60 lines
1.3 KiB
Bash
Executable File
60 lines
1.3 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
#
|
|
# Initialize the PKI and OpenVPN configs
|
|
#
|
|
|
|
set -ex
|
|
|
|
cn=$1
|
|
|
|
if [ -z "$cn" ]; then
|
|
echo "Common name not specified"
|
|
exit 1
|
|
fi
|
|
|
|
# Provides a sufficient warning before erasing pre-existing files
|
|
easyrsa init-pki
|
|
|
|
# For a CA key with a password, manually init; this is autopilot
|
|
easyrsa build-ca nopass
|
|
|
|
easyrsa gen-dh
|
|
openvpn --genkey --secret $OPENVPN/pki/ta.key
|
|
|
|
# Was nice to autoset, but probably a bad idea in practice, users should
|
|
# have to explicitly specify the common name of their server
|
|
#if [ -z "$cn"]; then
|
|
# #TODO: Handle IPv6 (when I get a VPS with IPv6)...
|
|
# ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
|
|
# ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
|
|
#
|
|
# [ -n "$ptr" ] && cn=$ptr || cn=$ip4
|
|
#fi
|
|
|
|
echo "$cn" > $OPENVPN/servername
|
|
|
|
easyrsa build-server-full $cn nopass
|
|
|
|
[ -f "$OPENVPN/udp1194.conf" ] || cat > "$OPENVPN/udp1194.conf" <<EOF
|
|
server 192.168.255.128 255.255.255.128
|
|
verb 3
|
|
#duplicate-cn
|
|
key $EASYRSA_PKI/private/$cn.key
|
|
ca $EASYRSA_PKI/ca.crt
|
|
cert $EASYRSA_PKI/issued/$cn.crt
|
|
dh $EASYRSA_PKI/dh.pem
|
|
tls-auth $EASYRSA_PKI/ta.key
|
|
key-direction 0
|
|
keepalive 10 60
|
|
persist-key
|
|
persist-tun
|
|
push "dhcp-option DNS 8.8.4.4"
|
|
push "dhcp-option DNS 8.8.8.8"
|
|
|
|
proto udp
|
|
port 1194
|
|
dev tun1194
|
|
status /tmp/openvpn-status-1194.log
|
|
EOF
|