Тема: CMD/BAT: AFTOGEN - OpenVPN CCD-config & certificate generation script
@REM #######################################
@REM ############ CONFGURATION #############
@REM #######################################
@
@rem enable custom OpenVPN path usage ["default" | "custom"]
@set rfid.ovpn.use_path=custom
@
@rem path to your openvpn non standard directory (ATTENTION! no trailing slashes might be placed)
@set rfid.ovpn.path.custom=C:\Documents and Settings\dafanasiev\Рабочий стол\bin\OpenVPN
@set rfid.ovpn.check_bins=yes
@
@rem does script should check required files presence & versions
@set rfid.ovpn.keys.policy=backup
@set rfid.ovpn.backup.path=backup
@set rfid.ovpn.keys.new_ca=yes
@
@rem create list of certificates [boolean option]
@set rfid.ovpn.crt.multigen=yes
@set rfid.ovpn.crt.mgen_start=0
@set rfid.ovpn.crt.mgen_stop=7
@set rfid.ovpn.crt.mgen.make_ccd=yes
@
@rem automate client number to subject CN option and output files names
@set rfid.ovpn.crt.mgen_autonum=yes
@
@rem enable this option if certificate should be signed, use "1" or "yes" without quotes
@set rfid.ovpn.crt.use_sign=yes
@
@rem --- CERTFICATE subject options ---
@ set rfid.ovpn.crt.CN.custom=client
@
@rem trigger, enables using custom certificate subject options
@ set rfid.ovpn.crt.more_opts=no
@
@rem RDN customization, e.g. CN -> CommonName for certificates
@rem RDN synthax: /C=CountryName/ST=Providence/..
@ set rfid.ovpn.crt.C.custom=RU
@ set rfid.ovpn.crt.ST.custom=NW
@ set rfid.ovpn.crt.L.custom=Saint-Petersburg
@ set rfid.ovpn.crt.O.custom=RKT
@ set rfid.ovpn.crt.OU.custom=ITDep
@ set rfid.ovpn.crt.EML.custom=shenin@controlenergo.ru
@rem verbosity level
@ set rfid.ovpn.ui.debug=0
@ set rfid.ovpn.ui.logging=yes
@ set rfid.ovpn.ui.logpath=logs
@ set rfid.ovpn.ui.clear_screen=no
@REM #######################################
@REM ############# PREPARING ###############
@REM #######################################
@echo off
cls
echo.
chcp 1251>nul
setlocal enabledelayedexpansion
set rfid.ovpn.cd=%cd%
rem Ctrl+C fix
rem if not "%1" == "exec" (
rem cmd /c "echo y | %0 exec %1"
rem goto :EOF
rem )
rem shift
if "%rfid.ovpn.ui.logpath%" == "" set "%rfid.ovpn.ui.logpath%"=logs
rem OpenVPN defaults
set rfid.ovpn.path.default=%programfiles%\OpenVPN
set rfid.ovpn.keys.path=keys
rem applying configured paths
if "%1" == "" (
if "%rfid.ovpn.use_path%" == "" set rfid.ovpn.use_path=default
set rfid.ovpn.path=!rfid.ovpn.path.%rfid.ovpn.use_path%!
) else (
set rfid.ovpn.path=!rfid.ovpn.path.%1!
)
rem openssl preparing
set rfid.ovpn.ossl.lpath=bin\openssl.exe
set rfid.ovpn.ossl.path="%rfid.ovpn.path%\%rfid.ovpn.ossl.lpath%"
set rfid.ovpn.ossl.gendir=easy-rsa
set rfid.ovpn.ossl.cfgpath="%rfid.ovpn.path%\easy-rsa\openssl.cnf"
set rfid.ovpn.ossl.genca_opts=req -days 3650 -nodes -new -x509 -config %rfid.ovpn.ossl.cfgpath% -batch
set rfid.ovpn.ossl.genreq_opts=req -config %rfid.ovpn.ossl.cfgpath% -days 3650 -nodes -new -multivalue-rdn -batch
set rfid.ovpn.ossl.gencrt_opts=ca -config %rfid.ovpn.ossl.cfgpath% -days 3650 -batch
rem OpenVPN CCD configuration
set rfid.ovpn.ccd.path=config\ccd
set rfid.ovpn.ccd.net.default=10.10.1.
