stonevpn man page

stonevpn — Easy OpenVPN certificate and configuration management


stonevpn -f filename -n commonname [ Options ]


StoneVPN allows you to manage OpenVPN certificates and create configurations for Windows and Linux machines based on a template. It can package everything into a zipfile and mail it to a user.


Show program's version number and exit
-h, --help
Show the help message and exit
-D, --debug
Enable debugging information. You probably don't want to use this option as it prints quite useless information for normal usage.
-n CNAME, --name=CNAME
Common Name, use quotes eg.: "John Cleese"
-f FNAME, --file=FNAME
Write to file FNAME (no extension!)
-o CONFS, --config=CONFS

Create config files for [ windows | unix | mac | all ]

When supplying all StoneVPN will generate configuration files for all three Operating Systems.

-e FPREFIX, --prefix=FPREFIX
Prefix (almost all) generated files. For example, if you set FPREFIX to 'mycorp', generated files will look like 'mycorp-user.crt/zip/key'
Package all generated files into a ZIP file.
Send all generated files by e-mail to EMAILADDRESS. You might want to encrypt the user's key with a password when using this method.
Locate and assign free ip by parsing the OpenVPN server configuration file (more specifically the 'ifconfig-pool' line), and client configuration files within the ccd directory.

Prompt for a passphrase when generating the user's private key. Leave empty to provide one on the commandline. For example:

stonevpn -f user -n "User Name" -p mysecret

Include passphrase in e-mail body (only useful with the '-m' option). You might want to change the mail_passtxt variable in stonevpn.conf as well.

Generate a random password of RANDPASS characters. For example, to generate an 8 character passphrase:

stonevpn -f user -n "User Name" -R 8


Include extra files when generating a certificate. When also specifying the --zip option, these will be packed in the zip file. Else, they will remain in a subdirectory of the working directory, based on the given FNAME. Use the full path to the filename to be included. You can use this option multiple times:

stonevpn -f user -n "User Name" -E /path/to/file1 -E /path/to/file2

Use this IP address for the server when generating the configuration file, overriding the one specified in stonevpn.conf
-r SERIAL, --revoke=SERIAL
Revoke certificate with serial SERIAL
-u ROUTE, --route=ROUTE

Push extra route(s) to client by means of a client configuration file on the server. For example:

stonevpn -f user -n "User Name" -u

You can specify multiple routes with another '-u <route>'. This will write the route(s) to /etc/openvpn/cdd/Test_User

List revoked certificates
Display CRL file contents
List all certificates
Display current SSL serial number
Prints information about a certficiate file
Prints index file

Certificate expires in EXPIREDATE hours/days/years instead of the default specified in the openssl.cnf. For example:

stonevpn -f user -n "User Name" -x 3h # valid for 3 hours
stonevpn -f user -n "User Name" -x 2d # same, but 2 days
stonevpn -f user -n "User Name" -x 1y # and for one year

Create an empty CRL file (or overwrite an existing one)
Danger, Will Robinson, Danger! test parameter - can do anything! Review source before executing!



Configuration file. See stonevpn(5) for further details.


Create a certificate and (Unix) configuration file for John Cleese and pack everything into johncleese.zip:
stonevpn -f johncleese -n "John Cleese" -z
The same, but now encrypt the user's private key with a password and email the zipfile to them:
stonevpn -f johncleese -n "John Cleese" -z -p -m user@domain.tld


Please report bugs on http://github.com/lkeijser/stonevpn/iss… or mail the author.


Léon Keijser <keijser at stone-it dot com>

See Also



StoneVPN User Manual May 2010