API tools faq
paste
Guest User

Untitled

a guest
Mar 20th, 2018
290
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.10 KB | None | 0 0
raw download clone embed print report
  1. #cloud-config
  2. apt_update: true
  3. packages:
  4. - openvpn
  5. - easy-rsa
  6. runcmd:
  7. - IPADDR=$(dig +short myip.opendns.com @resolver1.opendns.com)
  8. - gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
  9. - sed -i -e 's/;cipher DES-EDE3-CBC \# Triple-DES/;cipher DES-EDE3-CBC \# Triple-DES\ncipher AES-256-CBC/' /etc/openvpn/server.conf
  10. - sed -i -e 's/dh dh1024.pem/dh dh2048.pem/' /etc/openvpn/server.conf
  11. - sed -i -e 's/port 1194/port 8443/' /etc/openvpn/server.conf
  12. - sed -i -e 's/proto udp/proto tcp/' /etc/openvpn/server.conf
  13. - sed -i -e 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/' /etc/openvpn/server.conf
  14. - sed -i -e 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 208.67.222.222"/' /etc/openvpn/server.conf
  15. - sed -i -e 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 208.67.220.220"/' /etc/openvpn/server.conf
  16. - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/server.conf
  17. - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/server.conf
  18. - echo 1 > /proc/sys/net/ipv4/ip_forward
  19. - sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
  20.  
  21. - cp -r /usr/share/easy-rsa/ /etc/openvpn
  22. - mkdir /etc/openvpn/easy-rsa/keys
  23. - sed -i -e 's/KEY_NAME="EasyRSA"/KEY_NAME="server"/' /etc/openvpn/easy-rsa/vars
  24. - openssl dhparam -out /etc/openvpn/dh2048.pem 2048
  25. - cd /etc/openvpn/easy-rsa && . ./vars
  26. # Optionally set indentity information for certificates:
  27. # - export KEY_COUNTRY="<%COUNTRY%>" # 2-char country code
  28. # - export KEY_PROVINCE="<%PROVINCE%>" # 2-char state/province code
  29. # - export KEY_CITY="<%CITY%>" # City name
  30. # - export KEY_ORG="<%ORG%>" # Org/company name
  31. # - export KEY_EMAIL="<%EMAIL%>" # Email address
  32. # - export KEY_OU="<%ORG_UNIT%>" # Orgizational unit / department
  33. - cd /etc/openvpn/easy-rsa && ./clean-all
  34. - cd /etc/openvpn/easy-rsa && ./build-ca --batch
  35. - cd /etc/openvpn/easy-rsa && ./build-key-server --batch server
  36. - cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn
  37. - cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn
  38. - cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn
  39. - systemctl start openvpn@server.service
  40.  
  41. - cd /etc/openvpn/easy-rsa && ./build-key --batch client1
  42. - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client1.ovpn
  43. - sed -i -e "s/;cipher x/cipher AES-256-CBC/" /etc/openvpn/easy-rsa/keys/client1.ovpn
  44. - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client1.ovpn
  45. - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client1.ovpn
  46. - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client1.ovpn
  47. - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  48. - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  49. - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client1.ovpn
  50. - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  51. - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  52. - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  53. - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  54. - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  55. - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  56. - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  57. - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  58. - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client1.ovpn
  59.  
  60. - cd /etc/openvpn/easy-rsa && ./build-key --batch client2
  61. - cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client2.ovpn
  62. - sed -i -e 's/;cipher x/cipher AES-256-CBC/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  63. - sed -i -e "s/my-server-1/$IPADDR/" /etc/openvpn/easy-rsa/keys/client2.ovpn
  64. - sed -i -e 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  65. - sed -i -e 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client2.ovpn
  66. - sed -i -e 's/ca ca.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  67. - sed -i -e 's/cert client.crt//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  68. - sed -i -e 's/key client.key//' /etc/openvpn/easy-rsa/keys/client2.ovpn
  69. - echo "<ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  70. - cat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  71. - echo "</ca>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  72. - echo "<cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  73. - openssl x509 -outform PEM -in /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  74. - echo "</cert>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  75. - echo "<key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  76. - cat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  77. - echo "</key>" >> /etc/openvpn/easy-rsa/keys/client2.ovpn
  78.  
  79. - mkdir /home/openvpn
  80. - cp /etc/openvpn/easy-rsa/keys/client1.ovpn /home/openvpn
  81. - cp /etc/openvpn/easy-rsa/keys/client2.ovpn /home/openvpn
  82. - chmod +r /home/openvpn/client1.ovpn
  83. - chmod +r /home/openvpn/client2.ovpn
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!