Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #cloud-config
- apt_update: true
- packages:
- - openvpn
- - easy-rsa
- runcmd:
- - IPADDR=$(dig +short myip.opendns.com @resolver1.opendns.com)
- - gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
- - sed -i -e 's/;cipher DES-EDE3-CBC \# Triple-DES/;cipher DES-EDE3-CBC \# Triple-DES\ncipher AES-256-CBC/' /etc/openvpn/server.conf
- - sed -i -e 's/dh dh1024.pem/dh dh2048.pem/' /etc/openvpn/server.conf
- - sed -i -e 's/port 1194/port 8443/' /etc/openvpn/server.conf
- - sed -i -e 's/proto udp/proto tcp/' /etc/openvpn/server.conf
- - sed -i -e 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/' /etc/openvpn/server.conf
- - sed -i -e 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 208.67.222.222"/' /etc/openvpn/server.conf
- - sed -i -e 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 208.67.220.220"/' /etc/openvpn/server.conf
- - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/server.conf
- - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/server.conf
- - echo 1 > /proc/sys/net/ipv4/ip_forward
- - sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
- - cp -r /usr/share/easy-rsa/ /etc/openvpn
- - mkdir /etc/openvpn/easy-rsa/keys
- - sed -i -e 's/KEY_NAME="EasyRSA"/KEY_NAME="server"/' /etc/openvpn/easy-rsa/vars
- - openssl dhparam -out /etc/openvpn/dh2048.pem 2048
- - cd /etc/openvpn/easy-rsa && . ./vars
- # Optionally set indentity information for certificates:
- # - export KEY_COUNTRY="<%COUNTRY%>" # 2-char country code
- # - export KEY_PROVINCE="<%PROVINCE%>" # 2-char state/province code
- # - export KEY_CITY="<%CITY%>" # City name
- # - export KEY_ORG="<%ORG%>" # Org/company name
- # - export KEY_EMAIL="<%EMAIL%>" # Email address
- # - export KEY_OU="<%ORG_UNIT%>" # Orgizational unit / department
- - cd /etc/openvpn/easy-rsa && ./clean-all
- - cd /etc/openvpn/easy-rsa && ./build-ca --batch
- - cd /etc/openvpn/easy-rsa && ./build-key-server --batch server
- - cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn
- - cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn
- - cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn
- - systemctl start openvpn@server.service
- - cd /etc/openvpn/easy-rsa && ./build-key --batch client1
- - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e "s/;cipher x/cipher AES-256-CBC/" /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
- - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
- - cd /etc/openvpn/easy-rsa && ./build-key --batch client2
- - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/;cipher x/cipher AES-256-CBC/' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
- - mkdir /home/openvpn
- - cp /etc/openvpn/easy-rsa/keys/client1.ovpn /home/openvpn
- - cp /etc/openvpn/easy-rsa/keys/client2.ovpn /home/openvpn
- - chmod +r /home/openvpn/client1.ovpn
- - chmod +r /home/openvpn/client2.ovpn
Add Comment
Please, Sign In to add comment