Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 6d5af9f606
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 81 lines (72 sloc) 2.157 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
# Rakefile for generating server and client OpenVPN certificates.
#
# Copyright:: 2009, Opscode, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

if ! defined?(ENV['EASY_RSA'])
  puts "Source the vars file first and try again."
  exit 1
end

desc "Create a tar file for the specified user in /tmp."
task :client do
  Dir.chdir(ENV['PWD'])
  if (ENV['KEY_DIR'] == nil)
    raise "Source 'vars' file and try again."
    exit 1
  else
    keydir = ENV['KEY_DIR']
  end

  if (ENV['name'] == nil)
    raise "Specify username with 'name=\"username\"'"
    exit 1
  else
    usercn = ENV['name'].gsub(/@/, '_')
  end
  
  if (ENV['gateway'] == nil)
    raise "Specify the vpn gateway with 'gateway=\"gateway\"'"
    exit 1
  else
    gateway = ENV['gateway']
  end

    conf = <<EOF
client
dev tun
proto udp
remote <%= node["openvpn"]["gateway"] %> <%= node["openvpn"]["port"] %>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert #{usercn}.crt
key #{usercn}.key
comp-lzo
verb 3
EOF

  puts "* Generate certificate for #{usercn}."
  sh %{./pkitool '#{usercn}'}

  puts "* Generate configuration files for #{usercn}"
  ["ovpn", "conf"].each do |config|
    File.open("#{keydir}/#{usercn}.#{config}", "w") do |file|
      file.puts conf
    end
  end

  puts "* Create .tar.gz archive for #{usercn}."
  sh %{(cd #{keydir} && tar zcf #{usercn}.tar.gz ca.crt #{usercn}.crt #{usercn}.key #{usercn}.conf #{usercn}.ovpn)}
  sh %{chmod 0600 #{keydir}/#{usercn}.tar.gz}
  tar_path = "/tmp"
  sh %{cp #{keydir}/#{usercn}.tar.gz #{tar_path}/}
  sh %{rm #{keydir}/#{usercn}.*}
  puts "* Done, #{usercn} keys are in #{tar_path}/#{usercn}.tar.gz"
end
Something went wrong with that request. Please try again.