Context Navigation

run @ 17a9f19

Last change on this file since 17a9f19 was 17a9f19, checked in by Edwin Eefting <edwin@datux.nl>, 6 years ago
make sure crl is not expired
Property mode set to `100755`
File size: 1.2 KB

Line
1	#!/bin/bash
2
3	set -e
4
5	cd /etc/openvpn
6
7	# key generation moved here, otherwise it takes too long (now the system is generating more entrophy because it continues to start)
8
9
10	#basic setup
11	if ! [ -e pki ]; then
12	./easyrsa init-pki
13	fi
14
15	#create ca cert
16	if ! [ -e pki/ca.crt ]; then
17	echo syn3 \| ./easyrsa build-ca nopass
18	fi
19
20	#create server cert
21	if ! [ -e pki/issued/server.crt ]; then
22	./easyrsa build-server-full server nopass
23	fi
24
25	#create dh parameters
26	if ! [ -e pki/dh.pem ]; then
27	./easyrsa gen-dh
28	fi
29
30	#create CRL list
31	if ! [ -e pki/crl.pem ]; then
32	./easyrsa gen-crl
33	fi
34
35	#openvpn group
36	if ! ( getent group \| grep "OpenVPN access" &> /dev/null ) ; then
37	smbldap-groupadd -g 521 "OpenVPN access" \|\| exit 1;
38	fi
39
40	#openvpn ipblock
41	NAME="OpenVPN clients"
42	if ! grep "$NAME" /etc/firewall/ipblocks; then
43	echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks
44	fi
45
46	#create tlsauth key
47	if ! [ -e pki/ta.key ]; then
48	openvpn --genkey --secret pki/ta.key
49	fi
50
51	#make sure this is done (otherwise crl expire error after updating to this openvpn version)
52	/etc/cron.monthly/openvpn_regen_crl
53
54
55	modprobe tun
56
57	exec openvpn --config openvpn.conf --config openvpn_syn3.conf --config openvpn_custom.conf

Note: See TracBrowser for help on using the repository browser.