsa/keys/{0}.key'.format(client))
certcheck = os.path.isfile('/etc/openvpn/easy-rsa/keys/{0}.crt'.format(client))
# if they still don't exist, quit
if not keycheck or not certcheck:
print 'Error creating certificate files!'
else:
print "certificates found!"
# set parameters based on OS
if sys.argv[1] == '-w':
print "Creating Windows bundle"
filename = '{client}.{os}.zip'.format(client=client,os="win")
win = ''
lin = ';'
if os.path.isfile('/etc/openvpn/clients/win.exe'):
clientfile = 'win.exe'
else:
clientfile = None
elif sys.argv[1] == '-m':
filename = '{client}.{os}.zip'.format(client=client,os="mac")
print "Creating Mac bundle"
win = lin = ';'
if os.path.isfile('/etc/openvpn/clients/mac.dmg'):
clientfile = 'mac.dmg'
else:
clientfile = None
elif sys.argv[1] == '-l':
filename = '{client}.{os}.zip'.format(client=client,os="lin")
print "Creating Linux bundle"
win = ';'
lin = ''
clientfile = None
elif sys.argv[1] == '-a':
filename = '{client}.{os}.zip'.format(client=client,os="and")
print "Creating Android bundle"
win = ';'
lin = ';'
clientfile = None
# check if path already exists
if os.path.isfile(filename):
question = raw_input("file {filename} already exists. Overwrite? (Y/n) ".format(filename=filename))
if question not in ['', 'y', 'Y', 'yes']:
print "Not overwriting. Exiting."
sys.exit(0)
conf = """##############################################
# OpenVPN Configuration File #
# for connecting to multi-client server. #
# On Windows rename this file so it has an #
# .ovpn extension #
##############################################
client
# Needed on Linux
{lin}script-security 2
{lin}up /etc/openvpn/update-resolv-conf
{lin}down /etc/openvpn/update-resolv-conf
# Needed on Windows
{win}route-method exe
{win}route-delay 2
# Comment out on Windows
{notwin}remote-cert-tls server
# network settings
proto {proto}
remote {server} {port}
dev tap
# certificates
ca ca.crt
cert {client}.crt
key {client}.key
tls-auth ta.key 1
# keep trying to resolve name
resolv-retry infinite
# don't bind to local address
nobind
# stay connected and inform server on close
keepalive 10 120
explicit-exit-notify 2
# keep everything consistent
persist-key
persist-tun
comp-lzo # add compression
verb 3 # set verbosity
""".format(win=win,lin=lin,notwin=';' if win == '' else '',client=client,server=server,port=port,proto=proto)
print "Creating zip file"
try:
zip = zipfile.ZipFile(filename,'w')
zip.write('/etc/openvpn/easy-rsa/keys/{0}.key'.format(client),'{client}.key'.format(client=client))
zip.write('/etc/openvpn/easy-rsa/keys/{0}.crt'.format(client),'{client}.crt'.format(client=client))
zip.write('/etc/openvpn/ta.key','ta.key')
zip.write('/etc/openvpn/ca.crt','ca.crt')
zip.writestr('client.'+('ovpn' if win =='' else 'conf'),conf)
if clientfile is not None:
zip.write('/etc/openvpn/clients/'+clientfile,'client.'+('exe' if win =='' else 'dmg'))
except:
print "Error creating zip file"
sys.exit(0)
print "Done. Written to {0}".format(filename)