allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Take over the project

Browse Source 
I've decided to maintain the project myself now, so I've forked it and
create a drone pipeline to push image to my registry
This commit is contained in:
Nikolai Rodionov
2023-08-09 19:49:38 +02:00
parent 6a86b23ed8
commit 2ec840ff63
29 changed files with 681 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
bin/ovpn_genclientcert
View File

@ -15,15 +15,4 @@ set -e
source "$OPENVPN/ovpn_env.sh"
# Download EasyRSA because Ubuntu doesn't have it as a CLI command
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
tar xvf EasyRSA-unix-v3.0.6.tgz
export EASYRSA="EasyRSA-v3.0.6/"
export EASYRSA_SSL_CONF="EasyRSA-v3.0.6/openssl-easyrsa.cnf"
EasyRSA-v3.0.6/easyrsa build-client-full $CLIENTNAME $PASSWORD
# Remove EasyRSA files when we're done
rm -r EasyRSA-v3.0.6/
rm EasyRSA-unix-v3.0.6.tgz
/usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD

28
bin/ovpn_initpki
View File

@ -15,22 +15,9 @@ source "$OPENVPN/ovpn_env.sh"
# Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
nopass=$1
# Download EasyRSA because Ubuntu doesn't have it as a CLI command
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
tar xvf EasyRSA-unix-v3.0.6.tgz
export EASYRSA="EasyRSA-v3.0.6/"
export EASYRSA_SSL_CONF="EasyRSA-v3.0.6/openssl-easyrsa.cnf"
cp -r EasyRSA-v3.0.6/x509-types/ x509-types/
# Provides a sufficient warning before erasing pre-existing files
EasyRSA-v3.0.6/easyrsa init-pki
# CA always has a password for protection in event server is compromised. The
# password is only needed to sign client/server certificates. No password is
# needed for normal OpenVPN operation.
EasyRSA-v3.0.6/easyrsa build-ca $nopass
EasyRSA-v3.0.6/easyrsa gen-dh
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa build-ca $nopass
/usr/share/easy-rsa/easyrsa gen-dh
openvpn --genkey --secret $EASYRSA_PKI/ta.key
# Was nice to autoset, but probably a bad idea in practice, users should
@ -44,12 +31,7 @@ openvpn --genkey --secret $EASYRSA_PKI/ta.key
#fi
# For a server key with a password, manually init; this is autopilot
EasyRSA-v3.0.6/easyrsa build-server-full "$OVPN_CN" nopass
/usr/share/easy-rsa/easyrsa build-server-full "$OVPN_CN" nopass
# Generate the CRL for client/server certificates revocation.
EasyRSA-v3.0.6/easyrsa gen-crl
# Remove EasyRSA files when we're done
rm -r EasyRSA-v3.0.6/
rm EasyRSA-unix-v3.0.6.tgz
rm -r x509-types/
/usr/share/easy-rsa/easyrsa gen-crl

16
bin/ovpn_revokeclient
View File

@ -31,23 +31,11 @@ fi
revoke_client_certificate(){
# Download EasyRSA because Ubuntu doesn't have it as a CLI command
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz
tar xvf EasyRSA-unix-v3.0.6.tgz
export EASYRSA="EasyRSA-v3.0.6/"
export EASYRSA_SSL_CONF="EasyRSA-v3.0.6/openssl-easyrsa.cnf"
cp -r EasyRSA-v3.0.6/x509-types/ x509-types/
EasyRSA-v3.0.6/easyrsa revoke "$1"
/usr/share/easy-rsa/easyrsa revoke "$1"
echo "Generating the Certificate Revocation List :"
EasyRSA-v3.0.6/easyrsa gen-crl
/usr/share/easy-rsa/easyrsa gen-crl
cp -f "$EASYRSA_PKI/crl.pem" "$OPENVPN/crl.pem"
chmod 644 "$OPENVPN/crl.pem"
# Remove EasyRSA files when we're done
rm -r EasyRSA-v3.0.6/
rm EasyRSA-unix-v3.0.6.tgz
rm -r x509-types/
}
remove_files(){