changeset 216: |
aec98998d25e |
parent 215: |
f9dd5267b566 (diff) |
parent 213: |
a7129c8e52d1 (current diff) |
child 217: |
98abb7f50885 |
author: |
Richard Westhaver <ellis@rwest.io> |
date: |
Tue, 30 Apr 2024 23:08:08 +0000 |
files: |
|
description: |
merge |
1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2+++ b/scripts/easy-rsa-gen-ca.sh Tue Apr 30 23:08:08 2024 +0000
1.3@@ -0,0 +1,19 @@
1.4+#!/usr/bin/bash
1.5+cd /root
1.6+export EASYRSA=/etc/easy-rsa
1.7+export EASYRSA_VARS_FILE=/etc/easy-rsa/vars
1.8+easyrsa init-pki
1.9+easyrsa build-ca
1.10+# now copy /etc/easy-rsa/pki/ca.crt to vpn server /etc/openvpn/server/ca.crt
1.11+
1.12+# run easy-rsa-gen-server.sh
1.13+
1.14+# run easy-rsa-gen-client.sh
1.15+
1.16+# import and sign
1.17+
1.18+# delete temporary reqs
1.19+
1.20+# send signed certs back to client/server
1.21+
1.22+# chown openvpn:network /etc/openvpn/*/*.crt
2.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
2.2+++ b/scripts/easy-rsa-gen-client.sh Tue Apr 30 23:08:08 2024 +0000
2.3@@ -0,0 +1,4 @@
2.4+#!/usr/bin/bash
2.5+cd /etc/easy-rsa
2.6+easyrsa --use-algo=ed --curve=ed25519 --digest=sha512 init-pki
2.7+easyrsa gen-req $HOSTNAME nopass
3.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2+++ b/scripts/easy-rsa-gen-server.sh Tue Apr 30 23:08:08 2024 +0000
3.3@@ -0,0 +1,8 @@
3.4+#!/usr/bin/bash
3.5+cd /etc/easy-rsa
3.6+easyrsa init-pki
3.7+easyrsa gen-req $HOSTNAME nopass
3.8+cp /etc/easy-rsa/pki/private/$HOSTNAME.key /etc/openvpn/server/
3.9+# HMAC key with elliptic curve
3.10+openvpn --genkey tls-auth /etc/openvpn/server/ta.key
3.11+chown openvpn:network /etc/openvpn/server/ta.key