mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2025-02-17 14:03:13 +03:00
Code Issues Projects Releases Wiki Activity

Install easy-rsa instead of downloading tarball from GitHub

Browse Source
This commit is contained in:
Birkhoff 2018-07-25 17:17:17 -04:00
parent 54d7f66d96
commit dc2ff7fb75
No known key found for this signature in database
GPG Key ID: DAF5C86509D5C898
1 changed files with 11 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
openvpn-install.sh
View File

@ -147,9 +147,9 @@ if [[ -e /etc/openvpn/server.conf ]]; then
semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
fi fi
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt remove --purge openvpn stunnel4 -y apt remove --purge openvpn stunnel4 easy-rsa -y
else else
yum remove openvpn stunnel4 -y yum remove openvpn stunnel4 easy-rsa -y
fi fi
rm -rf /etc/openvpn /etc/stunnel rm -rf /etc/openvpn /etc/stunnel
rm -f /etc/sysctl.d/30-openvpn-forward.conf rm -f /etc/sysctl.d/30-openvpn-forward.conf
@ -238,28 +238,21 @@ else
if [[ "$OS" = 'debian' ]]; then if [[ "$OS" = 'debian' ]]; then
apt update apt update
apt dist-upgrade -y apt dist-upgrade -y
apt install openvpn iptables openssl ca-certificates stunnel4 -y apt install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
else else
# Else, the distro is CentOS # Else, the distro is CentOS
yum install epel-release -y yum install epel-release -y
yum install openvpn iptables openssl ca-certificates stunnel4 -y yum install openvpn iptables openssl ca-certificates stunnel4 easy-rsa -y
fi fi
# Get easy-rsa mkdir /etc/openvpn/easy-rsa/
EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
tar xzf ~/easyrsa.tgz -C ~/
mv ~/EasyRSA-3.0.4/ /etc/openvpn/
mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
chown -R root:root /etc/openvpn/easy-rsa/
rm -f ~/easyrsa.tgz
cd /etc/openvpn/easy-rsa/ cd /etc/openvpn/easy-rsa/
# Create the PKI, set up the CA, the DH params and the server + client certificates # Create the PKI, set up the CA, the DH params and the server + client certificates
./easyrsa init-pki easyrsa init-pki
./easyrsa --batch build-ca nopass easyrsa --batch build-ca nopass
./easyrsa gen-dh easyrsa gen-dh
./easyrsa build-server-full server nopass easyrsa build-server-full server nopass
./easyrsa build-client-full $CLIENT nopass easyrsa build-client-full $CLIENT nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}' csplit -f /etc/openvpn/easy-rsa/pki/issued/cert. /etc/openvpn/easy-rsa/pki/issued/server.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt rm /etc/openvpn/easy-rsa/pki/issued/cert.00 /etc/openvpn/easy-rsa/pki/issued/server.crt