rem RDN certificate subject defaults
set rfid.ovpn.crt.CN.default=client
set rfid.ovpn.crt.C.default=RU
set rfid.ovpn.crt.ST.default=NW
set rfid.ovpn.crt.L.default=Saint-Petersburg
set rfid.ovpn.crt.O.default=Radiofid
set rfid.ovpn.crt.OU.default=development
set rfid.ovpn.crt.EML.default=support@radiofid.ru
REM ############ proc start ###############
echo iRZ® AFTOGEN
echo =======================================================================
echo OpenVPN certificate generation ^& client configuration script
echo.
echo Author: ********* ******
echo iRZ® - is registered trademark of RADIOFID Corp. All rights reserved.
echo -----------------------------------------------------------------------
echo.
rem checking selected path to OpenVPN directory
echo [#] checking %rfid.ovpn.use_path% OpenVPN path
if not exist "!rfid.ovpn.path!" (
if "%rfid.ovpn.use_path%" == "custom" (
if "%rfid.ovpn.path%" == "" (
set /p rfid.runvar= [?] undefined custom path, use default OpenVPN path instead? [y/n]
if "!rfid.runvar!" == "y" (
echo [i] checking default OpenVPN path
set rfid.ovpn.path=%rfid.ovpn.path.default%
if exist "!rfid.ovpn.path!" goto cert_prep
echo [E] directory "!rfid.ovpn.path!" not found
echo.
)
)
) else (
echo [E] directory "%rfid.ovpn.path%" not found
echo.
)
echo [E] unable to continue, install OpenVPN first, or verify option
echo 'rfid.ovpn.use_path', acceptable values: 'default', 'custom'
echo [i] if you are selected custom path you also must set option
echo 'rfid.ovpn.path.custom' with real path to your OpenVPN binaries
echo.
goto unload
) else (
rem enter main dir
echo [D] entering easy-rsa directory
cd %rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%
rem echo [D] current directory changed to '%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%'
echo [*] applying VARS for further usage
call vars >nul 2<&1
call :backup_prep
rem prepare logging
if "%rfid.ovpn.ui.logging%" == "yes" (
if "%rfid.ovpn.ui.logpath%" == "" (
set rfid.ovpn.ui.logpath=%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%\logs
) else (
set rfid.ovpn.ui.logpath=%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%\%rfid.ovpn.ui.logpath%
)
if not exist "!rfid.ovpn.ui.logpath!" md "!rfid.ovpn.ui.logpath!"
if not exist "!rfid.ovpn.ui.logpath!" (
set rfid.ovpn.ui.logging=ERROR_PATH_NOT_FOUND
echo [E] unable to access logging path, loggind disabled
goto jmp_1
)
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo [i] logging enabled, log to:
echo.
echo !rfid.ovpn.ui.logpath!\
echo.
)
)
:jmp_1
rem switching to check binaries proc if needed
if "%rfid.ovpn.check_bins%" == "yes" goto check_bins
if "%rfid.ovpn.ui.debug%" GEQ "1" echo [i] binaries check disabled
goto check_ca
)
:backup_prep
rem backup option analyze
if "%rfid.ovpn.keys.policy%" == "" (
set rfid.ovpn.keys.policy=backup
echo [i] old openvpn files policy not set, defaulting to 'backup'
goto jmp_2
)
if "%rfid.ovpn.keys.policy%" == "replace" (
echo [i] file replacement enabled
goto jmp_2
)
if "%rfid.ovpn.keys.policy%" == "backup" (
echo [i] backup files creation enabled
goto jmp_2
)
echo [i] unknown client old files policy '%rfid.ovpn.keys.policy%'
echo -i- defaulting to 'backup' policy
set rfid.ovpn.keys.policy=backup
:jmp_2
goto :eof
REM ####### checking binaries ##########
:check_bins
echo [#] checking for neccessary binaries ^& directories..
echo.
rem echo %rfid.ovpn.ossl.path%
rem echo !%rfid.ovpn.ossl.path!
if exist "%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%!" (
if exist %rfid.ovpn.ossl.path% (
echo * openssl.exe - [OK]
if exist %rfid.ovpn.ossl.cfgpath% (
echo * openssl.cnf - [OK]
echo * easy-rsa\ - [OK]
goto check_ca
) else echo * openssl.cnf - [NOT FOUND]
) else echo * openssl.exe - [NOT FOUND]
) else echo * easy-rsa\ - [NOT FOUND]
echo.
echo [E] unable to continue, seems your OpenVPN installation is corrupted,
echo please reinstall OpenVPN first and try again
goto unload
REM ####### checking CA files ##########
:check_ca
rem check VPN-server private key
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo.
