一步一个脚印—我是如何通过Shell脚本高效自动为客户端生成OpenVpn配置文件

图片[1]-一步一个脚印—我是如何通过Shell脚本高效自动为客户端生成OpenVpn配置文件-音域动漫

前言:

不知不觉已经进入到2021年12月了,一年真的过的是飞快。公司年底都是业绩的冲刺期,现在领导层大量签下的合同涌入并加入了更多的开发人员。我们公司的机房在一个距离40Km的地方,同时那边具有测试服务器。那么就需要为每个新加入到公司里的新员工进行分配OpenVpn来进入到公司机房内网。那么这大量且重复性的工作其实是很枯燥无味的,所以我花费了一点时间通过一个Shell脚本来自动生成配置,并简化文件提高运维效率。(PS:从别的网站发布文章规矩太多,还是从自己的网站里发布更舒服。)

先决条件

一、我是在我上一篇文章的基础上进行的撰写,所以脚本的生成过程都是依靠我的文章的逻辑来进行生成的

二、我的OpenVpn服务器部署方式:https://www.onlolikon.com/xbjdyt/27830.html

三、由于习惯问题,我在本篇文章对脚本进行讲解所使用的注释是 // 如果你不删除直接复制使用的话肯定会报错

四、当然,这是重中之重,本人是Shell的初学者,所以逻辑会很复杂并且很长。请不要喷我,我会努力的!

脚本内容和详解

那么这个脚本依靠expect组件进行,所以使用这个脚本之前请先安装,当然我也会在脚本里进行判断,没有安装的话将不会被执行。那么在最后执行的时候只会得到一个ovpn的文件,直接导入到OpenVpn客户端内进行连接就可以了。这个脚本还有非常多需要完善的地方。当然我这个脚本只是适合我,根据自己的部署条件进行修改。只作为参考

#!/bin/bash
set -x              //为了方便调试我添加了此参数来显示更详细的信息
OPENVPN_USER=$1       //读取用户输入的第一个参数
OPENVPN_SERVER_EASYRSA_DIR=/etc/openvpn/easy-rsa/3        //设置用于生成服务器证书的easy-rsa路径
OPENVPN_CLIENT_EASYRSA_DIR=/etc/openvpn/client/easy-rsa/3    //设置用于生成服务器证书的easy-rsa路径

SHELL_PWD=`pwd`      //由于使用gen-req的时候需要在当前目录下执行,为了执行完脚本更好的返回初始目录,在这里先记录下脚本所在的当前路径

if [ $# != 1 ]     //判断用户在执行脚本的时候,后面有没有根相关的名称,如果没用则退出执行
 then
  exit
fi

rpm -q expect &>> /dev/null   //判断系统有没有安装expect,如果没有则退出执行
if [ $? != 0 ]
 then
  exit
fi

cd $OPENVPN_CLIENT_EASYRSA_DIR    //首先进入用于生成服务器证书的easy-rsa路径

/usr/bin/expect <<-EOF
 spawn ./easyrsa gen-req $OPENVPN_USER nopass     //临时单独开启一个会话,创建client端证书和private key
 expect {
  "Common Name" { send "\n"; exp_continue; }       //出现这个字段的选择直接回车
  " Confirm key overwrite" { send "\n"; exp_continue; }      //有的时候会出现重复的情况,也直接回车
 }
EOF

//签约证书
${OPENVPN_SERVER_EASYRSA_DIR}/easyrsa import-req ${OPENVPN_CLIENT_EASYRSA_DIR}/pki/reqs/${OPENVPN_USER}.req $OPENVPN_USER

/usr/bin/expect <<-EOF
 spawn ${OPENVPN_SERVER_EASYRSA_DIR}/easyrsa sign client $OPENVPN_USER     //给client端证书做签名
 expect {
   "Confirm request details" { send "yes\n"; exp_continue; }
 }
EOF
cd $SHELL_PWD    //回到shell脚本当前目录

cat <<-EOF > ${OPENVPN_USER}.ovpn       //开始创建客户端配置文件
client
dev tun
proto udp
remote 192.168.7.198 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-128-CBC

