add more vpn support things

[awsible] / userManagementTemplates / generic.sh

diff --git a/userManagementTemplates/generic.sh b/userManagementTemplates/generic.sh
new file mode 100755 (executable)
index 0000000..da8fcd8
--- /dev/null
+++ b/userManagementTemplates/generic.sh
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+CA_SUFFIX='_ca'
+
+function usage(){
+       cat<<EOF
+Usage: $(basename "$0") environment user eip vpc_16
+EOF
+}
+function onlycert(){
+       sed -n '/-----BEGIN /,/-----END /p' "$@"
+}
+
+if [ $# -ne 4 ]
+then
+       usage
+       exit 64
+fi
+
+ca_cert_file="${1}${CA_SUFFIX}/pki/ca.crt"
+user_cert_file="${1}${CA_SUFFIX}/pki/issued/${2}.crt"
+user_key_file="${1}${CA_SUFFIX}/pki/private/${2}.key"
+ta_secret_file="${1}${CA_SUFFIX}/pki/ta.key"
+
+if [ ! -e "${user_cert_file}" -o ! -e "${user_key_file}" ]
+then
+       echo "could not find credentials" 1>&2
+       exit 1
+fi
+
+cat<<EOF
+# User: ${2}
+# Profile: ${1}
+client
+
+port 1195
+proto tcp
+dev tun
+cipher AES-256-CBC
+
+remote ${3} 1195
+nobind
+
+persist-key
+persist-tun
+
+#auth-user-pass
+
+#comp-lzo
+
+route ${4} 255.240.0.0
+
+<ca>
+EOF
+onlycert "${ca_cert_file}"
+cat<<EOF
+</ca>
+
+<cert>
+EOF
+onlycert "${user_cert_file}"
+cat<<EOF
+</cert>
+
+<key>
+EOF
+onlycert "${user_key_file}"
+cat<<EOF
+</key>
+
+key-direction 1
+<tls-auth>
+EOF
+cat "${ta_secret_file}"
+cat<<EOF
+</tls-auth>
+EOF