Changeset 7d1e056 for npl/internetserver/openvpn_conf/root/service/openvpn/run

Timestamp:

02/28/18 17:07:47 (7 years ago)

Author:

Edwin Eefting <edwin@datux.nl>

Branches:

gcc484, master, perl-5.22

Children:

90f43e5

Parents:

7afb649

Message:

moved openvpn config from postinstall to runscript

File:

• npl/internetserver/openvpn_conf/root/service/openvpn/run (modified) (1 diff)

npl/internetserver/openvpn_conf/root/service/openvpn/run

@@ -1 +1 @@
 #!/bin/bash
+
+set -e
+
+cd /etc/openvpn
+
+# key generation moved here, otherwise it takes too long (now the system is generating more entrophy because it continues to start)
+
+
+#basic setup
+if ! [ -e pki ]; then
+        ./easyrsa init-pki
+fi
+
+#create ca cert
+if ! [ -e pki/ca.crt ]; then
+        echo syn3 | ./easyrsa build-ca nopass
+fi
+
+#create server cert
+if ! [ -e pki/issued/server.crt ]; then
+        ./easyrsa build-server-full server nopass
+fi
+
+#create dh parameters
+if ! [ -e pki/dh.pem ]; then
+        ./easyrsa gen-dh
+fi
+
+#create CRL list
+if ! [ -e pki/crl.pem ]; then
+        ./easyrsa gen-crl
+fi
+
+#openvpn group
+if ! ( getent group | grep "OpenVPN access" &> /dev/null ) ; then
+ smbldap-groupadd -g 521 "OpenVPN access" || exit 1;
+fi
+
+#openvpn ipblock
+NAME="OpenVPN clients"
+if ! grep "$NAME" /etc/firewall/ipblocks; then
+        echo "$NAME='10.8.0.0/24'" >> /etc/firewall/ipblocks
+fi
+
+#create tlsauth key
+if ! [ -e pki/ta.key ]; then
+        openvpn --genkey --secret pki/ta.key
+fi
+
 
 modprobe tun
 
-cd /etc/openvpn
 exec openvpn --config openvpn.conf
+