stonevpn(1)

1STONEVPN(1)                  StoneVPN User Manual                  STONEVPN(1)
2
3
4

NAME

6       stonevpn - Easy OpenVPN certificate and configuration management
7
8

SYNOPSIS

10       stonevpn -f filename -n commonname [ OPTIONS ]
11
12

DESCRIPTION

14       StoneVPN  allows you to manage OpenVPN certificates and create configu‐
15       rations for Windows and Linux machines based  on  a  template.  It  can
16       package everything into a zipfile and mail it to a user.
17
18

OPTIONS

20       --version
21              Show program's version number and exit
22
23       -h, --help
24              Show the help message and exit
25
26       -D, --debug
27              Enable  debugging  information.  You  probably don't want to use
28              this option as it prints quite useless  information  for  normal
29              usage.
30
31       -n CNAME, --name=CNAME
32              Common Name, use quotes eg.: "John Cleese"
33
34       -f FNAME, --file=FNAME
35              Write to file FNAME (no extension!)
36
37       -o CONFS, --config=CONFS
38              Create config files for [ windows | unix |  mac | all ]
39
40              When  supplying  all  StoneVPN will generate configuration files
41              for all three Operating Systems.
42
43       -e FPREFIX, --prefix=FPREFIX
44              Prefix (almost all) generated files. For  example,  if  you  set
45              FPREFIX  to  'mycorp',  generated  files will look like 'mycorp-
46              user.crt/zip/key'
47
48       -z,--zip
49              Package all generated files into a ZIP file.
50
51       -m EMAILADDRESS, --mail=EMAILADDRESS
52              Send all generated files by e-mail to  EMAILADDRESS.  You  might
53              want  to  encrypt the user's key with a password when using this
54              method.
55
56       -i,--free-ip
57              Locate and assign free ip by parsing the OpenVPN server configu‐
58              ration  file  (more  specifically the 'ifconfig-pool' line), and
59              client configuration files within the ccd directory.
60
61       -p,--passphrase
62              Prompt for a passphrase when generating the user's private  key.
63              Leave empty to provide one on the commandline. For example:
64
65                stonevpn -f user -n "User Name" -p mysecret
66
67       -M,--mailpass
68              Include  passphrase  in  e-mail  body (only useful with the '-m'
69              option). You might want to change the mail_passtxt  variable  in
70              stonevpn.conf as well.
71
72       -R RANDPASS, --randpass=RANDPASS
73              Generate  a random password of RANDPASS characters. For example,
74              to generate an 8 character passphrase:
75
76                stonevpn -f user -n "User Name" -R 8
77
78       -E,--extrafile
79              Include extra files when generating  a  certificate.  When  also
80              specifying  the  --zip  option,  these will be packed in the zip
81              file. Else, they will remain in a subdirectory  of  the  working
82              directory,  based  on  the given FNAME. Use the full path to the
83              filename to be included.   You  can  use  this  option  multiple
84              times:
85
86                stonevpn   -f   user  -n  "User  Name"  -E  /path/to/file1  -E
87              /path/to/file2
88
89       -S,--serverip
90              Use this IP address for the server when generating the  configu‐
91              ration file, overriding the one specified in stonevpn.conf
92
93       -r SERIAL, --revoke=SERIAL
94              Revoke certificate with serial SERIAL
95
96       -u ROUTE, --route=ROUTE
97              Push extra route(s) to client by means of a client configuration
98              file on the server. For example:
99
100                stonevpn -f user -n "User Name" -u 192.168.1.0/24
101
102              You can specify multiple routes with another '-u <route>'.  This
103              will write the route(s) to /etc/openvpn/cdd/Test_User
104
105       -l,--listrevoked
106              List revoked certificates
107
108       --crl  Display CRL file contents
109
110       -a,--listall
111              List all certificates
112
113       -s,--showserial
114              Display current SSL serial number
115
116       -c PRINTCERT, --printcert=PRINTCERT
117              Prints information about a certficiate file
118
119       -d,--printindex
120              Prints index file
121
122       -x EXPIREDATE, --expire=EXPIREDATE
123              Certificate  expires  in  EXPIREDATE hours/days/years instead of
124              the default specified in the openssl.cnf. For example:
125
126                stonevpn -f user -n "User Name" -x 3h   # valid for 3 hours
127                stonevpn -f user -n "User Name" -x 2d   # same, but 2 days
128                stonevpn -f user -n "User Name" -x 1y   # and for one year
129
130       -N,--newcrl
131              Create an empty CRL file (or overwrite an existing one)
132
133       -t,--test
134              Danger, Will Robinson, Danger! test parameter - can do anything!
135              Review source before executing!
136
137

FILES

139       /etc/stonevpn.conf
140              Configuration file. See stonevpn(5) for further details.
141
142

EXAMPLES

144       Create  a certificate and (Unix) configuration file for John Cleese and
145       pack everything into johncleese.zip:
146
147              stonevpn -f johncleese -n "John Cleese" -z
148
149
150       The same, but now encrypt the user's private key with  a  password  and
151       email the zipfile to them:
152
153              stonevpn -f johncleese -n "John Cleese" -z -p -m user@domain.tld
154
155

BUGS

157       Please  report  bugs  on  http://github.com/lkeijser/stonevpn/issues or
158       mail the author.
159
160

AUTHOR

162       Léon Keijser <keijser at stone-it dot com>
163
164