diff --git a/openvpn-install.sh b/openvpn-install.sh index 45ebe1b..0c78e50 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -102,6 +102,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then cd /etc/openvpn/easy-rsa/ ./easyrsa --batch revoke $CLIENT EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl + rm -f pki/reqs/$CLIENT.req + rm -f pki/private/$CLIENT.key + rm -f pki/issued/$CLIENT.crt rm -f /etc/openvpn/crl.pem cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem # CRL is read with each client connection, when OpenVPN is dropped to nobody @@ -222,11 +225,11 @@ else yum install openvpn iptables openssl ca-certificates -y fi # Get easy-rsa - EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v3.0.6.tgz' + EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz' wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL" tar xzf ~/easyrsa.tgz -C ~/ - mv ~/EasyRSA-v3.0.6/ /etc/openvpn/ - mv /etc/openvpn/EasyRSA-v3.0.6/ /etc/openvpn/easy-rsa/ + mv ~/EasyRSA-3.0.5/ /etc/openvpn/ + mv /etc/openvpn/EasyRSA-3.0.5/ /etc/openvpn/easy-rsa/ chown -R root:root /etc/openvpn/easy-rsa/ rm -f ~/easyrsa.tgz cd /etc/openvpn/easy-rsa/