852d404c12
* Instead of storing just a server_url which was necessary to
regenerate the OpenVPN configs, instead store an env file.
* Move all the env parsing to `ovpn_genconfig` so that it can be re-run
from genconfig instead of from `ovpn_init`.
* Remove all the parsing and env defaults except for genconfig.
NOTE: This breaks the older config method, uesrs will need to re-run
genconfig with an arg[1] as the previous server_url, this will create
the necessary env file the rest of the tools expect.
Example recovery for legacy users:
host$ docker run --rm -it kylemanna/openvpn bash -l
container# ovpn_genconfig $(cat /etc/openvpn/server_url)
40 lines
1.0 KiB
Bash
Executable File
40 lines
1.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# Initialize the PKI and OpenVPN configs
|
|
#
|
|
|
|
set -ex
|
|
|
|
# Generate the ovpn env file
|
|
ovpn_genconfig "$1"
|
|
|
|
source "$OPENVPN/ovpn_env.sh"
|
|
|
|
# Specify "nopass" as arg[2] to make the CA insecure
|
|
nopass=$2
|
|
|
|
# Provides a sufficient warning before erasing pre-existing files
|
|
easyrsa init-pki
|
|
|
|
# CA always has a password for protection in event server is compromised. The
|
|
# password is only needed to sign client/server certificates. No password is
|
|
# needed for normal OpenVPN operation.
|
|
easyrsa build-ca $nopass
|
|
|
|
easyrsa gen-dh
|
|
openvpn --genkey --secret $OPENVPN/pki/ta.key
|
|
|
|
# Was nice to autoset, but probably a bad idea in practice, users should
|
|
# have to explicitly specify the common name of their server
|
|
#if [ -z "$cn"]; then
|
|
# #TODO: Handle IPv6 (when I get a VPS with IPv6)...
|
|
# ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
|
|
# ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
|
|
#
|
|
# [ -n "$ptr" ] && cn=$ptr || cn=$ip4
|
|
#fi
|
|
|
|
# For a server key with a password, manually init; this is autopilot
|
|
easyrsa build-server-full "$OVPN_CN" nopass
|