echo [#] checking server root CA private key
)
if not exist "%rfid.ovpn.path%\easy-rsa\%rfid.ovpn.keys.path%\ca.key" (
echo.
echo [E] server CA root private key not found!
set /p rfid.runvar= [?] generate server key now? [y/n]
if "!rfid.runvar!" == "y" goto ca_gen
:cagen_callback
if exist "%rfid.ovpn.path%\easy-rsa\%rfid.ovpn.keys.path%\ca.key" goto cert_prep
echo [E] unable to generate clients certificates while CA key is missing
goto :unload
) else if "%rfid.ovpn.keys.new_ca%" == "yes" (
echo.
goto ca_gen
)
goto cert_prep
:ca_gen
echo [*] generating server root CA key
if "%rfid.ovpn.ui.debug%" GEQ "2" (
rem set
rem echo rfid.ovpn.ossl.path = %rfid.ovpn.ossl.path%
rem echo rfid.ovpn.ossl.genca_opts = %rfid.ovpn.ossl.genca_opts%
)
if exist "%rfid.ovpn.keys.path%\ca.key" (
if "%rfid.ovpn.keys.policy%" == "backup" (
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- moving old server root CA key '"%rfid.ovpn.keys.path%\ca.key"'
)
move "%rfid.ovpn.keys.path%\ca.key" "%rfid.ovpn.keys.path%\ca.key.old" >nul 2<&1
) else if "%rfid.ovpn.keys.policy%" == "replace" (
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- removing old server root CA key '"%rfid.ovpn.keys.path%\ca.key"'
)
del /q /f "%rfid.ovpn.keys.path%\ca.key" >nul 2<&1
)
)
if exist "%rfid.ovpn.keys.path%\ca.crt" (
if "%rfid.ovpn.keys.policy%" == "backup" (
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- moving old server root certificate '"%rfid.ovpn.keys.path%\ca.crt"'
)
move "%rfid.ovpn.keys.path%\ca.crt" "%rfid.ovpn.keys.path%\ca.crt.old" >nul 2<&1
) else if "%rfid.ovpn.keys.policy%" == "replace" (
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- removing old server root certificate '"%rfid.ovpn.keys.path%\ca.crt"'
)
del /q /f "%rfid.ovpn.keys.path%\ca.crt" >nul 2<&1
)
)
set rfid.ovpn.ossl.genca=%rfid.ovpn.ossl.path% %rfid.ovpn.ossl.genca_opts% ^
-keyout %rfid.ovpn.keys.path%\ca.key ^
-out %rfid.ovpn.keys.path%\ca.crt
if "%rfid.ovpn.ui.logging%" == "yes" (
echo %date% %time% > !rfid.ovpn.ui.logpath!\ossl_ca_key_crt_gen.log
echo ---------------------- >> !rfid.ovpn.ui.logpath!\ossl_ca_key_crt_gen.log
!rfid.ovpn.ossl.genca! >> !rfid.ovpn.ui.logpath!\ossl_ca_key_crt_gen.log 2<&1
) else if "%rfid.ovpn.ui.debug%" GEQ "2" (
!rfid.ovpn.ossl.genca!
) else !rfid.ovpn.ossl.genca! >nul 2<&1
rem goto :eof
rem move %rfid.ovpn.keys.path%\ca.crt %rfid.ovpn.keys.path%\ca.crt_
if not exist "%rfid.ovpn.keys.path%\ca.key" (
echo [E] new server CA key not found, unable to continue
set errorlevel=1
goto unload
)
goto cagen_callback
REM ### certificate preparing section ###
:cert_prep
if "%rfid.ovpn.ui.clear_screen%" == "yes" cls
title AFTOGEN :: Certificates setup
echo.
echo ^<^<^< Certificate user information ^>^>^>
echo ------------------------------------
rem setting Common Name
if "%rfid.ovpn.crt.CN.custom%" == "" (
set rfid.runvar=
set /p rfid.runvar= [?] Common Name option not set, enter name [%rfid.ovpn.crt.CN.default%]:
if "!rfid.runvar!" == "" (
echo [i] using default CN
set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.default%
) else (
set rfid.ovpn.crt.CN=!rfid.runvar!
