Add password option for clients

[angristan]

This PR adds the option to add a password to the client file. It will be asked when connecting to the OpenVPN server. Basically, this encrypts the client's private key with a password.

Using a password for your private key is more secure, as not having one mean anyone with your .ovpn file can connect to your server and/or decrypt your traffic if they manage to make a MitM.

The user will be given the option when installing the server for the first time (and thus creating the first user) and when adding new users.

[angristan]

Fixes #9 and #159

[angristan]

So this is working fine, but atm the password is asked when ./easyrsa is called. I would like to ask the user for its password first, store it in a variable to use it with easyrsa laster.

[angristan]

I was thinking about add ./easyrsa build-client-full $CLIENT <<< $password but easy-rsa generates the key before asking for the password so it's not possible...

[jellemdekker]

General solution 1: pipes in this Stackoverflow answer might offer some guidance.

[PakTam]

it is possible to create Multiple client using single KEY?
as this website https://sshdropbear.net/

so then the client can be add using WEBMIN or OCS PANEL

[angristan]

It's exactly the same except it is more clear to ask for a client password and put it in a variable than having a random prompt in the middle of easy-rsa stuff waiting for something.

[heikoh81]

I just installed your script for the first time, thanks!
For use on my mobile phones I'd also prefer to have a scripted Option to ask for a Password.
I figured out how to Change the .sh-file as suggested by craig_mld in #9
You could say "leave empty if no Password is wanted", but then, it would be easy to add one if needed.

[fritzmg]

👍 for this :). Is there any reasony why this isn't merged yet to master?

[angristan]

It currently asks the password here:

Does it look acceptable to you?

[fritzmg]

Oh I see. Well for me it's good enough, but I understand that it would be more user friendly if it was asked in the beginning.

[heikoh81]

When I first used your script about 1-2 month ago, I had to modify the script file as suggested in #9 (remove NOPASS in the code):
#9
So I now have 2 scripts that I uses: 1 for creating users without password (Raspis) and 1 for users with Passwords (mobile use).

This is very complicated, and thus I suggested you integrate it in your script.
I think the script should state if you leave password empty, the user is created without password.
I don't see this in the screenshots attached. It just seems to offer the possibility to enter a password - but what happens if none is entered?

[fritzmg]

I don't see this in the screenshots attached. It just seems to offer the possibility to enter a password - but what happens if none is entered?

You can choose whether you want to use a password or not.

[heikoh81]

Where is that option? Can't see it in the screenshot?
If I just leave the password blank than there is no password?
(Don't have a Test-system running to test the new version...)

[heikoh81]

Perfect. So that feature I implemented now and no need any more to edit the code yourself?

[heikoh81]

So let's hope it is merged.
I'm just an advanced enduser, no developer on Github...

[newsera]

Can we have this feature implemented for 2.4-update as well?