Add Configuration file 'install_openvpn.conf.sample[H' for installation script.
This commit is contained in:
@@ -198,7 +198,7 @@ fi
|
||||
# - Make the package included scripts available in directory
|
||||
# - "/etc/openvpn/easy-rsa"
|
||||
# -
|
||||
echononl " Backup directory '/etc/openvpn/easy-rsa'.."
|
||||
echononl " Backup directory '${EASY_RSA_DIR}'.."
|
||||
if [[ -d "$EASY_RSA_DIR" ]]; then
|
||||
mv $EASY_RSA_DIR ${EASY_RSA_DIR}.$_date > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@@ -210,7 +210,7 @@ if [[ -d "$EASY_RSA_DIR" ]]; then
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
echononl " Create directory '/etc/openvpn/easy-rsa'.."
|
||||
echononl " Create directory '${EASY_RSA_DIR}'.."
|
||||
/usr/bin/make-cadir $EASY_RSA_DIR > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
@@ -351,6 +351,8 @@ fi
|
||||
# - export EASY_RSA=\$BASE_DIR/easy_rsa
|
||||
# - export KEY_DIR=\$BASE_DIR/keys
|
||||
# -
|
||||
# - export KEY_SIZE=$KEY_SIZE
|
||||
# -
|
||||
# - # root CA expires in 30 years (= 10950 days)
|
||||
# - export CA_EXPIRE=$CA_EXPIRE
|
||||
# -
|
||||
@@ -381,6 +383,11 @@ if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
|
||||
perl -i -n -p -e "s/^(\s*#*\s*export\s+KEY_SIZE=.*)/##\1\nexport KEY_SIZE=$KEY_SIZE/" ${EASY_RSA_DIR}/vars > "$log_file"
|
||||
2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
perl -i -n -p -e "s/^(\s*#*\s*export\s+CA_EXPIRE=.*)/##\1\nexport CA_EXPIRE=$CA_EXPIRE/" ${EASY_RSA_DIR}/vars > "$log_file"
|
||||
2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
@@ -550,7 +557,7 @@ echo ""
|
||||
# - to help block DoS attacks and UDP port flooding.
|
||||
# -
|
||||
echononl " Create 'ta.key' for additional security"
|
||||
openvpn --genkey --secret $OPENVPN_BASE_DIR/keys/ta.key > "$log_file" 2>&1
|
||||
openvpn --genkey --secret ${OPENVPN_BASE_DIR}/keys/ta.key > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@@ -707,16 +714,16 @@ dev tun
|
||||
# Any X509 key management system can be used.
|
||||
# OpenVPN can also use a PKCS #12 formatted key file
|
||||
# (see "pkcs12" directive in man page).
|
||||
ca keys/ca.crt
|
||||
cert keys/server.crt
|
||||
key keys/server.key # This file should be kept secret
|
||||
ca ${OPENVPN_BASE_DIR}/keys/ca.crt
|
||||
cert ${OPENVPN_BASE_DIR}/keys/server.crt
|
||||
key ${OPENVPN_BASE_DIR}/keys/server.key # This file should be kept secret
|
||||
|
||||
# Diffie hellman parameters.
|
||||
# Generate your own with:
|
||||
# openssl dhparam -out dh1024.pem 1024
|
||||
# Substitute 2048 for 1024 if you are using
|
||||
# 2048 bit keys.
|
||||
dh keys/dh2048.pem
|
||||
dh ${OPENVPN_BASE_DIR}/keys/dh2048.pem
|
||||
|
||||
# Configure server mode and supply a VPN subnet
|
||||
# for OpenVPN to draw client addresses from.
|
||||
@@ -872,7 +879,7 @@ keepalive 10 120
|
||||
# The second parameter should be '0'
|
||||
# on the server and '1' on the clients.
|
||||
;tls-auth ta.key 0 # This file is secret
|
||||
tls-auth keys/ta.key 0
|
||||
tls-auth ${OPENVPN_BASE_DIR}/keys/ta.key 0
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# This config item must be copied to
|
||||
@@ -936,8 +943,8 @@ verb 4
|
||||
# category will be output to the log.
|
||||
;mute 20
|
||||
|
||||
#crl-verify /etc/openvpn/keys/crl.pem
|
||||
crl-verify /etc/openvpn/crl.pem
|
||||
# CRL (certificate revocation list) verification
|
||||
crl-verify ${OPENVPN_BASE_DIR}/crl.pem
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
|
||||
Reference in New Issue
Block a user