)
) else (
set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.custom%
)
rem customize additional certificate options [TODO, currently unsupported]
if "%rfid.ovpn.crt.more_opts%" == "yes" goto more_cert_opts
rem apply default RDNs
echo [i] using default certificate subject RDN
set rfid.ovpn.crt.C=%rfid.ovpn.crt.C.default%
set rfid.ovpn.crt.ST=%rfid.ovpn.crt.ST.default%
set rfid.ovpn.crt.L=%rfid.ovpn.crt.L.default%
set rfid.ovpn.crt.O=%rfid.ovpn.crt.O.default%
set rfid.ovpn.crt.OU=%rfid.ovpn.crt.OU.default%
set rfid.ovpn.crt.EML=%rfid.ovpn.crt.EML.default%
set rfid.ovpn.crt.rdn=/C=%rfid.ovpn.crt.C%/ST=%rfid.ovpn.crt.ST%/L=%rfid.ovpn.crt.L%/O=%rfid.ovpn.crt.O%/OU=%rfid.ovpn.crt.OU%/CN=%rfid.ovpn.crt.CN%
if "%rfid.ovpn.ui.debug%" GEQ "1" (
goto sh_opts
) else (
goto cert_gen
)
:more_cert_opts
echo [i] using custom certificate subject RDN
set rfid.ovpn.crt.C=%rfid.ovpn.crt.C.custom%
set rfid.ovpn.crt.ST=%rfid.ovpn.crt.ST.custom%
set rfid.ovpn.crt.L=%rfid.ovpn.crt.L.custom%
set rfid.ovpn.crt.O=%rfid.ovpn.crt.O.custom%
set rfid.ovpn.crt.OU=%rfid.ovpn.crt.OU.custom%
set rfid.ovpn.crt.EML=%rfid.ovpn.crt.EML.custom%
set rfid.ovpn.crt.rdn=/C=%rfid.ovpn.crt.C%/ST=%rfid.ovpn.crt.ST%/L=%rfid.ovpn.crt.L%/O=%rfid.ovpn.crt.O%/OU=%rfid.ovpn.crt.OU%/CN=%rfid.ovpn.crt.CN%
if "%rfid.ovpn.ui.debug%" GEQ "1" (
goto sh_opts
) else (
goto cert_gen
)
:sh_opts
echo.
echo • CommonName is set to '%rfid.ovpn.crt.CN%'
echo • Country is set to '%rfid.ovpn.crt.C%'
echo • Providence is set to '%rfid.ovpn.crt.ST%'
echo • City is set to '%rfid.ovpn.crt.L%'
echo • Organization is set to '%rfid.ovpn.crt.O%'
echo • Organization Unit is set to '%rfid.ovpn.crt.OU%'
echo • Support E-mail is set to '%rfid.ovpn.crt.EML%'
goto cert_gen
:deb_JMP
echo [i] using following RDN map:
echo.
echo %rfid.ovpn.crt.rdn%/emailAddress=%rfid.ovpn.crt.EML%
echo.
echo [*] assembling OpenSSL call
goto cert_mgen
REM ######## generation section ############
:cert_gen
if "%rfid.ovpn.ui.clear_screen%" == "yes" cls
title AFTOGEN :: Certificate ^& CCD generation
echo.
echo ^<^<^< Certificate generation ^>^>^>
echo ------------------------------
goto deb_JMP
cd /d %rfid.ovpn.path%
if "%rfid.ovpn.ui.debug%" GEQ "1" (
if not errorlevel == 1 (
echo [D] current directory changed to '%rfid.ovpn.path%'
) else (
echo [E] unable to enter OpenVPN directory, please check if it was
echo deleted during script execution befor this call
)
)
:update_idx
rem echo.
rem echo update_idx^(^)^:
rem set rfid.ovpn.indexupdated
rem echo.
if exist "%rfid.ovpn.keys.path%\index.txt" (
if "%rfid.ovpn.keys.policy%" == "replace" (
if not "%rfid.ovpn.indexupdated%" == "1" (
echo -*- flushing Index
rem echo IDXCP
copy "%rfid.ovpn.keys.path%\..\index.txt.start" "%rfid.ovpn.keys.path%\index.txt" >nul 2<&1
copy "%rfid.ovpn.keys.path%\..\serial.start" "%rfid.ovpn.keys.path%\serial" >nul 2<&1
set rfid.ovpn.indexupdated=1
)
echo.
echo %rfid.ovpn.indexupdate%
echo !rfid.ovpn.indexupdate!
echo.
