Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @REM #######################################
- @REM ############ CONFGURATION #############
- @REM #######################################
- @
- @rem enable custom OpenVPN path usage ["default" | "custom"]
- @set rfid.ovpn.use_path=custom
- @
- @rem path to your openvpn non standard directory (ATTENTION! no trailing slashes might be placed)
- @set rfid.ovpn.path.custom=C:\Documents and Settings\dafanasiev\Рабочий стол\bin\OpenVPN
- @set rfid.ovpn.path.1=C:\Documents and Settings\dafanasiev\Рабочий стол\bin\OpenVPN
- @
- @rem does script should check required files presence & versions
- @set rfid.ovpn.check_bins=yes
- @
- @rem create list of certificates [boolean option]
- @set rfid.ovpn.crt.multigen=yes
- @set rfid.ovpn.crt.mgen_start=0
- @set rfid.ovpn.crt.mgen_stop=30
- @
- @rem automate client number to subject CN option and output files names
- @set rfid.ovpn.crt.mgen_autonum=yes
- @
- @rem enable this option if certificate should be signed, use "1" or "yes" without quotes
- @set rfid.ovpn.crt.use_sign=yes
- @
- @rem --- CERTFICATE subject options ---
- @ set rfid.ovpn.crt.CN.custom=
- @
- @rem trigger, enables using custom certificate subject options
- @ set rfid.ovpn.crt.more_opts=
- @
- @rem RDN customization, e.g. CN -> CommonName for certificates
- @rem RDN synthax: /C=CountryName/ST=Providence/..
- @ set rfid.ovpn.crt.C.custom=
- @ set rfid.ovpn.crt.ST.custom=
- @ set rfid.ovpn.crt.L.custom=
- @ set rfid.ovpn.crt.O.custom=
- @ set rfid.ovpn.crt.OU.custom=
- @ set rfid.ovpn.crt.EML.custom=
- @rem verbosity level
- @ set rfid.ovpn.ui.debug=0
- @REM #######################################
- @REM ############# PREPARING ###############
- @REM #######################################
- @echo off
- echo.
- chcp 1251>nul
- setlocal enabledelayedexpansion
- set rfid.ovpn.cd=%cd%
- rem Ctrl+C fix
- rem if not "%1" == "exec" (
- rem cmd /c "echo y | %0 exec %1"
- rem goto :EOF
- rem )
- rem shift
- rem defaults
- set rfid.ovpn.path.default=%programfiles%\OpenVPN
- set rfid.ovpn.keys.path=keys
- set rfid.ovpn.ccd.path=config\ccd
- rem static openssl options only
- set rfid.ovpn.ossl.lpath=bin\openssl.exe
- set rfid.ovpn.ossl.gendir=easy-rsa
- set rfid.ovpn.ossl.genreq_opts=req -config openssl.cnf -days 3650 -nodes -new -multivalue-rdn
- set rfid.ovpn.ossl.gencrt_opts=ca -days 3650 -config openssl.cnf
- rem OpenVPN CCD configuration
- set rfid.ovpn.ccd.net.default=10.10.1.
- rem cert req opts: -keyout %rfid.ovpn.keys.path%\[client_name].key -out %rfid.ovpn.keys.path%\[client_name].csr -subj "/C=CountryName/ST=Providence/L=CityName/CN=[client_name]"
- rem cert dynamic opts: -out %rfid.ovpn.keys.path%\%1.crt -in %rfid.ovpn.keys.path%\%1.csr
- rem RDN certificate subject defaults
- set rfid.ovpn.crt.CN.default=client
- set rfid.ovpn.crt.C.default=RU
- set rfid.ovpn.crt.ST.default=NW
- set rfid.ovpn.crt.L.default=Saint-Petersburg
- set rfid.ovpn.crt.O.default=Radiofid
- set rfid.ovpn.crt.OU.default=development
- set rfid.ovpn.crt.EML.default=support@radiofid.ru
- REM ############ proc start ###############
- echo iRZ® OpenVPN certificate generation ^& client configuration script
- echo =======================================================================
- echo Author: Afanasiev Danila
- echo iRZ® - is registred trademark of RADIOFID Corp. All rights reserved.
- echo -----------------------------------------------------------------------
- echo.
- rem applying configured paths
- if "%1" == "" (
- if "%rfid.ovpn.use_path%" == "" set rfid.ovpn.use_path=default
- set rfid.ovpn.path=!rfid.ovpn.path.%rfid.ovpn.use_path%!
- ) else (
- set rfid.ovpn.path=!rfid.ovpn.path.%1!
