Help with a bash script for openvpn

Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Help with a bash script for openvpn
# 1  
Old 10-17-2007
Help with a bash script for openvpn

I've got a openvpn server and I'm searching a way to permit that a certain certificate is operative only if the connection comes from from a certain ip. Others certificates must have not this limitation because they are for road warriors and we don't know where they can come from.

So the idea is to have an array in a script (we can state some up and down script) or an external file where we have this data:

nameofcertificate:ip or network or range



so Mr Smitch can connect only from these locations.

I state that at the beginning of the connection I've got both the variables, one derived from the common_name and the other from the env and is trusted_ip.

Now I've got to compare the array (or external file) with this variables and if there is a corrispondence permit the connection else not. If a valid certificate is not in the list there is no check on ip.

I am not very skilled for this kind of work, someone can help me? Thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "" script and a "" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

2. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

3. Solaris

OpenVPN and NAT

Hi. I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term. I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies

4. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

5. UNIX for Dummies Questions & Answers

How do I install a OpenVPN in CentOS?

Hi, I have looked at different tutorials across the net on how to install a OpenVPN in Linux CentOS but I can't understand any of the instructions given. So I typed myself some step-by-step instructions that I do understand. This is the type of simplified instructions I do... (1 Reply)
Discussion started by: TheCorporation
1 Replies

6. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

7. IP Networking


Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is my freebsd le0 ( ext iface, vmware bridged ) is ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

8. UNIX for Advanced & Expert Users

OpenVPN 2.09 ns-cert-type ???

--ns-cert-type client|server Require that peer certificate was signed with an explicit nsCertType designation of "client" or "server". This is a useful security option for clients, to ensure that the host they connect with is a designated server. See the easy-rsa/build-key-server script for... (0 Replies)
Discussion started by: kungpow
0 Replies

9. Cybersecurity

RV082 with OpenVPN and/or isakmpd

Has anyone gotten either isakmpd or OpenVPN working with a Linksys RV082? Would you be willing to share a conf file? Thanks! (0 Replies)
Discussion started by: vertigo23
0 Replies
Login or Register to Ask a Question
NSEQ(1) 							      OpenSSL								   NSEQ(1)

nseq - create or examine a netscape certificate sequence SYNOPSIS
openssl nseq [-in filename] [-out filename] [-toseq] DESCRIPTION
The nseq command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence. COMMAND OPTIONS
-in filename This specifies the input filename to read or standard input if this option is not specified. -out filename specifies the output filename or standard output by default. -toseq normally a Netscape certificate sequence will be input and the output is the certificates contained in it. With the -toseq option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. EXAMPLES
Output the certificates in a Netscape certificate sequence openssl nseq -in nseq.pem -out certs.pem Create a Netscape certificate sequence openssl nseq -in certs.pem -toseq -out nseq.pem NOTES
The PEM encoded form uses the same headers and footers as a certificate: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- A Netscape certificate sequence is a Netscape specific form that can be sent to browsers as an alternative to the standard PKCS#7 format when several certificates are sent to the browser: for example during certificate enrollment. It is used by Netscape certificate server for example. BUGS
This program needs a few more options: like allowing DER or PEM input and output files and allowing multiple certificate files to be used. 0.9.7a 2000-01-20 NSEQ(1)