) else if "%rfid.ovpn.keys.policy%" == "backup" (
if not "%rfid.ovpn.indexupdated%" == "1" (
rem echo IDXCP
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -*- moving old Index
)
copy /y "%rfid.ovpn.keys.path%\index.txt" "%rfid.ovpn.keys.path%\index.txt.old" >nul 2<&1
copy /y "%rfid.ovpn.keys.path%\serial" "%rfid.ovpn.keys.path%\serial.old" >nul 2<&1
echo -*- flushing Index
copy /y "%rfid.ovpn.keys.path%\..\index.txt.start" "%rfid.ovpn.keys.path%\index.txt" >nul 2<&1
copy /y "%rfid.ovpn.keys.path%\..\serial.start" "%rfid.ovpn.keys.path%\serial" >nul 2<&1
set rfid.ovpn.indexupdated=1
)
)
)
goto :eof
:cert_mgen
echo.
echo [i] MGEN enabled
set rfid.ovpn.crt.rdn.orig=%rfid.ovpn.crt.rdn%
set rfid.ovpn.crt.CN.orig=%rfid.ovpn.crt.CN%
if "%rfid.ovpn.crt.mgen.make_ccd%" == "yes" (
echo [i] CCD generator enabled [CCD -^> %rfid.ovpn.ccd.path%, NET -^> %rfid.ovpn.ccd.net.default%0]
set rfid.ovpn.ccd.path=%rfid.ovpn.path%\%rfid.ovpn.ccd.path%
)
for /l %%i in (%rfid.ovpn.crt.mgen_start%,1,%rfid.ovpn.crt.mgen_stop%) do (
if "%rfid.ovpn.ui.debug%" GEQ "2" (
echo [D] genstart ^(%%i of %rfid.ovpn.crt.mgen_stop% - %rfid.ovpn.crt.mgen_start%^)
)
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -*- appending number postfix in RDN CN option
)
set rfid.ovpn.crt.rdn=%rfid.ovpn.crt.rdn.orig%_%%i\/%rfid.ovpn.crt.EML%
set rfid.ovpn.mgen.filename=%rfid.ovpn.crt.CN.orig%_%%i
set rfid.ovpn.ossl.genreq=%rfid.ovpn.ossl.path% %rfid.ovpn.ossl.genreq_opts% ^
-keyout %rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key ^
-out %rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr ^
-subj !rfid.ovpn.crt.rdn!
set rfid.ovpn.ossl.gencrt=%rfid.ovpn.ossl.path% %rfid.ovpn.ossl.gencrt_opts% ^
-out %rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt ^
-in %rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr
rem updating logpath for current environ
set rfid.ovpn.ui.logpath=%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%\%rfid.ovpn.ui.logpath%
rem calculating CCD file path & contents
if "%rfid.ovpn.crt.mgen.make_ccd%" == "yes" (
if not exist "%rfid.ovpn.ccd.path%" (
md "%rfid.ovpn.ccd.path%"
if not exist "%rfid.ovpn.ccd.path%" (
set rfid.ovpn.crt.mgen.make_ccd=no
echo [E] unable to create CCD, CCD generator disabled
) else (
if "rfid.ovpn.ui.debug" GEQ "1" (
echo -D- CCD created
)
)
)
if "%rfid.ovpn.crt.mgen_start%" == "0" (
set rfid.runvar.loctapp=2
) else if "%rfid.ovpn.crt.mgen_start%" == "1" (
set rfid.runvar.loctapp=1
) else set rfid.runvar.loctapp=0
set /a rfid.runvar.lastoctet="%%i+rfid.runvar.loctapp"
set rfid.runvar.caddr=%rfid.ovpn.ccd.net.default%!rfid.runvar.lastoctet!
)
REM GENERATOR
if exist "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key" (
if "%rfid.ovpn.keys.policy%" == "replace" (
call :update_idx
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- replacing '!rfid.ovpn.mgen.filename!.key' with new one
)
del /q /f "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key" >nul 2<&1
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- replacing '!rfid.ovpn.mgen.filename!.csr' with new one
)
del /q /f "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr" >nul 2<&1
) else if "%rfid.ovpn.keys.policy%" == "backup" (
call :update_idx
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- moving old '!rfid.ovpn.mgen.filename!.key' key
)
rem echo "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key"
move "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key" ^
"%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key.old" >nul 2<&1
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- moving old certificate request '!rfid.ovpn.mgen.filename!.csr'
)
move "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr" ^
"%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr.old" >nul 2<&1
)
)
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -K- generating certificate request for %rfid.ovpn.crt.CN%_%%i..
