install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:f3a4dea46b11712db56990c8cf2568592f6b892c
Branches Tags
install:master
...
compare: install:master
Branches Tags
install:master

4 Commits
f3a4dea46b ... master

Author SHA1 Message Date
Christoph
d92a31dfc4 install_openvpn.sh: support debian 13 2025-11-30 23:49:57 +01:00
Christoph
e8593c410b build_key-pass.sh: set default user for VPN credentials to save to 'chris'. 2025-06-06 10:10:09 +02:00
Christoph
2e96d24151 Adjust client configuration version 3 for windows openvpn connector. 2024-12-09 19:23:01 +01:00
Christoph
d567f5583b README.error: add workarround for error 'build-client-full' does not support setting an external commonName. 2024-05-28 01:01:29 +02:00
4 changed files with 260 additions and 71 deletions
Expand all files Collapse all files

14
README.error
View File

@@ -1,3 +1,17 @@
# ---
# Error: Option conflict: 'build-client-full' does not support setting an external commonName
# ---
# workarround:
#
# see: https://github.com/OpenVPN/easy-rsa/issues/717
#
# EASYRSA_REQ_CN should probably be removed from vars.example.
fqp_path_to_vars="/etc/openvpn/server/gw-ckubu/easy-rsa/vars"
perl -i -n -p -e "s/^\s*(set_var\s+EASYRSA_REQ_CN.*)/#####\1/g" ${fqp_path_to_vars}
# ---
# Error: AEAD Decrypt error: bad packet ID
# ---

16
build_key-pass.sh
View File

@@ -7,6 +7,8 @@ _date="$(date +%Y-%m-%d-%H%M)"
key_names_reserverd="ta ca server"
DEFAULT_USER_TO_COPY_CREDENTIALS=chris
#---------------------------------------
#-----------------------------
# Some functions
@@ -964,6 +966,20 @@ comp-lzo yes
EOF
fi
if [[ -n ${DNS_SERVER} ]] && [[ "${DNS_SERVER,,}" != "none" ]] ; then
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
# Pusch Nameserver Settinggs..
dhcp-option DNS ${DNS_SERVER}
EOF
if [[ -n ${SEARCH_DOMAINS} ]] && [[ "${SEARCH_DOMAINS,}" != "none" ]] ; then
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
dhcp-option DOMAIN ${SEARCH_DOMAINS}
EOF
fi
fi
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
# --auth-nocache

15
create_key_config.sh
View File

@@ -226,7 +226,6 @@ fi
[[ -n "$OPENVPN_SERVER" ]] || fatal "OpenVPN Server (parameter OPENVPN_SERVER ) not present!"
[[ -n "$SERVER_PORT" ]] || fatal "Server Port (parameter SERVER_PORT ) not present!"
if [[ -z "$LZO_COMPRESSION" ]]; then
LZO_COMPRESSION=false
elif [[ "${LZO_COMPRESSION,,}" = "yes" ]] ; then
@@ -906,6 +905,20 @@ comp-lzo yes
EOF
fi
if [[ -n ${DNS_SERVER} ]] && [[ "${DNS_SERVER,,}" != "none" ]] ; then
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
# Pusch Nameserver Settinggs..
dhcp-option DNS ${DNS_SERVER}
EOF
if [[ -n ${SEARCH_DOMAINS} ]] && [[ "${SEARCH_DOMAINS,}" != "none" ]] ; then
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
dhcp-option DOMAIN ${SEARCH_DOMAINS}
EOF
fi
fi
cat <<EOF >> ${_client_openvpn_connector_v3} 2>> "$log_file"
# --auth-nocache

286
install_openvpn.sh
View File

@@ -209,7 +209,7 @@ systemd=$(which systemd)
systemctl=$(which systemctl)
systemd_supported=false
if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then
if [[ -n "$systemd" ]] || [[ -n "$systemctl" ]] ; then
systemd_supported=true
else
if [[ ! -x $init_script ]]; then
@@ -2091,79 +2091,170 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 9 ]] ; then
_key="EASYRSA_OPENSSL"
_val="openssl"
perl -i.$_date -n -p -e "s&^(\s*#*\s*#set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_PKI"
_val="${OPENVPN_KEY_DIR}"
perl -i.$_date -n -p -e "s&^(\s*#*\s*#set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
# EASYRSA_KEY_SIZE
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+EASYRSA_KEY_SIZE\s+.*)&##\1\nset_var EASYRSA_KEY_SIZE\t\t ${KEY_SIZE}&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
_key="EASYRSA_KEY_SIZE"
_val="${KEY_SIZE}"
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
# EASYRSA_ALGO
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+EASYRSA_ALGO\s+.*)&##\1\nset_var EASYRSA_ALGO\t\t rsa&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
_key="EASYRSA_ALGO"
_val="rsa"
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_DN"
_val=""org
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+EASYRSA_DN\s+.*)&##\1\nset_var EASYRSA_DN\t\t \"org\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
_val="org"
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_COUNTRY"
_val="$KEY_COUNTRY"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_PROVINCE"
_val="$KEY_PROVINCE"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_CITY"
_val="$KEY_CITY"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_ORG"
_val="$KEY_ORG"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_EMAIL"
_val="$KEY_EMAIL"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_OU"
_val="$KEY_OU"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_REQ_CN"
_val="$KEY_CN"
@@ -2179,38 +2270,93 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 9 ]] ; then
_key="EASYRSA_CA_EXPIRE"
_val="$CA_EXPIRE"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_CERT_EXPIRE"
_val="$CERT_EXPIRE"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_CRL_DAYS"
_val="$CERT_EXPIRE"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_CERT_RENEW"
_val="365"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="EASYRSA_BATCH"
_val="1"
perl -i -n -p -e "s&^(\s*#*\s*#set_var\s+$_key\s+.*)&##\1\nset_var $_key\t\t \"$_val\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
_key="KEY_ALTNAMES"
_val="${KEY_ALTNAMES}"
if $(grep -qE "^\s*#*\s*#*set_var\s+${_key}" ${EASY_RSA_DIR}/vars ) ; then
perl -i -n -p -e "s&^(\s*#*\s*#*set_var\s+${_key}\s+.*)&##\1\nset_var ${_key}\t\t \"${_val}\"&" ${EASY_RSA_DIR}/vars > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
_failed=true
fi
else
echo -e "\nset_var ${_key}\t\t\"${_val}\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
else
perl -i.$_date -n -p -e "s&^(\s*#*\s*export\s+EASY_RSA=.*)&##\1\nexport BASE_DIR=\"${OPENVPN_BASE_DIR}\"\nexport EASY_RSA=\"\\\$BASE_DIR/easy-rsa\"&" ${EASY_RSA_DIR}/vars > "$log_file"
@@ -2281,11 +2427,11 @@ else
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
echo -e "\nexport KEY_ALTNAMES=\"$KEY_ALTNAMES\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
echo -e "\nexport KEY_ALTNAMES=\"$KEY_ALTNAMES\"" >> ${EASY_RSA_DIR}/vars 2> "$log_file"
if [[ $? -ne 0 ]]; then
_failed=true
fi
fi
if $_failed ; then