ここでスクリプトを実行しようとしています。
#!/bin/bash
set -o errexit # be strong with errors
set -o nounset # be strong with unset vars
PROG="${0##/}" # Scriptname
USAGE="usage: $PROG clientname"
EASYRSA="EasyRSA-<VERSION>"
CA_SERVER="user@my-CA-server"
VPN_SERVER="<IP-Address of the openvpn server>"
VPN_SERVER_PORT="1194"
ZIP=/usr/bin/zip
if! -x $ZIP; then
echo "${PROG}: $ZIP not found, install it first" >&2
exit 1
fi
if (( $# != 1 )) ; then
echo $USAGE
exit 1
fi
if! -d $EASYRSA; then
echo "$EASYRSA missing or wrong version" >&2
exit 1
fi
CLIENT=$1
CLIENTCONFIG=$HOME/${CLIENT}-vpnconfig # define directory for config
echo "-----------------------------------------------------------------------------------------"
echo "
This script generates the keys/certs and a config file for your connetion to the openVPN
server.
EasyRSA is: $EASYRSA
CA-Server (PKI) is: $CA_SERVER
openVPN server is: $VPN_SERVER
Build a config for: $CLIENT
Config built in: $CLIENTCONFIG
NOTE: you need a working ssh-connection between your $VPN_SERVER and the $CA_SERVER!
If that's not what you want, hit ^C. Hit <ENTER> if that's OK
"
read OK
-d ${CLIENTCONFIG}|| mkdir -pm 700 ${CLIENTCONFIG}
echo "generate the request"
cd ~/$EASYRSA
./easyrsa gen-req $CLIENT nopass
cp pki/private/${CLIENT}.key ${CLIENTCONFIG}
echo "secure copy the req to the CA-server"
scp pki/reqs/${CLIENT}.req $CA_SERVER:/tmp && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac
echo "Login to your CA-server and import/sign the request"
ssh -T $CA_SERVER "cd $EASYRSA;./easyrsa import-req /tmp/${CLIENT}.req $CLIENT;./easyrsa sign-req client $CLIENT" && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac
echo "Copy the ${CLIENT}.crt from your CA-Server to your local ${CLIENTCONFIG} directory."
scp ${CA_SERVER}:${EASYRSA}/pki/issued/${CLIENT}.crt ${CLIENTCONFIG}
cp ta.key ${CLIENTCONFIG}
echo "Copy the ca.crt (CA certificate) into your ${CLIENTCONFIG} directory"
scp root@${CA_SERVER}:/etc/openvpn/ca.crt ${CLIENTCONFIG}
cd $CLIENTCONFIG
echo -n "Create the ${CLIENT}.ovpn file now"
cat > ${CLIENTCONFIG}/${CLIENT}.ovpn << EdF
client
dev tun
persist-key
persist-tun
proto udp
nobind
remote-cert-tls server
auth SHA512
verb 3
remote ${VPN_SERVER} ${VPN_SERVER_PORT}
# To successfully import this profile, you
# want the client device's CA certificate copy,
# client certificate and key, and HMAC signature
# all in the same location as this .ovpn file.
ca ca.crt
cert ${CLIENT}.crt
key ${CLIENT}.key
tls-crypt ta.key
EdF
echo " done"
if-f ca.crt&&-f ${CLIENT}.crt&&
-f ${CLIENT}.key&&-f ta.key&&-f ${CLIENT}.ovpn; then
echo -n "Your kit seems complete. Will create ${CLIENT}.zip"
zip -r ${CLIENT}-openvpn.zip ${CLIENT}.ovpn ${CLIENT}.crt ${CLIENT}.key ca.crt ta.key
echo " done"
else
echo "you miss some files" >&2
exit 1
fi
exit 0
私のクライアント証明書を生成します。行13で構文エラーが発生します。だから、行を次のように変更しました。
if (( ! -x $ZIP )) ; then
これでエラーが発生します。 x 変数がバインドされていません。この行をどのように正しく書きますか?
よろしくお願いします。
ガラス