Changeset 031ab69 for npl/internetserver/openvpn_conf/root/service/openvpn/run

Timestamp:

02/28/18 18:24:39 (7 years ago)

Author:

Edwin Eefting <edwin@datux.nl>

Branches:

master, perl-5.22

Children:

669bb09

Parents:

df958d5 (diff), 90f43e5 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'gcc484'

File:

• npl/internetserver/openvpn_conf/root/service/openvpn/run (modified) (1 diff)

npl/internetserver/openvpn_conf/root/service/openvpn/run

@@ -1 +1 @@
 #!/bin/bash
+
+set -e
+
+cd /etc/openvpn
+
+# key generation moved here, otherwise it takes too long (now the system is generating more entrophy because it continues to start)
+
+
+#basic setup
+if ! [ -e pki ]; then
+        ./easyrsa init-pki
+fi
+
+#create ca cert
+if ! [ -e pki/ca.crt ]; then
+        echo syn3 | ./easyrsa build-ca nopass
+fi
+
+#create server cert
+if ! [ -e pki/issued/server.crt ]; then
+        ./easyrsa build-server-full server nopass
+fi
+
+#create dh parameters
+if ! [ -e pki/dh.pem ]; then
+        ./easyrsa gen-dh
+fi
+
+#create CRL list
+if ! [ -e pki/crl.pem ]; then
+        ./easyrsa gen-crl
+fi
+
+#openvpn group
+if ! ( getent group | grep "OpenVPN access" &> /dev/null ) ; then
+ smbldap-groupadd -g 521 "OpenVPN access" || exit 1;
+fi
+
+#openvpn ipblock
+NAME="OpenVPN clients"
+if ! grep "$NAME" /etc/firewall/ipblocks; then
+        echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks
+fi
+
+#create tlsauth key
+if ! [ -e pki/ta.key ]; then
+        openvpn --genkey --secret pki/ta.key
+fi
+
 
 modprobe tun
 
-cd /etc/openvpn
 exec openvpn --config openvpn.conf --config openvpn_syn3.conf  --config openvpn_custom.conf