mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-27 15:36:07 +03:00
Code Issues Projects Releases Wiki Activity

Fix #352

Browse Source 
Set EASYRSA_CRL_DAYS to 3650 instead of the default 180.

OpenVPN 2.4+ enforces the nextUpdate value in the CRL as a hard limit,
and will not work if more than 6 months passed since it was generated.
This commit is contained in:
Nyr 2017-08-29 17:55:14 +02:00
parent b2d8c73e1b
commit 9c0579052f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openvpn-install.sh
View File

@ -113,7 +113,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p) CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
./easyrsa --batch revoke $CLIENT ./easyrsa --batch revoke $CLIENT
./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
rm -rf pki/reqs/$CLIENT.req rm -rf pki/reqs/$CLIENT.req
rm -rf pki/private/$CLIENT.key rm -rf pki/private/$CLIENT.key
rm -rf pki/issued/$CLIENT.crt rm -rf pki/issued/$CLIENT.crt
@ -246,7 +246,7 @@ else
./easyrsa gen-dh ./easyrsa gen-dh
./easyrsa build-server-full server nopass ./easyrsa build-server-full server nopass
./easyrsa build-client-full $CLIENT nopass ./easyrsa build-client-full $CLIENT nopass
./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
# CRL is read with each client connection, when OpenVPN is dropped to nobody # CRL is read with each client connection, when OpenVPN is dropped to nobody