# HG changeset patch # User Richard Westhaver # Date 1714350430 0 # Node ID 847281f20daf6ec622dc958727d7493826850714 # Parent 55bb4d6a1a46a899561ebb792b84d92f153f1aac easy-rsa diff -r 55bb4d6a1a46 -r 847281f20daf scripts/easy-rsa-gen-ca.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/scripts/easy-rsa-gen-ca.sh Mon Apr 29 00:27:10 2024 +0000 @@ -0,0 +1,19 @@ +#!/usr/bin/bash +cd /root +export EASYRSA=/etc/easy-rsa +export EASYRSA_VARS_FILE=/etc/easy-rsa/vars +easyrsa init-pki +easyrsa build-ca +# now copy /etc/easy-rsa/pki/ca.crt to vpn server /etc/openvpn/server/ca.crt + +# run easy-rsa-gen-server.sh + +# run easy-rsa-gen-client.sh + +# import and sign + +# delete temporary reqs + +# send signed certs back to client/server + +# chown openvpn:network /etc/openvpn/*/*.crt diff -r 55bb4d6a1a46 -r 847281f20daf scripts/easy-rsa-gen-client.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/scripts/easy-rsa-gen-client.sh Mon Apr 29 00:27:10 2024 +0000 @@ -0,0 +1,4 @@ +#!/usr/bin/bash +cd /etc/easy-rsa +easyrsa --use-algo=ed --curve=ed25519 --digest=sha512 init-pki +easyrsa gen-req $HOSTNAME nopass diff -r 55bb4d6a1a46 -r 847281f20daf scripts/easy-rsa-gen-server.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/scripts/easy-rsa-gen-server.sh Mon Apr 29 00:27:10 2024 +0000 @@ -0,0 +1,8 @@ +#!/usr/bin/bash +cd /etc/easy-rsa +easyrsa init-pki +easyrsa gen-req $HOSTNAME nopass +cp /etc/easy-rsa/pki/private/$HOSTNAME.key /etc/openvpn/server/ +# HMAC key with elliptic curve +openvpn --genkey tls-auth /etc/openvpn/server/ta.key +chown openvpn:network /etc/openvpn/server/ta.key