0

I am trying to run that script here:

#!/bin/bash

set -o errexit # be strong with errors
set -o nounset # be strong with unset vars

PROG="${0##/}" # Scriptname
USAGE="usage: $PROG clientname"
EASYRSA="EasyRSA-<VERSION>"
CA_SERVER="user@my-CA-server"
VPN_SERVER="<IP-Address of the openvpn server>"
VPN_SERVER_PORT="1194"
ZIP=/usr/bin/zip
if! -x $ZIP; then
echo "${PROG}: $ZIP not found, install it first" >&2
exit 1
fi

if (( $# != 1 )) ; then
echo $USAGE
exit 1
fi

if! -d $EASYRSA; then
echo "$EASYRSA missing or wrong version" >&2
exit 1
fi

CLIENT=$1
CLIENTCONFIG=$HOME/${CLIENT}-vpnconfig # define directory for config
echo "-----------------------------------------------------------------------------------------"
echo "
This script generates the keys/certs and a config file for your connetion to the openVPN
server.

EasyRSA is: $EASYRSA
CA-Server (PKI) is: $CA_SERVER
openVPN server is: $VPN_SERVER

Build a config for: $CLIENT
Config built in: $CLIENTCONFIG

NOTE: you need a working ssh-connection between your $VPN_SERVER and the $CA_SERVER!

If that's not what you want, hit ^C. Hit <ENTER> if that's OK
"
read OK

 -d ${CLIENTCONFIG}|| mkdir -pm 700 ${CLIENTCONFIG}

echo "generate the request"
cd ~/$EASYRSA
./easyrsa gen-req $CLIENT nopass
cp pki/private/${CLIENT}.key ${CLIENTCONFIG}

echo "secure copy the req to the CA-server"
scp pki/reqs/${CLIENT}.req $CA_SERVER:/tmp && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac

echo "Login to your CA-server and import/sign the request"

ssh -T $CA_SERVER "cd $EASYRSA;./easyrsa import-req /tmp/${CLIENT}.req $CLIENT;./easyrsa sign-req client $CLIENT" && stat=$? || stat=$?
case $stat in
0) ;; # all fine
*) echo "$PROG: scp to $CA_SERVER failed" >&2
exit 1
;;
esac

echo "Copy the ${CLIENT}.crt from your CA-Server to your local ${CLIENTCONFIG} directory."
scp ${CA_SERVER}:${EASYRSA}/pki/issued/${CLIENT}.crt ${CLIENTCONFIG}

cp ta.key ${CLIENTCONFIG}

echo "Copy the ca.crt (CA certificate) into your ${CLIENTCONFIG} directory"
scp root@${CA_SERVER}:/etc/openvpn/ca.crt ${CLIENTCONFIG}

cd $CLIENTCONFIG
echo -n "Create the ${CLIENT}.ovpn file now"
cat > ${CLIENTCONFIG}/${CLIENT}.ovpn << EdF
client
dev tun
persist-key
persist-tun
proto udp
nobind
remote-cert-tls server
auth SHA512
verb 3
remote ${VPN_SERVER} ${VPN_SERVER_PORT}

# To successfully import this profile, you
# want the client device's CA certificate copy,
# client certificate and key, and HMAC signature
# all in the same location as this .ovpn file.
ca ca.crt
cert ${CLIENT}.crt
key ${CLIENT}.key
tls-crypt ta.key
EdF

echo " done"

if-f ca.crt&&-f ${CLIENT}.crt&&
 -f ${CLIENT}.key&&-f ta.key&&-f ${CLIENT}.ovpn; then

echo -n "Your kit seems complete. Will create ${CLIENT}.zip"
zip -r ${CLIENT}-openvpn.zip ${CLIENT}.ovpn ${CLIENT}.crt ${CLIENT}.key ca.crt ta.key
echo " done"

else
echo "you miss some files" >&2
exit 1
fi


exit 0

to generate my client certificates. It gives me a syntax error at line 13. So I changed that line to:

if (( ! -x $ZIP ))  ; then

Now I get an error: x unbound variable. How do I have to write that line correctly?

Many thanks in advance,

Uli

ilkkachu
  • 133,243
  • 15
  • 236
  • 397
uek1967
  • 1
  • 2
    You are consistently avoiding the use of `[ ... ]` in tests that need them (e.g. `if [ ! -d "$EASYRSA" ]; then ...; fi`), and you seem to avoid quoting variable expansions. Whitespaces are generally also needed in places where you don't provide them, like after the `if` keyword and around `&&` etc. Please check the basic syntax of your script using https://www.shellcheck.net – Kusalananda Aug 08 '22 at 18:23
  • Change the line to something like: `if [ -z ${ZIP+x} ] .....` – Romeo Ninov Aug 08 '22 at 18:40
  • 1
    @RomeoNinov Note that this is only the _first of several_ syntax errors in the script. – Kusalananda Aug 08 '22 at 18:43
  • @Kusalananda, you are quite right, I give up :) – Romeo Ninov Aug 08 '22 at 18:45
  • 1
    hmmh, there's `if!`, `if-f` and `read-d`, at least. Is this copypasted from some document that effs up the whitespace? Regardless, double-check the whitespace, everywhere. The shell is somewhat picky with them. Partly because stuff like `[` and `]` are just a command name and an argument, which one doesn't expect coming from other environments. I'm not sure what the idea behind `(( ! -x $ZIP ))` is, though. See at least [What is the difference between the Bash operators [[ vs [ vs ( vs ((?](https://unix.stackexchange.com/q/306111/170373) – ilkkachu Aug 08 '22 at 18:51
  • also, pretty please, have a look at the [editing help](https://unix.stackexchange.com/editing-help), esp. the first section on code formatting (check also the text hidden behind the small "show more" link) – ilkkachu Aug 08 '22 at 18:53
  • also see [Tests and Conditionals / Conditional Blocks (if, test and [[)](http://mywiki.wooledge.org/BashGuide/TestsAndConditionals#Conditional_Blocks_.28if.2C_test_and_.5B.5B.29) in BashGuide – ilkkachu Aug 08 '22 at 18:54
  • 1
    Always paste your script into `https://shellcheck.net`, a syntax checker, or install `shellcheck` locally. Make using `shellcheck` part of your development process. – waltinator Aug 08 '22 at 23:38

0 Answers0