- )
- rem checking selected path to OpenVPN directory
- echo [i] checking %rfid.ovpn.use_path% OpenVPN path
- if not exist "!rfid.ovpn.path!" (
- if "%rfid.ovpn.use_path%" == "custom" (
- if "%rfid.ovpn.path%" == "" (
- set /p rfid.runvar= [?] undefined custom path, use default OpenVPN path instead? [y/n]
- if "!rfid.runvar!" == "y" (
- echo [i] checking default OpenVPN path
- set rfid.ovpn.path=%rfid.ovpn.path.default%
- if exist "!rfid.ovpn.path!" goto cert_prep
- echo [E] directory "!rfid.ovpn.path!" not found
- echo.
- )
- )
- ) else (
- echo [E] directory "%rfid.ovpn.path%" not found
- echo.
- )
- echo [E] unable to continue, install OpenVPN first, or verify option
- echo 'rfid.ovpn.use_path', acceptable values: 'default', 'custom'
- echo [i] if you are selected custom path you also must set option
- echo 'rfid.ovpn.path.custom' with real path to your OpenVPN binaries
- echo.
- goto unload
- ) else (
- if "%rfid.ovpn.check_bins%" == "yes" (
- goto check_bins
- ) else if "%rfid.ovpn.check_bins%" == "1" (
- goto check_bins
- )
- echo [i] binaries check disabled
- goto cert_prep
- )
- REM ####### checking binaries ##########
- :check_bins
- echo [#] checking for neccessary binaries ^& directories..
- echo.
- rem echo rfid.ovpn.path = %rfid.ovpn.path%
- rem echo.
- if exist "%rfid.ovpn.path%\bin\openssl.exe" (
- set rfid.ovpn.ossl.path=%rfid.ovpn.path%\%rfid.ovpn.ossl.lpath%
- rem version info
- rem for /F "delims=" %%i in ('"dir /b"') do echo i - %%i
- rem set v=%%~i
- rem echo v - %v%
- echo * openssl.exe - [OK]
- if exist "%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%" (
- echo * easy-rsa\ - [OK]
- goto cert_prep
- ) else (
- echo * easy-rsa\ - [NOT FOUND]
- )
- ) else (
- echo * openssl.exe - [NOT FOUND]
- )
- echo.
- echo [E] unable to continue, seems your OpenVPN installation is corrupted,
- echo please reinstall OpenVPN first and try again
- goto unload
- REM ### certificate preparing section ###
- :cert_prep
- echo.
- echo ^<^<^< Certificate user information ^>^>^>
- echo ------------------------------------
- rem setting Common Name
- if "%rfid.ovpn.crt.CN.custom%" == "" (
- set rfid.runvar=
- set /p rfid.runvar= [?] Common Name option not set, enter name [%rfid.ovpn.crt.CN.default%]:
- if "!rfid.runvar!" == "" (
- echo [i] using default CN
- set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.default%
- ) else (
- set rfid.ovpn.crt.CN=!rfid.runvar!
- )
- ) else (
- set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.custom%
- )
- rem customize additional certificate options [TODO, currently unsupported]
- if "%rfid.ovpn.crt.more_opts%" == "1" (
- goto more_cert_opts
- ) else if "%rfid.ovpn.crt.more_opts%" == "yes" (
- goto more_cert_opts
- )
- rem apply default RDNs
- echo [i] using default certificate subject RDN
- set rfid.ovpn.crt.C=%rfid.ovpn.crt.C.default%
- set rfid.ovpn.crt.ST=%rfid.ovpn.crt.ST.default%
- set rfid.ovpn.crt.L=%rfid.ovpn.crt.L.default%
- set rfid.ovpn.crt.O=%rfid.ovpn.crt.O.default%
- set rfid.ovpn.crt.OU=%rfid.ovpn.crt.OU.default%
- set rfid.ovpn.crt.EML=%rfid.ovpn.crt.EML.default%
- set rfid.ovpn.crt.rdn=/C=%rfid.ovpn.crt.C%/ST=%rfid.ovpn.crt.ST%/L=%rfid.ovpn.crt.L%/O=%rfid.ovpn.crt.O%/OU=%rfid.ovpn.crt.OU%/CN=%rfid.ovpn.crt.CN%
- if "%rfid.ovpn.ui.debug%" GEQ "1" (
- goto sh_opts
- ) else (
- goto cert_gen
- )
- :more_cert_opts
- set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.custom%
- :sh_opts
- echo.
- echo • CommonName is set to '%rfid.ovpn.crt.CN%'
- echo • Country is set to '%rfid.ovpn.crt.C%'
- echo • Providence is set to '%rfid.ovpn.crt.ST%'
- echo • City is set to '%rfid.ovpn.crt.L%'
- echo • Organization is set to '%rfid.ovpn.crt.O%'
- echo • Organization Unit is set to '%rfid.ovpn.crt.OU%'
- echo • Support E-mail is set to '%rfid.ovpn.crt.EML%'
- goto cert_gen
- REM ######## generation section ############
- :cert_gen
- echo.
