mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-24 05:56:08 +03:00
Bingo!
This commit is contained in:
parent
ead883b476
commit
06497c24af
@ -69,6 +69,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
./easyrsa build-client-full $CLIENT nopass
|
./easyrsa build-client-full $CLIENT nopass
|
||||||
# Generates the custom client.ovpn
|
# Generates the custom client.ovpn
|
||||||
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
echo
|
echo
|
||||||
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
||||||
@ -260,6 +262,9 @@ else
|
|||||||
./easyrsa build-client-full $CLIENT nopass
|
./easyrsa build-client-full $CLIENT nopass
|
||||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||||
# Move the stuff we need
|
# Move the stuff we need
|
||||||
|
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
|
||||||
|
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt
|
||||||
|
mv /etc/openvpn/easy-rsa/pki/issued/cert.01 /etc/openvpn/easy-rsa/pki/issued/server.crt
|
||||||
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
|
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
|
||||||
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
# CRL is read with each client connection, when OpenVPN is dropped to nobody
|
||||||
chown nobody:$GROUPNAME /etc/openvpn/crl.pem
|
chown nobody:$GROUPNAME /etc/openvpn/crl.pem
|
||||||
@ -269,21 +274,20 @@ else
|
|||||||
if [[ $SSL==1 ]]; then
|
if [[ $SSL==1 ]]; then
|
||||||
echo "local 127.0.0.1" > /etc/openvpn/server.conf
|
echo "local 127.0.0.1" > /etc/openvpn/server.conf
|
||||||
echo "port 1194" >> /etc/openvpn/server.conf
|
echo "port 1194" >> /etc/openvpn/server.conf
|
||||||
csplit -f /etc/openvpn/cert. /etc/openvpn/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
|
|
||||||
rm /etc/openvpn/cert.00 /etc/openvpn/server.crt
|
|
||||||
mv /etc/openvpn/cert.01 /etc/openvpn/server.crt
|
|
||||||
cp /etc/openvpn/server.crt /etc/stunnel/
|
|
||||||
cp /etc/openvpn/server.key /etc/stunnel/
|
|
||||||
echo "sslVersion = all
|
echo "sslVersion = all
|
||||||
;chroot = /var/lib/stunnel4/
|
;chroot = /var/lib/stunnel4/
|
||||||
pid = /var/run/stunnel4.pid
|
pid = /var/run/stunnel4.pid
|
||||||
debug = 3
|
debug = 7
|
||||||
output = /var/log/stunnel4/stunnel.log
|
output = /var/log/stunnel4/stunnel.log
|
||||||
|
setuid = root
|
||||||
|
setgid = root
|
||||||
|
socket = l:TCP_NODELAY=1
|
||||||
|
socket = r:TCP_NODELAY=1
|
||||||
[openvpn]
|
[openvpn]
|
||||||
accept = 0.0.0.0:443
|
accept = 0.0.0.0:$PORT
|
||||||
connect = 127.0.0.1:1194
|
connect = 127.0.0.1:1194
|
||||||
cert=/etc/stunnel/server.crt
|
cert=/etc/openvpn/server.crt
|
||||||
key=/etc/stunnel/server.key" > /etc/stunnel/stunnel.conf
|
key=/etc/openvpn/server.key" > /etc/stunnel/stunnel.conf
|
||||||
else
|
else
|
||||||
echo "port $PORT" > /etc/openvpn/server.conf
|
echo "port $PORT" > /etc/openvpn/server.conf
|
||||||
fi
|
fi
|
||||||
@ -433,16 +437,22 @@ setenv opt block-outside-dns
|
|||||||
key-direction 1
|
key-direction 1
|
||||||
reneg-sec $RENEGKEY
|
reneg-sec $RENEGKEY
|
||||||
verb 3" >> /etc/openvpn/client-common.txt
|
verb 3" >> /etc/openvpn/client-common.txt
|
||||||
|
if [[ $SSL=1 ]]; then
|
||||||
echo "client = yes
|
echo "client = yes
|
||||||
debug = 6
|
debug = 7
|
||||||
[openvpn]
|
[openvpn]
|
||||||
accept = 127.0.0.1:1194
|
accept = 127.0.0.1:1194
|
||||||
connect = $IP:$PORT
|
connect = $IP:$PORT
|
||||||
TIMEOUTclose = 0
|
TIMEOUTclose = 1000
|
||||||
verify = 3
|
session=300
|
||||||
|
stack=65536
|
||||||
|
sslVersion=TLSv1.2
|
||||||
|
setuid=root
|
||||||
|
setgid=root
|
||||||
CAfile = stunnel.crt" > /etc/stunnel/stunnel-client.conf
|
CAfile = stunnel.crt" > /etc/stunnel/stunnel-client.conf
|
||||||
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
|
fi
|
||||||
# Generates the custom client.ovpn
|
# Generates the custom client.ovpn
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
echo
|
echo
|
||||||
|
Loading…
Reference in New Issue
Block a user