050d4a1f82
When creating a multi-server setup I used a partly copied, partly symlinked directory structure for the different servers after creating a certificate for each server with `easyrsa build-server-full`. In that process I also copied the `server` directory. The rsync command does not delete files which are not excluded so it included the correct server key and the original one which can be a security risk.
36 lines
862 B
Bash
Executable File
36 lines
862 B
Bash
Executable File
#!/bin/bash
|
|
## @licence MIT <http://opensource.org/licenses/MIT>
|
|
## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net>
|
|
|
|
if [ -z "$OPENVPN" ]; then
|
|
export OPENVPN="$PWD"
|
|
fi
|
|
if ! source "$OPENVPN/ovpn_env.sh"; then
|
|
echo "Could not source $OPENVPN/ovpn_env.sh."
|
|
exit 1
|
|
fi
|
|
|
|
TARGET="/tmp/openvpn_${OVPN_CN}"
|
|
if [ -n "$1" ]; then
|
|
TARGET="$1"
|
|
else
|
|
TARGET="$OPENVPN/server"
|
|
fi
|
|
|
|
## Ensure that no other keys then the one for the server is present.
|
|
rm --recursive --force "$TARGET/pki/private" "$TARGET/pki/issued"
|
|
|
|
echo "
|
|
pki/private/${OVPN_CN}.key
|
|
pki/issued/${OVPN_CN}.crt
|
|
pki/dh.pem
|
|
pki/ta.key
|
|
pki/ca.crt
|
|
" | rsync --recursive --verbose \
|
|
--files-from - \
|
|
"$OPENVPN/" "$TARGET"
|
|
ln --symbolic --force ../openvpn.conf ../ovpn_env.sh "$TARGET"
|
|
mkdir -p "$TARGET/ccd"
|
|
|
|
echo "Created the openvpn configuration for the server: $TARGET"
|