- echo ^<^<^< Certificate generation ^>^>^>
- echo ------------------------------
- cd /d %rfid.ovpn.path%
- if "%rfid.ovpn.ui.debug%" GEQ "1" (
- if not errorlevel == 1 (
- echo [D] current directory changed to '%rfid.ovpn.path%'
- ) else (
- echo [E] unable to enter OpenVPN directory, please check if it was
- echo deleted during script execution befor this call
- )
- )
- echo [i] using following RDN map:
- echo.
- echo %rfid.ovpn.crt.rdn%
- echo.
- echo [*] assembling OpenSSL call
- rem updating RDN because CRT.MGEN enabled
- if "%rfid.ovpn.crt.multigen%" == "yes" (
- goto cert_mgen
- ) else if "%rfid.ovpn.crt.multigen%" == "1" (
- goto cert_mgen
- )
- :cert_mgen
- set rfid.ovpn.crt.rdn.orig=%rfid.ovpn.crt.rdn%
- echo [D] entering easy-rsa directory
- cd %rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%
- for /l %%i in (%rfid.ovpn.crt.mgen_start%,1,%rfid.ovpn.crt.mgen_stop%) do (
- if "%rfid.ovpn.ui.debug%" GEQ "2" (
- echo [D] genstart ^(%%i of %rfid.ovpn.crt.mgen_stop% - %rfid.ovpn.crt.mgen_start%^)
- )
- if "%rfid.ovpn.ui.debug%" GEQ "1" (
- echo [*] appending number postfix in RDN CN option
- )
- if "%rfid.ovpn.crt.mgen_autonum%" == "yes" (
- set rfid.ovpn.crt.rdn=%rfid.ovpn.crt.rdn.orig%_%%i
- set rfid.ovpn.crt.updated_CN=%rfid.ovpn.crt.CN%_%%i
- ) else if "%rfid.ovpn.crt.mgen_autonum%" == "1" (
- set rfid.ovpn.crt.rdn=%rfid.ovpn.crt.rdn.orig%_%%i
- set rfid.ovpn.crt.updated_CN=%rfid.ovpn.crt.CN%_%%i
- )
- rem rfid.ovpn.ossl.genreq_opts=req -config openssl.cnf -days 3650 -nodes -new -batch -multivalue-rdn
- rem rfid.ovpn.ossl.gencrt_opts=ca -days 3650 -config openssl.cnf
- set rfid.ovpn.ossl.genreq="%rfid.ovpn.ossl.path%" %rfid.ovpn.ossl.genreq_opts%^
- -keyout %rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.key^
- -out %rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.csr^
- -subj %rfid.ovpn.crt.rdn%
- echo [K] generating key for %rfid.ovpn.crt.CN%_%%i..
- if "%rfid.ovpn.ui.debug%" GEQ "2" (
- set
- echo rfid.ovpn.crt.updated_CN - !rfid.ovpn.crt.updated_CN!
- echo rfid.ovpn.ossl.genreq - !rfid.ovpn.ossl.genreq!
- echo rfid.ovpn.ossl.path - %rfid.ovpn.ossl.path%
- )
- rem GENERATOR
- if "%rfid.ovpn.ui.debug%" GEQ "2" (
- !rfid.ovpn.ossl.genreq! > ossl_%rfid.ovpn.crt.CN%_%%i_keygen.log ^
- ) else (
- !rfid.ovpn.ossl.genreq! >nul 2<&1
- )
- if "%rfid.ovpn.ui.debug%" GEQ "1" echo [i] checking if CSR ^& KEY files exist
- if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.key" (
- echo [E] exiting, keyfile '!rfid.ovpn.crt.updated_CN!.key' not found & goto unload
- )
- if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.csr" (
- echo [E] exiting, request file'!rfid.ovpn.crt.updated_CN!.csr' not found & goto unload
- )
- )
- rem cert req opts: -keyout %rfid.ovpn.keys.path%\[client_name].key -out %rfid.ovpn.keys.path%\[client_name].csr -subj "/C=CountryName/ST=Providence/L=CityName/CN=[client_name]"
- rem cert dynamic opts: -out %rfid.ovpn.keys.path%\%1.crt -in %rfid.ovpn.keys.path%\%1.csr
- goto :unload
- REM ########## unload routine ##############
- :unload
- echo [ ] work complete
- echo.
- endlocal
- color
- title %CD%
- :EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement