Enable tls-auth

2024-11-24 05:56:08 +03:00 · 2016-05-15 19:22:32 +02:00 · 2016-05-15 19:22:32 +02:00 · c5b4907fd6
commit c5b4907fd6
parent acca10ba1a
1 changed files with 7 additions and 0 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -53,6 +53,9 @@ newclient () {
 	echo "<key>" >> ~/$1.ovpn
 	cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
 	echo "</key>" >> ~/$1.ovpn
 	echo "<tls-auth>" >> ~/$1.ovpn
 	cat /etc/openvpn/ta.key >> ~/$1.ovpn
 	echo "</tls-auth>" >> ~/$1.ovpn
 }
 # Try to get our IP from the system and fallback to the Internet.
@ -221,6 +224,8 @@ else
 	./easyrsa gen-crl
 	# Move the stuff we need
 	cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
 	# Generate key for tls-auth
 	openvpn --genkey --secret /etc/openvpn/ta.key
 	# Generate server.conf
 	echo "port $PORT
 proto udp
@ -231,6 +236,7 @@ ca ca.crt
 cert server.crt
 key server.key
 dh dh.pem
 tls-auth ta.key 0
 topology subnet
 server 10.8.0.0 255.255.255.0
 ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
@ -362,6 +368,7 @@ persist-tun
 remote-cert-tls server
 comp-lzo
 setenv opt block-outside-dns
 key-direction 1
 verb 3" > /etc/openvpn/client-common.txt
 	# Generates the custom client.ovpn
 	newclient "$CLIENT"