source: npl/internetserver/openvpn_conf/root/service/openvpn/run

Last change on this file was 17a9f19, checked in by Edwin Eefting <edwin@datux.nl>, 6 years ago

make sure crl is not expired
  • Property mode set to 100755
File size: 1.2 KB
RevLine 
[c5c522c]1#!/bin/bash
2
[7d1e056]3set -e
[c5c522c]4
5cd /etc/openvpn
[7d1e056]6
7# key generation moved here, otherwise it takes too long (now the system is generating more entrophy because it continues to start)
8
9
10#basic setup
11if ! [ -e pki ]; then
12        ./easyrsa init-pki
13fi
14
15#create ca cert
16if ! [ -e pki/ca.crt ]; then
17        echo syn3 | ./easyrsa build-ca nopass
18fi
19
20#create server cert
21if ! [ -e pki/issued/server.crt ]; then
22        ./easyrsa build-server-full server nopass
23fi
24
25#create dh parameters
26if ! [ -e pki/dh.pem ]; then
27        ./easyrsa gen-dh
28fi
29
30#create CRL list
31if ! [ -e pki/crl.pem ]; then
32        ./easyrsa gen-crl
33fi
34
35#openvpn group
36if ! ( getent group | grep "OpenVPN access" &> /dev/null ) ; then
37 smbldap-groupadd -g 521 "OpenVPN access" || exit 1;
38fi
39
40#openvpn ipblock
41NAME="OpenVPN clients"
42if ! grep "$NAME" /etc/firewall/ipblocks; then
43        echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks
44fi
45
46#create tlsauth key
47if ! [ -e pki/ta.key ]; then
48        openvpn --genkey --secret pki/ta.key
49fi
50
[17a9f19]51#make sure this is done (otherwise crl expire error after updating to this openvpn version)
52/etc/cron.monthly/openvpn_regen_crl
53
[7d1e056]54
55modprobe tun
56
[55d876d]57exec openvpn --config openvpn.conf --config openvpn_syn3.conf  --config openvpn_custom.conf
Note: See TracBrowser for help on using the repository browser.