daily pastebin goal
15%
SHARE
TWEET

Untitled

a guest Mar 20th, 2018 100 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #cloud-config
  2. apt_update: true
  3. packages:
  4.   - openvpn
  5.   - easy-rsa
  6. runcmd:
  7.   - IPADDR=$(dig +short myip.opendns.com @resolver1.opendns.com)
  8.   - gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
  9.   - sed -i -e 's/;cipher DES-EDE3-CBC  \# Triple-DES/;cipher DES-EDE3-CBC  \# Triple-DES\ncipher AES-256-CBC/' /etc/openvpn/server.conf
  10.   - sed -i -e 's/dh dh1024.pem/dh dh2048.pem/' /etc/openvpn/server.conf
  11.   - sed -i -e 's/port 1194/port 8443/' /etc/openvpn/server.conf
  12.   - sed -i -e 's/proto udp/proto tcp/' /etc/openvpn/server.conf
  13.   - sed -i -e 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/' /etc/openvpn/server.conf
  14.   - sed -i -e 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 208.67.222.222"/' /etc/openvpn/server.conf
  15.   - sed -i -e 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 208.67.220.220"/' /etc/openvpn/server.conf
  16.   - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/server.conf
  17.   - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/server.conf
  18.   - echo 1 > /proc/sys/net/ipv4/ip_forward
  19.   - sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
  20.  
  21.   - cp -r /usr/share/easy-rsa/ /etc/openvpn
  22.   - mkdir /etc/openvpn/easy-rsa/keys
  23.   - sed -i -e 's/KEY_NAME="EasyRSA"/KEY_NAME="server"/' /etc/openvpn/easy-rsa/vars
  24.   - openssl dhparam -out /etc/openvpn/dh2048.pem 2048
  25.   - cd /etc/openvpn/easy-rsa && . ./vars
  26.   # Optionally set indentity information for certificates:
  27.   # - export KEY_COUNTRY="<%COUNTRY%>" # 2-char country code
  28.   # - export KEY_PROVINCE="<%PROVINCE%>" # 2-char state/province code
  29.   # - export KEY_CITY="<%CITY%>" # City name
  30.   # - export KEY_ORG="<%ORG%>" # Org/company name
  31.   # - export KEY_EMAIL="<%EMAIL%>" # Email address
  32.   # - export KEY_OU="<%ORG_UNIT%>" # Orgizational unit / department
  33.   - cd /etc/openvpn/easy-rsa && ./clean-all
  34.   - cd /etc/openvpn/easy-rsa && ./build-ca --batch
  35.   - cd /etc/openvpn/easy-rsa && ./build-key-server --batch server
  36.   - cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn
  37.   - cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn
  38.   - cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn
  39.   - systemctl start openvpn@server.service
  40.  
  41.   - cd /etc/openvpn/easy-rsa && ./build-key --batch client1
  42.   - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client1.ovpn
  43.   - sed -i -e "s/;cipher x/cipher AES-256-CBC/" /etc/openvpn/easy-rsa/keys/client1.ovpn
  44.   - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client1.ovpn
  45.   - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client1.ovpn
  46.   - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client1.ovpn
  47.   - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  48.   - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  49.   - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  50.   - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  51.   - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  52.   - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  53.   - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  54.   - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  55.   - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  56.   - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  57.   - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  58.   - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  59.  
  60.   - cd /etc/openvpn/easy-rsa && ./build-key --batch client2
  61.   - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client2.ovpn
  62.   - sed -i -e 's/;cipher x/cipher AES-256-CBC/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  63.   - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client2.ovpn
  64.   - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  65.   - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  66.   - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  67.   - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  68.   - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  69.   - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  70.   - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  71.   - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  72.   - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  73.   - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  74.   - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  75.   - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  76.   - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  77.   - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  78.  
  79.   - mkdir /home/openvpn
  80.   - cp /etc/openvpn/easy-rsa/keys/client1.ovpn /home/openvpn
  81.   - cp /etc/openvpn/easy-rsa/keys/client2.ovpn /home/openvpn
  82.   - chmod +r /home/openvpn/client1.ovpn
  83.   - chmod +r /home/openvpn/client2.ovpn
RAW Paste Data
Top