Context Navigation

← Previous Change
Next Change →

openvpn_conf

Timestamp:

02/28/18 18:24:39 (7 years ago)

Author:

Edwin Eefting <edwin@datux.nl>

Branches:

master, perl-5.22

Children:

669bb09

Parents:

df958d5 (diff), 90f43e5 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'gcc484'

Location:

npl/internetserver/openvpn_conf

Files:

: 1 deleted
: 5 edited

openvpn_conf.SlackBuild.log.gz (modified) (previous)
openvpn_conf.build (modified) (1 diff)
openvpn_conf.md5 (modified) (2 diffs)
openvpn_conf.pkg (modified) (previous)
root/etc/postinst.d/post.openvpn (deleted)
root/service/openvpn/run (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

npl/internetserver/openvpn_conf/openvpn_conf.build

rdf958d5	r031ab69
1		6558
	1	6560

npl/internetserver/openvpn_conf/openvpn_conf.md5

-                      rdf958d5
+                      r031ab69
 e6b8830262387e5096021399e73eacfe  ./openvpn_conf.pkg
+c944c634d7d393d656a8bc72981d857d  ./openvpn_conf.pkg
 b418d4c2197708760319d4097906e  ./openvpn_conf.SlackBuild
 b7d6e39f812d1cca79c92ee2d8f014  ./openvpn_conf.SlackBuild.log.gz
+ef78f7a58f409156e4e23271ae51  ./openvpn_conf.SlackBuild.log.gz
 f2d27b9254da5877e03719a9228  ./root/etc/firewall/services.openvpn
 d08314120a94191e539c792b1c410a2  ./root/etc/openvpn/easyrsa
 …
 d0d7a06379af67505bf5dae59d3e7afb  ./root/etc/openvpn/x509-types/server
 c8fadda104656594f3ceadbb13d9d178  ./root/etc/pam.d/openvpn
+b5c1be62a06a25f07bb7360014c82e7  ./root/etc/postinst.d/post.openvpn
+b4cd1c6ab389a60ed98da6d792339fa7  ./root/service/openvpn/run
+a6e8a68a743fe6448c01ccba1db33569  ./root/service/openvpn/run

npl/internetserver/openvpn_conf/root/service/openvpn/run

-                      rdf958d5
+                      r031ab69
 #!/bin/bash
+set -e
+cd /etc/openvpn
+# key generation moved here, otherwise it takes too long (now the system is generating more entrophy because it continues to start)
+#basic setup
+if ! [ -e pki ]; then
+        ./easyrsa init-pki
+fi
+#create ca cert
+if ! [ -e pki/ca.crt ]; then
+        echo syn3 | ./easyrsa build-ca nopass
+fi
+#create server cert
+if ! [ -e pki/issued/server.crt ]; then
+        ./easyrsa build-server-full server nopass
+fi
+#create dh parameters
+if ! [ -e pki/dh.pem ]; then
+        ./easyrsa gen-dh
+fi
+#create CRL list
+if ! [ -e pki/crl.pem ]; then
+        ./easyrsa gen-crl
+fi
+#openvpn group
+if ! ( getent group | grep "OpenVPN access" &> /dev/null ) ; then
+ smbldap-groupadd -g 521 "OpenVPN access" || exit 1;
+fi
+#openvpn ipblock
+NAME="OpenVPN clients"
+if ! grep "$NAME" /etc/firewall/ipblocks; then
+        echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks
+fi
+#create tlsauth key
+if ! [ -e pki/ta.key ]; then
+        openvpn --genkey --secret pki/ta.key
+fi
 modprobe tun
-cd /etc/openvpn
 exec openvpn --config openvpn.conf --config openvpn_syn3.conf  --config openvpn_custom.conf

Note: See TracChangeset for help on using the changeset viewer.