#!/bin/bash # $Id: ovpn_gen_meta.bash 1037 2026-03-16 15:07:58Z bertrand $ # Ce script permet de générer les fichiers de configuration pour les # clients OpenVPN. # external parameters profile_name=$1 # internal parameters RED=$(tput setaf 1) GREEN=$(tput setaf 2) YELLOW=$(tput setaf 3) RESET=$(tput sgr0) # ovpn ovpn_path="/etc/openvpn" ovpn_clients="$ovpn_path/client.list" ovpn_profile="$ovpn_path/server/$profile_name.conf" # ca ca_path="$ovpn_path/ca" ca_pki_path="$ca_path/pki" ca_issued_path="$ca_pki_path/issued" ca_private_path="$ca_pki_path/private" # target target_user="master" target_group="users" target_path="/home/$target_user/openvpn" target_path_txt="$target_path/txt" target_path_zip="$target_path/zip" # tools ovpn_gen_tool="./ovpn_gen_client.bash" ovpn_gen_cmdline="$ovpn_gen_tool $ovpn_path $target_path_txt $profile_name" ovpn_check_tool="./ovpn_check_clients.bash" ovpn_check_cmdline="$ovpn_check_tool $profile_name" zip_tool=$(which zip) zip_cmdline="$zip_tool -1" openssl_tool=$(which openssl) openssl_cmdline="$openssl_tool x509" remote_cp=$2 remote_host="rssvr.domcfi.loc" remote_user="master" remote_path="/var/www/html/openvpn" remote_cp_tool=$(which scp) remote_cp_cmdline="$remote_cp_tool -r" if [[ -n $profile_name && -f $ovpn_profile && -f $ovpn_clients && -n $ovpn_gen_tool ]]; then # Génération des fichiers de configuration en local if [[ ! -d $target_path ]]; then mkdir $target_path chown $target_user:$target_group $target_path fi if [[ ! -d $target_path_txt ]]; then mkdir $target_path_txt chown $target_user:$target_group $target_path_txt fi if [[ ! -d $target_path_zip ]]; then mkdir $target_path_zip chown $target_user:$target_group $target_path_zip fi if [[ $(ls -1 $target_path_txt | wc -l) -gt 0 ]]; then rm $target_path_txt/*.ovpn else echo "${YELLOW}no file found in $target_path_txt${RESET}" fi if [[ $(ls -1 $target_path_zip | wc -l) -gt 0 ]]; then rm $target_path_zip/*.zip else echo "${YELLOW}no file found in $target_path_zip${RESET}" fi while read current_client; do $ovpn_gen_cmdline $current_client done < $ovpn_clients chown $target_user:$target_group $target_path_txt/*.ovpn #ls -lh $target_path_txt if [[ -n $zip_tool ]]; then while read current_client; do (cd $target_path_txt && $zip_cmdline "$profile_name-$current_client.zip" "$profile_name-$current_client.ovpn") mv $target_path_txt/$profile_name-$current_client.zip $target_path_zip/$profile_name-$current_client.zip done < $ovpn_clients chown $target_user:$target_group $target_path_zip/*.zip #ls -lh $target_path_zip else echo "${YELLOW}zip not found (will not generate ZIP files)${RESET}" fi if [[ -n $openssl_tool ]]; then while read current_client; do ca_client_crt_file="$ca_issued_path/$current_client.crt" ca_client_pem_file="$ca_issued_path/$current_client.pem" if [[ ! -f $ca_client_pem_file ]]; then $openssl_cmdline -in $ca_client_crt_file -out $ca_client_pem_file -outform PEM fi if [[ -f $ca_client_pem_file ]]; then not_after=$($openssl_cmdline -dates -noout -in $ca_client_pem_file | grep notAfter | cut -c 10-) expiry_date=$(date -d "$not_after" +%Y-%m-%d) echo "certificate for $current_client expires after: $expiry_date" else echo "${RED}failed to obtain expiry date for $current_client in $user_pem_file${RESET}" fi done < $ovpn_clients else echo "${RED}openssl not found${RESET}" fi # Copie des fichiers sur un serveur distant if [[ -n $remote_cp_tool && $remote_cp = "upload" ]]; then ping -c 1 $remote_host | grep "from" $remote_cp_cmdline $target_path/* $remote_user@$remote_host:$remote_path else if [[ -z $remote_cp ]]; then echo "${YELLOW}upload skipped (not requested)${RESET}" fi if [[ -z $remote_cp_tool ]]; then echo "${YELLOW}scp not found${RESET}" fi fi if [[ -f $ovpn_check_tool ]]; then $ovpn_check_cmdline else echo "${RED}$ovpn_check_tool not found${RESET}" fi else if [[ -n $profile_name ]]; then if [[ ! -f $ovpn_profile ]]; then echo "${RED}$profile_name does not exist ($ovpn_profile not found)${RESET}" fi else echo "usage: $0 profile_name [upload]" fi if [[ ! -f $ovpn_clients ]]; then echo "${RED}$ovpn_clients does not exist${RESET}" fi if [[ ! -f $ovpn_gen_tool ]]; then echo "${RED}$ovpn_gen_tool does not exist${RESET}" fi fi