gcc484perl-5.22
|
Last change
on this file since 128fde4 was
c5c522c,
checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago
|
|
initial commit, transferred from cleaned syn3 svn tree
|
-
Property mode set to
100755
|
|
File size:
874 bytes
|
| Line | |
|---|
| 1 | #!/bin/bash |
|---|
| 2 | |
|---|
| 3 | set -e |
|---|
| 4 | |
|---|
| 5 | cd /etc/openvpn |
|---|
| 6 | |
|---|
| 7 | |
|---|
| 8 | #basic setup |
|---|
| 9 | if ! [ -e pki ]; then |
|---|
| 10 | ./easyrsa init-pki |
|---|
| 11 | fi |
|---|
| 12 | |
|---|
| 13 | #create ca cert |
|---|
| 14 | if ! [ -e pki/ca.crt ]; then |
|---|
| 15 | echo syn3 | ./easyrsa build-ca nopass |
|---|
| 16 | fi |
|---|
| 17 | |
|---|
| 18 | #create server cert |
|---|
| 19 | if ! [ -e pki/issued/server.crt ]; then |
|---|
| 20 | ./easyrsa build-server-full server nopass |
|---|
| 21 | fi |
|---|
| 22 | |
|---|
| 23 | #create dh parameters |
|---|
| 24 | if ! [ -e pki/dh.pem ]; then |
|---|
| 25 | ./easyrsa gen-dh |
|---|
| 26 | fi |
|---|
| 27 | |
|---|
| 28 | #create CRL list |
|---|
| 29 | if ! [ -e pki/crl.pem ]; then |
|---|
| 30 | ./easyrsa gen-crl |
|---|
| 31 | fi |
|---|
| 32 | |
|---|
| 33 | #openvpn group |
|---|
| 34 | if ! ( getent group | grep "OpenVPN access" &> /dev/null ) ; then |
|---|
| 35 | smbldap-groupadd -g 521 "OpenVPN access" || exit 1; |
|---|
| 36 | fi |
|---|
| 37 | |
|---|
| 38 | #openvpn ipblock |
|---|
| 39 | NAME="OpenVPN clients" |
|---|
| 40 | if ! grep "$NAME" /etc/firewall/ipblocks; then |
|---|
| 41 | echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks |
|---|
| 42 | fi |
|---|
| 43 | |
|---|
| 44 | |
|---|
| 45 | |
|---|
| 46 | |
|---|
| 47 | #create tlsauth key |
|---|
| 48 | if ! [ -e pki/ta.key ]; then |
|---|
| 49 | openvpn --genkey --secret pki/ta.key |
|---|
| 50 | fi |
|---|
| 51 | |
|---|
| 52 | |
|---|
| 53 | |
|---|
| 54 | #example |
|---|
| 55 | #./syn3-client bla.linuxsysteem.nl gerard |
|---|
| 56 | |
|---|
Note: See
TracBrowser
for help on using the repository browser.
