stonevpn man page

stonevpn — Easy OpenVPN certificate and configuration management

Synopsis

stonevpn -f filename -n commonname [ Options ]

Description

StoneVPN allows you to manage OpenVPN certificates and create configurations for Windows and Linux machines based on a template. It can package everything into a zipfile and mail it to a user.

Options

--version
Show program's version number and exit
-h, --help
Show the help message and exit
-D, --debug
Enable debugging information. You probably don't want to use this option as it prints quite useless information for normal usage.
-n CNAME, --name=CNAME
Common Name, use quotes eg.: "John Cleese"
-f FNAME, --file=FNAME
Write to file FNAME (no extension!)
-o CONFS, --config=CONFS

Create config files for [ windows | unix | mac | all ]

When supplying all StoneVPN will generate configuration files for all three Operating Systems.

-e FPREFIX, --prefix=FPREFIX
Prefix (almost all) generated files. For example, if you set FPREFIX to 'mycorp', generated files will look like 'mycorp-user.crt/zip/key'
-z,--zip
Package all generated files into a ZIP file.
-m EMAILADDRESS, --mail=EMAILADDRESS
Send all generated files by e-mail to EMAILADDRESS. You might want to encrypt the user's key with a password when using this method.
-i,--free-ip
Locate and assign free ip by parsing the OpenVPN server configuration file (more specifically the 'ifconfig-pool' line), and client configuration files within the ccd directory.
-p,--passphrase

Prompt for a passphrase when generating the user's private key. Leave empty to provide one on the commandline. For example:

stonevpn -f user -n "User Name" -p mysecret

-M,--mailpass
Include passphrase in e-mail body (only useful with the '-m' option). You might want to change the mail_passtxt variable in stonevpn.conf as well.
-R RANDPASS, --randpass=RANDPASS

Generate a random password of RANDPASS characters. For example, to generate an 8 character passphrase:

stonevpn -f user -n "User Name" -R 8

-E,--extrafile

Include extra files when generating a certificate. When also specifying the --zip option, these will be packed in the zip file. Else, they will remain in a subdirectory of the working directory, based on the given FNAME. Use the full path to the filename to be included. You can use this option multiple times:

stonevpn -f user -n "User Name" -E /path/to/file1 -E /path/to/file2

-S,--serverip
Use this IP address for the server when generating the configuration file, overriding the one specified in stonevpn.conf
-r SERIAL, --revoke=SERIAL
Revoke certificate with serial SERIAL
-u ROUTE, --route=ROUTE

Push extra route(s) to client by means of a client configuration file on the server. For example:

stonevpn -f user -n "User Name" -u 192.168.1.0/24

You can specify multiple routes with another '-u <route>'. This will write the route(s) to /etc/openvpn/cdd/Test_User

-l,--listrevoked
List revoked certificates
--crl
Display CRL file contents
-a,--listall
List all certificates
-s,--showserial
Display current SSL serial number
-c PRINTCERT, --printcert=PRINTCERT
Prints information about a certficiate file
-d,--printindex
Prints index file
-x EXPIREDATE, --expire=EXPIREDATE

Certificate expires in EXPIREDATE hours/days/years instead of the default specified in the openssl.cnf. For example:

stonevpn -f user -n "User Name" -x 3h # valid for 3 hours
stonevpn -f user -n "User Name" -x 2d # same, but 2 days
stonevpn -f user -n "User Name" -x 1y # and for one year

-N,--newcrl
Create an empty CRL file (or overwrite an existing one)
-t,--test
Danger, Will Robinson, Danger! test parameter - can do anything! Review source before executing!

Files

/etc/stonevpn.conf

Configuration file. See stonevpn(5) for further details.

Examples

Create a certificate and (Unix) configuration file for John Cleese and pack everything into johncleese.zip:
stonevpn -f johncleese -n "John Cleese" -z
The same, but now encrypt the user's private key with a password and email the zipfile to them:
stonevpn -f johncleese -n "John Cleese" -z -p -m user@domain.tld

Bugs

Please report bugs on http://github.com/lkeijser/stonevpn/iss… or mail the author.

Author

Léon Keijser <keijser at stone-it dot com>

See Also

stonevpn(5)

Info

May 2010 StoneVPN User Manual