#!/bin/bash

#site="acme"
#server="vpn.acme.tld"
ersa="/config/easy-rsa2"
buildkey="$ersa/build-key"

if [ ! -x /usr/bin/zip ];then
echo -e "\n zip not found.. To install zip add the following to /etc/apt/sources.list \n
deb http://archive.debian.org/debian squeeze main
deb http://archive.debian.org/debian squeeze-lts main \n
also add \"Acquire::Check-Valid-Until false;\" to /etc/apt/apt.conf \n
sudo apt-get update && apt-get install zip unzip \n
if on vyatta, uncomment the lines in sources.list when done \n"
exit
fi

if [ -z $1 ]; then
echo -e "Usage: $0 [username] [servername]"
echo -e "  or: $0 [username] [servername] pass \n"
echo -e "If you want the user to be prompted with a passphrase add \"pass\" to the end of the command."
echo -e "This will invoke \"build-key-pass\""
echo -e "[servername] needs to resolve to the openvpn server."
echo -e "   Example: $0 jason vpn.jasonschaefer.com pass\n"

exit
fi

if [ "$3" = "pass" ]; then
buildkey="$ersa/build-key-pass"
fi

echo -e "\ncreate openvpn client files and config for $1 \npress enter to continue"
read

if [ -z $KEY_COUNTRY ]
then
source $ersa/vars
fi

echo "creating key for $1"
$buildkey $1

echo "creating $1 user configs"
/bin/mkdir $ersa/keys/$1
/bin/cp $ersa/keys/$1.key $ersa/keys/$1
/bin/cp $ersa/keys/$1.crt $ersa/keys/$1
/bin/cp $ersa/keys/ca.crt $ersa/keys/$1

echo "client
proto udp
mute 5
remote-cert-tls server
resolv-retry infinite
persist-tun
persist-key
dev tun
cert $1.crt
key $1.key
ca ca.crt
remote $2 1194" > $ersa/keys/$1/$2.ovpn
/usr/bin/unix2dos $ersa/keys/$1/*

cd $ersa/keys/ && /usr/bin/zip -r $1_ovpn.zip $1/
echo -e "\n done"
echo -e "use scp from another computer to grab all the zips. \"scp user@host:$ersa/keys/*.zip .\"\n
or send to another computer scp $ersa/keys/*.zip user@host:openvpn-keys/"