changeset 214: |
847281f20daf |
parent 211: |
55bb4d6a1a46 |
child 215: |
f9dd5267b566 |
author: |
Richard Westhaver <ellis@rwest.io> |
date: |
Mon, 29 Apr 2024 00:27:10 +0000 |
files: |
scripts/easy-rsa-gen-ca.sh scripts/easy-rsa-gen-client.sh scripts/easy-rsa-gen-server.sh |
description: |
easy-rsa |
1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2+++ b/scripts/easy-rsa-gen-ca.sh Mon Apr 29 00:27:10 2024 +0000
1.3@@ -0,0 +1,19 @@
1.4+#!/usr/bin/bash
1.5+cd /root
1.6+export EASYRSA=/etc/easy-rsa
1.7+export EASYRSA_VARS_FILE=/etc/easy-rsa/vars
1.8+easyrsa init-pki
1.9+easyrsa build-ca
1.10+# now copy /etc/easy-rsa/pki/ca.crt to vpn server /etc/openvpn/server/ca.crt
1.11+
1.12+# run easy-rsa-gen-server.sh
1.13+
1.14+# run easy-rsa-gen-client.sh
1.15+
1.16+# import and sign
1.17+
1.18+# delete temporary reqs
1.19+
1.20+# send signed certs back to client/server
1.21+
1.22+# chown openvpn:network /etc/openvpn/*/*.crt
2.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
2.2+++ b/scripts/easy-rsa-gen-client.sh Mon Apr 29 00:27:10 2024 +0000
2.3@@ -0,0 +1,4 @@
2.4+#!/usr/bin/bash
2.5+cd /etc/easy-rsa
2.6+easyrsa --use-algo=ed --curve=ed25519 --digest=sha512 init-pki
2.7+easyrsa gen-req $HOSTNAME nopass
3.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2+++ b/scripts/easy-rsa-gen-server.sh Mon Apr 29 00:27:10 2024 +0000
3.3@@ -0,0 +1,8 @@
3.4+#!/usr/bin/bash
3.5+cd /etc/easy-rsa
3.6+easyrsa init-pki
3.7+easyrsa gen-req $HOSTNAME nopass
3.8+cp /etc/easy-rsa/pki/private/$HOSTNAME.key /etc/openvpn/server/
3.9+# HMAC key with elliptic curve
3.10+openvpn --genkey tls-auth /etc/openvpn/server/ta.key
3.11+chown openvpn:network /etc/openvpn/server/ta.key