stonevpn(1) - Linux man page
Name
stonevpn - Easy OpenVPN certificate and configuration management
Synopsis
stonevpn -f filename -n commonname [ OPTIONS ]
Description
StoneVPN allows you to manage OpenVPN certificates and create configurations for Windows and Linux machines based on a template. It can package everything into a zipfile and mail it to a user.
Options
--version
- Show program's version number and exit
- -h, --help
- Show the help message and exit
- -D, --debug
- Enable debugging information. You probably don't want to use this option as it prints quite useless information for normal usage.
- -n CNAME, --name=CNAME
- Common Name, use quotes eg.: "John Cleese"
- -f FNAME, --file=FNAME
- Write to file FNAME (no extension!)
- -o CONFS, --config=CONFS
- Create config files for [ windows | unix | mac | all ]
When supplying all StoneVPN will generate configuration files for all three Operating Systems.
- -e FPREFIX, --prefix=FPREFIX
- Prefix (almost all) generated files. For example, if you set FPREFIX to 'mycorp', generated files will look like 'mycorp-user.crt/zip/key'
- -z,--zip
- Package all generated files into a ZIP file.
- -m EMAILADDRESS, --mail=EMAILADDRESS
- Send all generated files by e-mail to EMAILADDRESS. You might want to encrypt the user's key with a password when using this method.
- -i,--free-ip
- Locate and assign free ip by parsing the OpenVPN server configuration file (more specifically the 'ifconfig-pool' line), and client configuration files within the ccd directory.
- -p,--passphrase
- Prompt for a passphrase when generating the user's private key. Leave empty to provide one on the commandline. For example:
stonevpn -f user -n "User Name" -p mysecret
- -M,--mailpass
- Include passphrase in e-mail body (only useful with the '-m' option). You might want to change the mail_passtxt variable in stonevpn.conf as well.
- -R RANDPASS, --randpass=RANDPASS
- Generate a random password of RANDPASS characters. For example, to generate an 8 character passphrase:
stonevpn -f user -n "User Name" -R 8
- -E,--extrafile
- Include extra files when generating a certificate. When also specifying the --zip option, these will be packed in the zip file. Else, they will
remain in a subdirectory of the working directory, based on the given FNAME. Use the full path to the filename to be included. You can use this option multiple
times:
stonevpn -f user -n "User Name" -E /path/to/file1 -E /path/to/file2
- -S,--serverip
- Use this IP address for the server when generating the configuration file, overriding the one specified in stonevpn.conf
- -r SERIAL, --revoke=SERIAL
- Revoke certificate with serial SERIAL
- -u ROUTE, --route=ROUTE
- Push extra route(s) to client by means of a client configuration file on the server. For example:
stonevpn -f user -n "User Name" -u 192.168.1.0/24
You can specify multiple routes with another '-u <route>'. This will write the route(s) to /etc/openvpn/cdd/Test_User
- -l,--listrevoked
- List revoked certificates
- --crl
Display CRL file contents
- -a,--listall
- List all certificates
- -s,--showserial
- Display current SSL serial number
- -c PRINTCERT, --printcert=PRINTCERT
- Prints information about a certficiate file
- -d,--printindex
- Prints index file
- -x EXPIREDATE, --expire=EXPIREDATE
- Certificate expires in EXPIREDATE hours/days/years instead of the default specified in the openssl.cnf. For example:
stonevpn -f user -n "User Name" -x 3h # valid for 3 hours stonevpn -f user -n "User Name" -x 2d # same, but 2 days stonevpn -f user -n "User Name" -x 1y # and for one year
- -N,--newcrl
- Create an empty CRL file (or overwrite an existing one)
- -t,--test
- Danger, Will Robinson, Danger! test parameter - can do anything! Review source before executing!
Files
/etc/stonevpn.conf
- Configuration file. See stonevpn(5) for further details.
Examples
Create a certificate and (Unix) configuration file for John Cleese and pack everything into johncleese.zip:
- stonevpn -f johncleese -n "John Cleese" -z
- The same, but now encrypt the user's private key with a password and email the zipfile to them:
- stonevpn -f johncleese -n "John Cleese" -z -p -m user@domain.tld
Bugs
Please report bugs on http://github.com/lkeijser/stonevpn/issues or mail the author.
Author
Léon Keijser <keijser at stone-it dot com>
See Also
stonevpn(5)