#!/bin/bash
# Generate configurations files for OpenVPN clients.
TMP_OPENVPN=/tmp/openvpn

source /etc/openvpn/easy-rsa/vars
for OPENVPN_CLIENT in $OPENVPN_CLIENTS; do
  /bin/mkdir $TMP_OPENVPN
  /bin/mkdir $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN-keys

  /bin/cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN.conf
  /bin/sed -i  \
      -e "s/^remote[\t ]*my-server-1[\t ].*/remote $OPENVPN_SERVER 1194/" \
      -e "s/^ca ca\.crt/ca \/etc\/openvpn\/$OPENVPN_LOCALDOMAIN-keys\/ca\.crt/" \
      -e "s/^cert client\.crt/cert \/etc\/openvpn\/$OPENVPN_LOCALDOMAIN-keys\/$OPENVPN_CLIENT\.crt/" \
      -e "s/^key client\.key/key \/etc\/openvpn\/$OPENVPN_LOCALDOMAIN-keys\/$OPENVPN_CLIENT\.key/" \
      -e "s/;\(ns-cert-type[\t ]*server.*\)/\1/" \
      -e "s/;tls-auth[\t ]*ta.key[\t ]*1.*/tls-auth \/etc\/openvpn\/$OPENVPN_LOCALDOMAIN-keys\/ta.key 1/" \
      $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN.conf

  # We setup the client so that it run with reduced permissions.
  sed -i \
      -e 's/^;\(user[ \t]*.*\)/\1/' \
      -e 's/^;\(group[ \t]*.*\)/\1/' \
      $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN.conf


  # We get the cipher used by server
  /bin/egrep "^cipher " /etc/openvpn/server.conf \
        >> $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN.conf

  /bin/cp /etc/openvpn/keys/ca.crt $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN-keys/ca.crt
  /bin/cp /etc/openvpn/keys/$OPENVPN_CLIENT.crt $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN-keys/$OPENVPN_CLIENT.crt
  /bin/cp /etc/openvpn/keys/$OPENVPN_CLIENT.key $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN-keys/$OPENVPN_CLIENT.key
  /bin/cp /etc/openvpn/keys/ta.key $TMP_OPENVPN/$OPENVPN_LOCALDOMAIN-keys/ta.key

  /bin/tar --directory /tmp -czf /etc/openvpn/$OPENVPN_CLIENT.tar.gz openvpn/

  /bin/rm -r $TMP_OPENVPN
done