stonevpn man page

stonevpn — Easy OpenVPN certificate and configuration management

Synopsis

stonevpn -f filename -n commonname [ Options ]

Description

StoneVPN allows you to manage OpenVPN certificates and create configurations for Windows and Linux machines based on a template. It can package everything into a zipfile and mail it to a user.

Options

--version

Show program's version number and exit

-h, --help

Show the help message and exit

-D, --debug

Enable debugging information. You probably don't want to use this option as it prints quite useless information for normal usage.

-n CNAME, --name=CNAME

Common Name, use quotes eg.: "John Cleese"

-f FNAME, --file=FNAME

Write to file FNAME (no extension!)

-o CONFS, --config=CONFS

Create config files for [ windows | unix |  mac | all ]

When supplying all StoneVPN will generate configuration files for all three Operating Systems.

-e FPREFIX, --prefix=FPREFIX

Prefix (almost all) generated files. For example, if you set FPREFIX to 'mycorp', generated files will look like 'mycorp-user.crt/zip/key'

-z,--zip

Package all generated files into a ZIP file.

-m EMAILADDRESS, --mail=EMAILADDRESS

Send all generated files by e-mail to EMAILADDRESS. You might want to encrypt the user's key with a password when using this method.

-i,--free-ip

Locate and assign free ip by parsing the OpenVPN server configuration file (more specifically the 'ifconfig-pool' line), and client configuration files within the ccd directory.

-p,--passphrase

Prompt for a passphrase when generating the user's private key. Leave empty to provide one on the commandline. For example:

 stonevpn -f user -n "User Name" -p mysecret

-M,--mailpass

Include passphrase in e-mail body (only useful with the '-m' option). You might want to change the mail_passtxt variable in stonevpn.conf as well.

-R RANDPASS, --randpass=RANDPASS

Generate a random password of RANDPASS characters. For example, to generate an 8 character passphrase:

 stonevpn -f user -n "User Name" -R 8

-E,--extrafile

Include extra files when generating a certificate. When also specifying the --zip option, these will be packed in the zip file. Else, they will remain in a subdirectory of the working directory, based on the given FNAME. Use the full path to the filename to be included. You can use this option multiple times:

 stonevpn -f user -n "User Name" -E /path/to/file1 -E /path/to/file2

-S,--serverip

Use this IP address for the server when generating the configuration file, overriding the one specified in stonevpn.conf

-r SERIAL, --revoke=SERIAL

Revoke certificate with serial SERIAL

-u ROUTE, --route=ROUTE

Push extra route(s) to client by means of a client configuration file on the server. For example:

 stonevpn -f user -n "User Name" -u 192.168.1.0/24

You can specify multiple routes with another '-u <route>'. This will write the route(s) to /etc/openvpn/cdd/Test_User

-l,--listrevoked

List revoked certificates

--crl

Display CRL file contents

-a,--listall

List all certificates

-s,--showserial

Display current SSL serial number

-c PRINTCERT, --printcert=PRINTCERT

Prints information about a certficiate file

-d,--printindex

Prints index file

-x EXPIREDATE, --expire=EXPIREDATE

Certificate expires in EXPIREDATE hours/days/years instead of the default specified in the openssl.cnf. For example:

 stonevpn -f user -n "User Name" -x 3h   # valid for 3 hours
 stonevpn -f user -n "User Name" -x 2d   # same, but 2 days
 stonevpn -f user -n "User Name" -x 1y   # and for one year

-N,--newcrl

Create an empty CRL file (or overwrite an existing one)

-t,--test

Danger, Will Robinson, Danger! test parameter - can do anything! Review source before executing!

Files

/etc/stonevpn.conf

Configuration file. See stonevpn(5) for further details.

Examples

Create a certificate and (Unix) configuration file for John Cleese and pack everything into johncleese.zip:

stonevpn -f johncleese -n "John Cleese" -z

The same, but now encrypt the user's private key with a password and email the zipfile to them:

stonevpn -f johncleese -n "John Cleese" -z -p -m user@domain.tld

Bugs

Please report bugs on http://github.com/lkeijser/stonevpn/issues or mail the author.

Author

Léon Keijser <keijser at stone-it dot com>

See Also

stonevpn(5)

Info

May 2010 StoneVPN User Manual