any script to put certs keys inline in client ovpn script ?

[john56477]

anyone have a bash script to move the keys and cert files inline within the ovpn client script
assuming

client.key
ta.key
ca.crt
client.crt
client1.ovpn

all in same directory
If there is another way to do it, besides writing a new script, please tell me.

[JoshC]

OpenVPN already supports inline certs & keys in the config file; you can read about this feature in the manpage section called "INLINE FILE SUPPORT."

[john56477]

thanks, yes openvpn supports inline keys and certs, but is there any tool to put them inline.
How do you do it ?

I wrote a very rough and ready bash script that does the trick,
it works, but is not pretty.

Code: Select all

#!/bin/bash

echo "<ca>" >> raspberry.ovpn
awk /BEGIN/,/END/ < ./capi.crt >> raspberry.ovpn
echo "</ca>" >> raspberry.ovpn

echo "<cert>" >> raspberry.ovpn
awk /BEGIN/,/END/ < ./clientpi.crt >> raspberry.ovpn
echo "</cert>" >> raspberry.ovpn

echo "<key>" >> raspberry.ovpn
awk /BEGIN/,/END/ < ./clientpi.key >> raspberry.ovpn
echo "</key>" >> raspberry.ovpn

echo "key-direction 1" >> raspberry.ovpn
echo "<tls-auth>" >> raspberry.ovpn
awk /BEGIN/,/END/ < ./tapi.key >> raspberry.ovpn
echo "</tls-auth>" >> raspberry.ovpn

[john56477]

my latest bash script, to insert certs and keys inline within client ovpn script
http://pastebin.com/TAu3T7JX

work in progress, comments welcome

[george5p1]

thanks john, i had to add "sudo" in front of the commands to make it run on my ec2 micro instance (ubuntu 12 x64)

thanks for the great howto as well, managed to get my server and client working with your help . getting ~200ms from china on the singapore ec2 region

the only thing to add is that the latest openvpn does not include easy-rsa 2.2 so you need to download first

cp: cannot stat `/usr/share/doc/openvpn/examples/easy-rsa/2.0': No such file or directory

so we need to add

wget https://github.com/downloads/OpenVPN/ea ... ter.tar.gz
tar -zxvf easy-rsa-2.2.0_master.tar.gz
cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/

[john56477]

thanks john, i had to add "sudo" in front of the commands to make it run on my ec2 micro instance (ubuntu 12 x64)
thanks for the great howto as well, managed to get my server and client working with your help . getting ~200ms from china on the singapore ec2 region
the only thing to add is that the latest openvpn does not include easy-rsa 2.2 so you need to download first
cp: cannot stat `/usr/share/doc/openvpn/examples/easy-rsa/2.0': No such file or directory
so we need to add
wget https://github.com/downloads/OpenVPN/ea ... ter.tar.gz
tar -zxvf easy-rsa-2.2.0_master.tar.gz
cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/

thanks, it's a problem to make and test a howto guide that links to products and sites that change afterwards
guide now updated, http://scramblevpn.wordpress.com/ hope it still works.
many thanks for contribution.

As for the bash script, the script was to be run with sudo,
e.g. sudo $HOME/openvpn-client-files/combine.sh
so there should be no need to add "sudo" in front of each command within the script

[george5p1]

Hey john any ideas why the autoreconf might not work on a rPi?

root@raspbx:/etc/openvpn# sudo autoreconf -i
autoreconf: 'configure.ac' or 'configure.in' is required

[george5p1]

Ignore the above post, follow these instructions john posted:

http://scramblevpn.wordpress.com/2014/0 ... rsion-3-0/

[artsiom82]

any scripts for Windows users, please?