)
if "%rfid.ovpn.ui.debug%" GEQ "2" (
rem set
rem echo rfid.ovpn.crt.rdn - !rfid.ovpn.crt.rdn!
rem echo rfid.ovpn.mgen.filename - !rfid.ovpn.mgen.filename!
rem echo rfid.ovpn.ossl.genreq - !rfid.ovpn.ossl.genreq!
rem echo rfid.ovpn.ossl.gencrt - !rfid.ovpn.ossl.gencrt!
rem echo rfid.ovpn.ossl.path - %rfid.ovpn.ossl.path%
)
rem creating keyfile & certificate request
if "%rfid.ovpn.ui.logging%" == "yes" (
!rfid.ovpn.ossl.genreq! > "%rfid.ovpn.ui.logpath%"\ossl_%rfid.ovpn.crt.CN%_%%i_reqgen.log 2<&1
) else !rfid.ovpn.ossl.genreq! >nul 2<&1
if "%rfid.ovpn.ui.debug%" GEQ "1" echo -#- checking if CSR ^& KEY files exist
if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.key" (
echo.
echo [E] exiting, new keyfile '!rfid.ovpn.mgen.filename!.key' not found & goto unload
)
if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.csr" (
echo.
echo [E] exiting, new key-request file'!rfid.ovpn.mgen.filename!.csr' not found & goto unload
)
REM GENERATOR 2
if exist "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt" (
call :update_idx
if "%rfid.ovpn.keys.policy%" == "replace" (
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- replacing '!rfid.ovpn.mgen.filename!.crt' with new one
)
del /q /f "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt" >nul 2<&1
) else if "%rfid.ovpn.keys.policy%" == "backup" (
call :update_idx
if "%rfid.ovpn.ui.debug%" GEQ "1" (
echo -F- moving old certificate '!rfid.ovpn.mgen.filename!.crt'
)
move "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt" ^
"%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt.old" >nul 2<&1
)
)
rem creating certificate
if "%rfid.ovpn.crt.mgen.make_ccd%" == "yes" (
echo -K- generating certificate for %rfid.ovpn.crt.CN%_%%i [!rfid.runvar.caddr!]..
) else (
echo -K- generating certificate for %rfid.ovpn.crt.CN%_%%i..
)
if "%rfid.ovpn.ui.logging%" == "yes" (
!rfid.ovpn.ossl.gencrt! > "%rfid.ovpn.ui.logpath%"\ossl_%rfid.ovpn.crt.CN%_%%i_keygen.log 2<&1
) else !rfid.ovpn.ossl.gencrt! >nul 2<&1
if "%rfid.ovpn.ui.debug%" GEQ "1" echo -#- checking if certificate file exist
if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.mgen.filename!.crt" (
echo [E] exiting, certificate file '!rfid.ovpn.mgen.filename!.crt' not found & goto unload
)
rem MGEN improved with CCD implementation
if "%rfid.ovpn.crt.mgen.make_ccd%" == "yes" (
echo ifconfig-push %rfid.ovpn.ccd.net.default%1 !rfid.runvar.caddr!>"%rfid.ovpn.ccd.path%\!rfid.ovpn.mgen.filename!"
if "%rfid.ovpn.ui.logging%" == "yes" (
copy "%rfid.ovpn.ccd.path%\!rfid.ovpn.mgen.filename!" "%rfid.ovpn.ui.logpath%\!rfid.ovpn.mgen.filename!.ccd" >nul 2<&1
)
)
)
)
rem cert req opts: -keyout %rfid.ovpn.keys.path%\[client_name].key -out %rfid.ovpn.keys.path%\[client_name].csr -subj "/C=CountryName/ST=Providence/L=CityName/CN=[client_name]"
rem cert dynamic opts: -out %rfid.ovpn.keys.path%\%1.crt -in %rfid.ovpn.keys.path%\%1.csr
echo.
echo [+] work complete
if "%rfid.ovpn.keys.policy%" == "replace" (
echo [X] cleanup..
del /q /f %rfid.ovpn.keys.path%\*.old >nul 2<&1
)
goto :unload
REM ########## unload routine ##############
:unload
echo [ ] execution complete
echo.
if "%rfid.ovpn.ui.debug%" GEQ "2" (
echo.
echo [D] ENV STACK:
set rfid.ovpn
)
endlocal
color
title %CD%
:EOF
мануал в MHT (бета)
скрин старый, в представленном коде CCD уже работает
жду критики
спасибо)