| changeset 214: | 847281f20daf |
|---|---|
| parent 211: | 55bb4d6a1a46 |
| child 215: | f9dd5267b566 |
| author: | Richard Westhaver <ellis@rwest.io> |
| date: | Mon, 29 Apr 2024 00:27:10 +0000 |
| files: | scripts/easy-rsa-gen-ca.sh scripts/easy-rsa-gen-client.sh scripts/easy-rsa-gen-server.sh |
| description: | easy-rsa |
1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2+++ b/scripts/easy-rsa-gen-ca.sh Mon Apr 29 00:27:10 2024 +0000 1.3@@ -0,0 +1,19 @@ 1.4+#!/usr/bin/bash 1.5+cd /root 1.6+export EASYRSA=/etc/easy-rsa 1.7+export EASYRSA_VARS_FILE=/etc/easy-rsa/vars 1.8+easyrsa init-pki 1.9+easyrsa build-ca 1.10+# now copy /etc/easy-rsa/pki/ca.crt to vpn server /etc/openvpn/server/ca.crt 1.11+ 1.12+# run easy-rsa-gen-server.sh 1.13+ 1.14+# run easy-rsa-gen-client.sh 1.15+ 1.16+# import and sign 1.17+ 1.18+# delete temporary reqs 1.19+ 1.20+# send signed certs back to client/server 1.21+ 1.22+# chown openvpn:network /etc/openvpn/*/*.crt
2.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2+++ b/scripts/easy-rsa-gen-client.sh Mon Apr 29 00:27:10 2024 +0000 2.3@@ -0,0 +1,4 @@ 2.4+#!/usr/bin/bash 2.5+cd /etc/easy-rsa 2.6+easyrsa --use-algo=ed --curve=ed25519 --digest=sha512 init-pki 2.7+easyrsa gen-req $HOSTNAME nopass
3.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2+++ b/scripts/easy-rsa-gen-server.sh Mon Apr 29 00:27:10 2024 +0000 3.3@@ -0,0 +1,8 @@ 3.4+#!/usr/bin/bash 3.5+cd /etc/easy-rsa 3.6+easyrsa init-pki 3.7+easyrsa gen-req $HOSTNAME nopass 3.8+cp /etc/easy-rsa/pki/private/$HOSTNAME.key /etc/openvpn/server/ 3.9+# HMAC key with elliptic curve 3.10+openvpn --genkey tls-auth /etc/openvpn/server/ta.key 3.11+chown openvpn:network /etc/openvpn/server/ta.key