ref: 261a306e87671cb561ed3905816d7389b1eddb50
iron-vpn/openvpn-create-server.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
#! /bin/bash -x cd $(dirname $0) CURRDIR=$(pwd) #EASY_RSA_HOME=$CURRDIR/easy-rsa/easyrsa3 EASY_RSA_HOME=/usr/share/easy-rsa/ #.............................. code_country="IT" code_province="RM" code_city="Roma" code_organization="vpn.augentelematica.it" code_email="paolo@lulli.net" vpn_port="1194" #.............................. function ovpn_generate_ca() { VARS_CONTENT=$(cat<<__EOT__ export KEY_SIZE=2048 export CA_EXPIRE=3650 export KEY_EXPIRE=3650 export KEY_COUNTRY="${code_country}" export KEY_PROVINCE="${code_province}" export KEY_CITY="${code_city}" export KEY_ORG="${code_organization}" export KEY_EMAIL="${code_email}" export KEY_CN=${code_organization} export KEY_NAME=${code_organization} export KEY_OU=${code_organization} __EOT__) echo ${VARS_CONTENT} > $CURRDIR/vars source $CURRDIR/vars ${EASY_RSA_HOME}/easyrsa init-pki ${EASY_RSA_HOME}/easyrsa build-ca ${EASY_RSA_HOME}/easyrsa gen-dh } function ovpn_generate_server() { ${EASY_RSA_HOME}/easyrsa build-server-full ${code_organization} # DISCOURAGED: not to give it a pass #./easyrsa build-server-full ${code_organization} nopass } function ovpn_generate_server_assembly() { cd $CURRDIR mkdir -p "$CURRDIR/server/${code_organization}/${code_organization}" cp $CURRDIR/pki/ca.crt $CURRDIR/server/${code_organization}/${code_organization} cp $CURRDIR/pki/dh.pem $CURRDIR/server/${code_organization}/${code_organization} cp $CURRDIR/pki/issued/${code_organization}.crt $CURRDIR/server/${code_organization}/${code_organization} cp $CURRDIR/pki/private/${code_organization}.key $CURRDIR/server/${code_organization}/${code_organization} cat<<__EOT__>$CURRDIR/server/${code_organization}/${code_organization}.conf port ${vpn_port} proto tcp dev tun #askpass /etc/openvpn/passwordfile ca /etc/openvpn/${code_organization}/ca.crt cert /etc/openvpn/${code_organization}/${code_organization}.crt key /etc/openvpn/${code_organization}/${code_organization}.key dh /etc/openvpn/${code_organization}/dh.pem server 10.0.0.0 255.255.0.0 # GOOD IP RANGES: # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 ifconfig-pool-persist /etc/openvpn/${code_organization}/ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 3 client-to-client __EOT__ cd $CURRDIR/server/${code_organization} tar cvfz $CURRDIR/${code_organization}-server.tar.gz . } # MAIN ovpn_generate_ca ovpn_generate_server ovpn_generate_server_assembly |