git.squeep.com Git - awsible/blob - userManagementTemplates/generic.sh

   1 #!/bin/sh
   2
   3 CA_SUFFIX='_ca'
   4
   5 function usage(){
   6         cat<<EOF
   7 Usage: $(basename "$0") environment user eip vpc_16
   8 EOF
   9 }
  10 function onlycert(){
  11         sed -n '/-----BEGIN /,/-----END /p' "$@"
  12 }
  13
  14 if [ $# -ne 4 ]
  15 then
  16         usage
  17         exit 64
  18 fi
  19
  20 ca_cert_file="${1}${CA_SUFFIX}/pki/ca.crt"
  21 user_cert_file="${1}${CA_SUFFIX}/pki/issued/${2}.crt"
  22 user_key_file="${1}${CA_SUFFIX}/pki/private/${2}.key"
  23 ta_secret_file="${1}${CA_SUFFIX}/pki/ta.key"
  24
  25 if [ ! -e "${user_cert_file}" -o ! -e "${user_key_file}" ]
  26 then
  27         echo "could not find credentials" 1>&2
  28         exit 1
  29 fi
  30
  31 cat<<EOF
  32 # User: ${2}
  33 # Profile: ${1}
  34 client
  35
  36 port 1195
  37 proto tcp
  38 dev tun
  39 cipher AES-256-CBC
  40
  41 remote ${3} 1195
  42 nobind
  43
  44 persist-key
  45 persist-tun
  46
  47 #auth-user-pass
  48
  49 #comp-lzo
  50
  51 route ${4} 255.240.0.0
  52
  53 <ca>
  54 EOF
  55 onlycert "${ca_cert_file}"
  56 cat<<EOF
  57 </ca>
  58
  59 <cert>
  60 EOF
  61 onlycert "${user_cert_file}"
  62 cat<<EOF
  63 </cert>
  64
  65 <key>
  66 EOF
  67 onlycert "${user_key_file}"
  68 cat<<EOF
  69 </key>
  70
  71 key-direction 1
  72 <tls-auth>
  73 EOF
  74 cat "${ta_secret_file}"
  75 cat<<EOF
  76 </tls-auth>
  77 EOF