EOF

//将ca证书、cert证书和私钥写入到配置文件内
echo '<ca>' >> ${OPENVPN_USER}.ovpn
cat ${OPENVPN_SERVER_EASYRSA_DIR}/pki/ca.crt >> ${OPENVPN_USER}.ovpn
echo '</ca>' >> ${OPENVPN_USER}.ovpn

echo '<cert>' >> ${OPENVPN_USER}.ovpn
cat ${OPENVPN_SERVER_EASYRSA_DIR}/pki/issued/${OPENVPN_USER}.crt | grep -A 100 'BEGIN CERTIFICATE' >> ${OPENVPN_USER}.ovpn
echo '</cert>' >> ${OPENVPN_USER}.ovpn

echo '<key>' >> ${OPENVPN_USER}.ovpn
cat ${OPENVPN_CLIENT_EASYRSA_DIR}/pki/private/${OPENVPN_USER}.key >> ${OPENVPN_USER}.ovpn
echo '</key>' >> ${OPENVPN_USER}.ovpn

sz $SHELL_PWD/${OPENVPN_USER}.ovpn    //在脚本结束时顺便进行下载

最终

# chmod +x openvpn.sh
# ./openvpn.sh dalasi
# cat dalasi.ovpn

client
dev tun
proto udp
remote 192.168.7.198 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-128-CBC

