Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nano vars #set organization info
- ./easyrsa init-pki
- ./easyrsa build-ca nopass //create ca.crt
- cd ../EasyRSA-v3.0.6_locahost/
- ./easyrsa init-pki
- ./easyrsa gen-req hz3server nopass
- cp pki/private/hz3server.key /etc/openvpn/
- #cp pki/reqs/hz3server.req /tmp/
- cd ../EasyRSA-v3.0.6
- ./easyrsa import-req /tmp/hz3server.req hz3server
- ./easyrsa sign-req server hz3server
- #Certificate created at: /path_to_easyrsa/EasyRSA-v3.0.6/pki/issued/hz3server.crt
- cp /tmp/hz3server.crt /etc/openvpn/
- cp /tmp/ca.crt /etc/openvpn/
- cd ../EasyRSA-v3.0.6_locahost/
- ./easyrsa gen-dh
- #DH parameters of size 2048 created at /path_to_easyrsa/EasyRSA-v3.0.6_localhost/pki/dh.pem
- openvpn --genkey --secret ta.key
- cp ta.key /etc/openvpn/
- cp pki/dh.pem /etc/openvpn/
- mkdir -p client-config/keys
- ./easyrsa gen-req client1 nopass
- cp pki/private/client1.key client-config/keys/
- cd ../EasyRSA-v3.0.6
- ./easyrsa import-req /tmp/client1.req client1
- ./easyrsa sign-req client client1
- cp pki/issued/client1.crt /path_to_easyrsa/EasyRSA-v3.0.6_localhost/client-config/keys
- cd ../EasyRSA-v3.0.6_locahost/
- cp ta.key client-config/keys
- cp /etc/openvpn/ca.crt client-config/keys/
- cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
- gzip -d /etc/openvpn/server.conf.gz
- mkdir client-config/files
- cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf client-config/
- mv client-config/client.conf client-config/base.conf
- touch client-config/make_config.sh
- #!/bin/bash
- # First argument: Client identifier
- KEY_DIR=/root/openvpn/easyrsa/EasyRSA-v3.0.6_locahost/client-config/keys
- OUTPUT_DIR=/root/openvpn/easyrsa/EasyRSA-v3.0.6_locahost/client-config/files
- BASE_CONFIG=/root/openvpn/easyrsa/EasyRSA-v3.0.6_locahost/client-config/base.conf
- cat ${BASE_CONFIG} \
- <(echo -e '<ca>') \
- ${KEY_DIR}/ca.crt \
- <(echo -e '</ca>\n<cert>') \
- ${KEY_DIR}/${1}.crt \
- <(echo -e '</cert>\n<key>') \
- ${KEY_DIR}/${1}.key \
- <(echo -e '</key>\n<tls-auth>') \
- ${KEY_DIR}/ta.key \
- <(echo -e '</tls-auth>') \
- > ${OUTPUT_DIR}/${1}.ovpn
- chmod +x client-config/make_config.sh
- cd client-config/
- ./make_config.sh client1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement