mirror of
https://github.com/Nyr/openvpn-install.git
synced 2024-11-28 07:56:07 +03:00
Verify SSL certificate
This commit is contained in:
parent
dc2ff7fb75
commit
7bfa2bb2be
@ -67,13 +67,15 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
echo "Please, use one word only, no special characters."
|
echo "Please, use one word only, no special characters."
|
||||||
read -p "Client name: " -e CLIENT
|
read -p "Client name: " -e CLIENT
|
||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
./easyrsa build-client-full $CLIENT nopass
|
easyrsa build-client-full $CLIENT nopass
|
||||||
# Generates the custom client.ovpn
|
|
||||||
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
echo
|
echo
|
||||||
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
|
||||||
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue."
|
if [ -f /etc/stunnel/stunnel-client.conf ]; then
|
||||||
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
|
echo "~/stunnel.crt and ~/stunnel.conf."
|
||||||
|
fi
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
@ -98,8 +100,8 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
|||||||
read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
|
read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
|
||||||
if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
|
if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
|
||||||
cd /etc/openvpn/easy-rsa/
|
cd /etc/openvpn/easy-rsa/
|
||||||
./easyrsa --batch revoke $CLIENT
|
easyrsa --batch revoke $CLIENT
|
||||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
|
||||||
rm -f pki/reqs/$CLIENT.req
|
rm -f pki/reqs/$CLIENT.req
|
||||||
rm -f pki/private/$CLIENT.key
|
rm -f pki/private/$CLIENT.key
|
||||||
rm -f pki/issued/$CLIENT.crt
|
rm -f pki/issued/$CLIENT.crt
|
||||||
@ -438,11 +440,14 @@ debug = 7
|
|||||||
[openvpn]
|
[openvpn]
|
||||||
accept = 127.0.0.1:1194
|
accept = 127.0.0.1:1194
|
||||||
connect = $IP:$PORT
|
connect = $IP:$PORT
|
||||||
|
verify = 2
|
||||||
|
CAfile = stunnel.crt
|
||||||
TIMEOUTclose = 1000
|
TIMEOUTclose = 1000
|
||||||
session=300
|
session=300
|
||||||
stack=65536
|
stack=65536
|
||||||
sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
|
sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
|
||||||
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
cp /etc/stunnel/stunnel-client.conf $HOME/stunnel.conf
|
||||||
|
cp /etc/openvpn/server.crt $HOME/stunnel.crt
|
||||||
fi
|
fi
|
||||||
# Generates the custom client.ovpn
|
# Generates the custom client.ovpn
|
||||||
newclient "$CLIENT"
|
newclient "$CLIENT"
|
||||||
@ -451,7 +456,7 @@ sslVersion=TLSv1.2" > /etc/stunnel/stunnel-client.conf
|
|||||||
echo
|
echo
|
||||||
echo "Your client configuration is available at: ~/$CLIENT.ovpn"
|
echo "Your client configuration is available at: ~/$CLIENT.ovpn"
|
||||||
if [[ $SSL=1 ]]; then
|
if [[ $SSL=1 ]]; then
|
||||||
echo "and ~/stunnel.conf. Install stunnel4 on client before you continue."
|
echo "~/stunnel.crt and ~/stunnel.conf."
|
||||||
fi
|
fi
|
||||||
echo "If you want to add more clients, you simply need to run this script again!"
|
echo "If you want to add more clients, you simply need to run this script again!"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user