<ca>
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUQqabQSsi0eEFcduxJKdD7tMEU8kwDQYJKoZIhvcNAQEL
BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMjA0MDI0MTI1WhcNMzEx
MjAyMDI0MTI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAK3BzhzLGpvvkzDAWg9dDrJ8qvO1ujWWgFI9Y3yX
Ef1Pn67NR1DKo6pGsY/9I0jx1SBICNF3kNWOT+rI6fLUuo8kDQpPpuW+pIcxQ9pN
mRydr5rtjf4ufNeaW4yR34v/+/IFHFWHxZ7qZAEsDtDF3CH27j3mOM7QaDJstVxJ
0HKR9AV/4eqZXx2J8oUIVHn0ATxouQmnMoQzjifctNC6HSaYf8Bbguq5nHmeehp0
3uv4u7+F0nHLX8s1WyJhlf/7wCMR54QM9dNXbdc6pBBWlSRccQiy/L/1zp3AfNO4
zHMBaDm5R0KX2wOZ29oWzzicJrqkFeBwyQ5bcNw7W19zTqsCAwEAAaOBkDCBjTAd
BgNVHQ4EFgQU3aw0NsR/rEewx0rI3z3eXTZ3spgwUQYDVR0jBEowSIAU3aw0NsR/
rEewx0rI3z3eXTZ3spihGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRCpptB
KyLR4QVx27Ekp0Pu0wRTyTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
hkiG9w0BAQsFAAOCAQEAYZqWSxn2fYoinQ1rjy0amIOma5KmKflic35XCxkqZfXH
W78At2t1KwUPloWcokC7FzLUHpUIJRRXmywcTx2grbgOQjpgp+yioKlS5Jm//OP2
pr+OqoH5P/tZ8GyrvJwVP77gGrN5z4aonI/uDuTlRKP5aE64jsTCwTZ+FJy6qMhY
57oHDh1guxCaik0GS9QlUoJ/YvLlnYNBlxCR1DtKuDsrTag4nVtT0tEYeG3R9B4y
hEeWLDbtASEJfYeegtn0R//BOrPhT2FGHsnLL5sJCOknjXwbR78GXrQMTZ1pRoE0
7qfrnmW9eatwPW8c/ztdO3cwxvw82+frFcPYrOvD9A==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDVTCCAj2gAwIBAgIRAM9+TX41jk2/fXgjWIdwJGYwDQYJKoZIhvcNAQELBQAw
FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMjA0MDYyMDU5WhcNNDQwNzA2
MDYyMDU5WjARMQ8wDQYDVQQDDAZkYWxhc2kwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD4FkQ6FvjSRzB2bkKJLfZNtFAXglHA5ZCxONW+jmTdshmEf+WM
nEfXdOyciMdPSJwTuT7H2RAiUec8Nmsl4VwM5faTRKCEoNHspqGPyAgtdTwz91pp
sw+5z3hW3d1JdmNP+DZkpBC0xJcVrxzlZNWtPUi+7kWMqink46DwjK9vnHw4sovk
NWtHjAchJ78JLw3qsUrWC+L8BZhGw9dq6OD7xNrtycLidzPK9AYHJjLuJy1lFtGA
hoVvK5XsCcB2CRWWKQd/ZrGNaDqwRSc9nyr/YMp+BapnSwxdelKZs2wNFH2LXrmq
BHv1LU0GSGx246eOvGI1EpZyS+66LfzMIIAlAgMBAAGjgaIwgZ8wCQYDVR0TBAIw
ADAdBgNVHQ4EFgQU4wst9O0JPhPCv1uxTfSab66oAHEwUQYDVR0jBEowSIAU3aw0
NsR/rEewx0rI3z3eXTZ3spihGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRC
pptBKyLR4QVx27Ekp0Pu0wRTyTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwDQYJKoZIhvcNAQELBQADggEBAJ2hxuOleZju+pbDBlL5f+Cghiu+ejAh
sc3R8MG4pOFtni2oAy2sf12yoY8hiLCB4yjB2RLjh/snP8Kj3WRbNn0GLv/IwwOC
bqs7d8rs/+eJlm3mr/4o1tPkoe6thovRF2Rzn9g73th4MaD9wy26h3KwOzvxefmm
RoDS/+/FgOvIXyBOWq23Jyg5LDMUw+FcrD2h2Beoyl1slABTPqeNB6YVLmXWIshN
8Q8dtATrq56owV+LhlpehJC9e9sh0kg7DBY3df5MdyxcNbNQRUO0Q4Om2zMsRIyf
eX3HqoIh7odzBkKYw8ooFBQMtDP4SigUcQc6nHzkecllOgJBHAZiZxE=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD4FkQ6FvjSRzB2
bkKJLfZNtFAXglHA5ZCxONW+jmTdshmEf+WMnEfXdOyciMdPSJwTuT7H2RAiUec8
Nmsl4VwM5faTRKCEoNHspqGPyAgtdTwz91ppsw+5z3hW3d1JdmNP+DZkpBC0xJcV
rxzlZNWtPUi+7kWMqink46DwjK9vnHw4sovkNWtHjAchJ78JLw3qsUrWC+L8BZhG
w9dq6OD7xNrtycLidzPK9AYHJjLuJy1lFtGAhoVvK5XsCcB2CRWWKQd/ZrGNaDqw
RSc9nyr/YMp+BapnSwxdelKZs2wNFH2LXrmqBHv1LU0GSGx246eOvGI1EpZyS+66
LfzMIIAlAgMBAAECggEAV3GhwsfuFFA7aMMceLXWpzTzNhYdMty3z3+092HBc9Me
43EhPBqpx+vSqqobdnqlaN5WnqKH6VDtLHAR/Fwe0f0MmIQMADOfSsbBE6jyGPPF
sJtzJuaSmG/kftnc8dPk1X8rzPV3XgAdMOt0R/buyg1b4tChex9PfPou9Brii3fv
OL5rMFP/cPgkSwvRjVFH8oCImC7mK7KJsC1qmVF6mO+4eJ9AW+qezHYsQXEFbCnf
Kpr9tXSuz0dv0n3MHWQBtTLvuutFWkTCH8x7yGxe4E0ekLlhtfRWFQJOrfPxuVS2
rHIL7zRSKVEiKo5veNd/6gWlFnqWewMA63zOExx70QKBgQD8BHcW8ShblRLumijU
ewvhVTxTuDOU42mPCiZhP3xxPaluogCyFXOiV992BJQlmd0OgaZQ9LooQWrGubQN
mAzknNAX77L/Zj4EElNTiFfVjGtJoybV9ZBKRiVmaP/VtCZiPOVpec4RtcqPHZsi
ljIi6UQ5v6VZQxN9VEHPH1mm3wKBgQD8AeaRSh9IeM484tgfKUHsqe57KiyMZNj5
HYGMQm3x0kujK+p6lD1jLiNQ7yPoNnbEc7Tanh++b9384OJqFoDVa9eSzfNwIUpC
RPKKd3AfzbNVK6NyQ0tb5dsy2Qiz2zr5HbQ45thgyZEo94U8rPkOiXsBRT6jemLS
ftD8x+wNewKBgQDVyUfpK1yMDDMKO7ZFQbh7R54sewcu15fVYsvaFUwQmDliA4XJ
jE8Sua5z5EB0gUi4JJ2c8W319kCJIkGugnz1dl1E4O8cn3QeahlLtE6mdj8RMZkh
SfZEO6tAa/QTKoahMX1/c3evKGMT8w6GUZloai+ZOY0f4rnmyJInDTY1SwKBgQDi
AnJeazOTM4UDZg6eI8pUDjMrkq9RWkCdarD8sbcY4ZmkRYaNWNWVVZOmylJRuEbb
+UmBp76gdIOKf8WPj48L2SQFLV/eeHy44k0Dkgqk+z6SbAiyOVgkmwjzmWIMq9lA
AjvXrHDynNPrAdIkkJztRK9kfE2pH+HxFnsnucUicQKBgAwxO79jh8lhHX2Mk5nn
gEHJZ/fXhLbv2cmVknYKjlcd2e6eF7lhDXBf4nm0Zfhs4+8kPXGD7F3aUGBmgw1i
M06NmywbOV/UsHHazhEVgiptCZiDEYoqPQ59yPZmvKL83KZc2mn0FawDvA8GPAb0
posCt5/VkVgWHRRBdH6oMJVt
-----END PRIVATE KEY-----
</key>

© 版权声明
THE END
喜欢就支持一下吧
点赞11 分享
评论 抢沙发

请登录后发表评论