0

I am trying to run that script here:

#!/bin/bash

set -o errexit # be strong with errors
set -o nounset # be strong with unset vars


PROG="${0##/}" # Scriptname
USAGE="usage: $PROG clientname"
EASYRSA="EasyRSA-<VERSION>"
CA_SERVER="user@my-CA-server"
VPN_SERVER="<IP-Address of the openvpn server>"
VPN_SERVER_PORT="1194"
ZIP=/usr/bin/zip
if! -x $ZIP; then
echo "${PROG}: $ZIP not found, install it first" >&2
exit 1
fi


if (( $# != 1 )) ; then
echo $USAGE
exit 1
fi


if! -d $EASYRSA; then
echo "$EASYRSA missing or wrong version" >&2
exit 1
fi


CLIENT=$1
CLIENTCONFIG=$HOME/${CLIENT}-vpnconfig # define directory for config
echo "-----------------------------------------------------------------------------------------"
echo "
This script generates the keys/certs and a config file for your connetion to the openVPN
server.


EasyRSA is: $EASYRSA
CA-Server (PKI) is: $CA_SERVER
openVPN server is: $VPN_SERVER


Build a config for: $CLIENT
Config built in: $CLIENTCONFIG


NOTE: you need a working ssh-connection between your $VPN_SERVER and the $CA_SERVER!


If that's not what you want, hit ^C. Hit <ENTER> if that's OK
"
read OK


-d ${CLIENTCONFIG}|| mkdir -pm 700 ${CLIENTCONFIG}


echo "generate the request"
cd ~/$EASYRSA
./easyrsa gen-req $CLIENT nopass
cp pki/private/${CLIENT}.key ${CLIENTCONFIG}


echo "secure copy the req to the CA-server"
scp pki/reqs/${CLIENT}.req $CA_SERVER:/tmp && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac


echo "Login to your CA-server and import/sign the request"


ssh -T $CA_SERVER "cd $EASYRSA;./easyrsa import-req /tmp/${CLIENT}.req $CLIENT;./easyrsa sign-req client $CLIENT" && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac


echo "Copy the ${CLIENT}.crt from your CA-Server to your local ${CLIENTCONFIG} directory."
scp ${CA_SERVER}:${EASYRSA}/pki/issued/${CLIENT}.crt ${CLIENTCONFIG}


cp ta.key ${CLIENTCONFIG}


echo "Copy the ca.crt (CA certificate) into your ${CLIENTCONFIG} directory"
scp root@${CA_SERVER}:/etc/openvpn/ca.crt ${CLIENTCONFIG}


cd $CLIENTCONFIG
echo -n "Create the ${CLIENT}.ovpn file now"
cat > ${CLIENTCONFIG}/${CLIENT}.ovpn << EdF
client
dev tun
persist-key
persist-tun
proto udp
nobind
remote-cert-tls server
auth SHA512
verb 3
remote ${VPN_SERVER} ${VPN_SERVER_PORT}


To successfully import this profile, you


want the client device's CA certificate copy,


client certificate and key, and HMAC signature


all in the same location as this .ovpn file.


ca ca.crt
cert ${CLIENT}.crt
key ${CLIENT}.key
tls-crypt ta.key
EdF


echo " done"


if-f ca.crt&&-f ${CLIENT}.crt&&
 -f ${CLIENT}.key&&-f ta.key&&-f ${CLIENT}.ovpn; then


echo -n "Your kit seems complete. Will create ${CLIENT}.zip"
zip -r ${CLIENT}-openvpn.zip ${CLIENT}.ovpn ${CLIENT}.crt ${CLIENT}.key ca.crt ta.key
echo " done"


else
echo "you miss some files" >&2
exit 1
fi


exit 0

to generate my client certificates. It gives me a syntax error at line 13. So I changed that line to:

if (( ! -x $ZIP ))  ; then

Now I get an error: x unbound variable. How do I have to write that line correctly?

Many thanks in advance,

Uli

ilkkachu
  • 138,973
uek1967
  • 1
  • 2
    You are consistently avoiding the use of [ ... ] in tests that need them (e.g. if [ ! -d "$EASYRSA" ]; then ...; fi), and you seem to avoid quoting variable expansions. Whitespaces are generally also needed in places where you don't provide them, like after the if keyword and around && etc. Please check the basic syntax of your script using https://www.shellcheck.net – Kusalananda Aug 08 '22 at 18:23
  • Change the line to something like: if [ -z ${ZIP+x} ] ..... – Romeo Ninov Aug 08 '22 at 18:40
  • 1
    @RomeoNinov Note that this is only the first of several syntax errors in the script. – Kusalananda Aug 08 '22 at 18:43
  • @Kusalananda, you are quite right, I give up :) – Romeo Ninov Aug 08 '22 at 18:45
  • 1
    hmmh, there's if!, if-f and read<newline><spaces>-d, at least. Is this copypasted from some document that effs up the whitespace? Regardless, double-check the whitespace, everywhere. The shell is somewhat picky with them. Partly because stuff like [ and ] are just a command name and an argument, which one doesn't expect coming from other environments. I'm not sure what the idea behind (( ! -x $ZIP )) is, though. See at least [What is the difference between the Bash operators [[ vs vs ( vs ((? – ilkkachu Aug 08 '22 at 18:51
  • also, pretty please, have a look at the editing help, esp. the first section on code formatting (check also the text hidden behind the small "show more" link) – ilkkachu Aug 08 '22 at 18:53
  • also see [Tests and Conditionals / Conditional Blocks (if, test and [) in BashGuide – ilkkachu Aug 08 '22 at 18:54
  • 1
    Always paste your script into https://shellcheck.net, a syntax checker, or install shellcheck locally. Make using shellcheck part of your development process. – waltinator Aug 08 '22 at 23:38

0 Answers0