diff --git a/bin/openvpn.sh b/bin/openvpn.sh
index 24f81da..9e7d9e0 100755
--- a/bin/openvpn.sh
+++ b/bin/openvpn.sh
@@ -64,7 +64,8 @@ key $EASYRSA_PKI/private/$cn.key
 ca $EASYRSA_PKI/ca.crt
 cert $EASYRSA_PKI/issued/$cn.crt
 dh $EASYRSA_PKI/dh.pem
-#tls-auth $EASYRSA_PKI/ta.key 0
+#tls-auth $EASYRSA_PKI/ta.key
+#key-direction 0
 keepalive 10 60
 persist-key
 persist-tun
@@ -78,6 +79,46 @@ status /tmp/openvpn-status-1194.log
 EOF
 }
 
+do_getclientconfig() {
+    cn=$1
+
+    [ -z "$cn" ] && abort "Common name not specified"
+
+    if [ ! -f "$EASYRSA_PKI/private/$cn.key" ]; then
+        easyrsa build-server-full $cn nopass
+    fi
+
+    servername=$(cat $OPENVPN/servername)
+
+    cat <<EOF
+client
+nobind
+dev tun
+redirect-gateway def1
+
+<key>
+$(cat $EASYRSA_PKI/private/$cn.key)
+</key>
+<cert>
+$(cat $EASYRSA_PKI/issued/$cn.crt)
+</cert>
+<ca>
+$(cat $EASYRSA_PKI/ca.crt)
+</ca>
+<dh>
+$(cat $EASYRSA_PKI/dh.pem)
+</dh>
+#<tls-auth>
+#$(echo cat $EASYRSA_PKI/ta.key)
+#</tls-auth>
+#key-direction 1
+
+<connection>
+remote $servername 1194 udp
+</connection>
+EOF
+}
+
 # Read arguments from command line
 cmd=$1
 shift
@@ -103,6 +144,9 @@ case "$cmd" in
     bash)
         $cmd "$@"
         ;;
+    getclientconfig)
+        do_getclientconfig "$@"
+        ;;
     openvpn)
         do_openvpn "$@"
         ;;