Commit 0b666557 authored by root's avatar root
Browse files
parents 51b060fd 4fca371a
......@@ -66,7 +66,7 @@ emailAddress = optional
[ req ]
# Commented out for bug hack reasons. See postinst for more info.
#prompt = no
extendedKeyUsage = clientAuth
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
......@@ -157,10 +157,8 @@ authorityKeyIdentifier=keyid,issuer:always
#nsSslServerName
[ server ]
# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType = server
extendedKeyUsage = serverAuth
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
......
openvpn-server (0.9.2) lucid precise xeniel; urgency=low
* Fix error on install with systemd not seeing reload untill restart has been return
* Fix bug in echo that caused error on exit with builds
* Remove shorewall restart, not much point restarting shorewall if there are no rules added for the vars
* Fix nsCertType on server segment
* Fix bug in apt purge
-- Sol1 Packages <packages@sol1.com.au> Fri, 25 May 2018 16:39:00 +1000
openvpn-server (0.9.1) lucid precise xeniel; urgency=low
* Fix deprecated nsCertType server in openssl config
-- Sol1 Packages <packages@sol1.com.au> Fri, 25 May 2018 11:54:00 +1000
openvpn-server (0.9.0) lucid precise xeniel; urgency=low
* Upgrade dhparam strength to 4096
......
......@@ -216,7 +216,7 @@ ucf --debconf-ok $TMPCONF/$ORGNICK-server.conf /etc/openvpn/$ORGNICK-server.conf
rm -rf $TMPCONF
# Reload openvpn to take into account any changed settings
/usr/sbin/invoke-rc.d openvpn reload
/usr/sbin/invoke-rc.d openvpn restart
# Initalise ovs bash completion for this session
if [ -f /etc/bash_completion.d/ovs ] ; then
......
......@@ -5,13 +5,15 @@ if [ "$1" = "purge" ]; then
rm -f /etc/openvpn/${OVPN_ORGNICK}-server.conf
rm -f /etc/openvpn-server/openssl/openssl.cnf
rm -f /etc/openvpn-server/config.sh
rm -f /etc/openvpn-server/dh2048.pem
rm -f /etc/openvpn-server/ca.crl
ucf --purge /etc/openvpn-server/openssl/openssl.cnf
ucf --purge /etc/openvpn-server/config.sh
ucf --purge /etc/openvpn/${OVPN_ORGNICK}-server.conf
# wait until we've used the var's before we delete the file holding them
rm -f /etc/openvpn-server/config.sh
ucf --purge /etc/openvpn-server/config.sh
rmdir --ignore-fail-on-non-empty /etc/openvpn-server/openssl >/dev/null 2>&1 || true
rmdir --ignore-fail-on-non-empty /etc/openvpn-server >/dev/null 2>&1 || true
......
......@@ -37,7 +37,7 @@ function allocate_ip {
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
echo -n ""
fi
}
......
......@@ -71,3 +71,5 @@ fi
rm -rf $WORKDIR
allocate_ip()
echo "Your OpenVPN config file is ${OVPNFILE}"
......@@ -85,9 +85,9 @@ if [ "$EMAIL" = "y" ]; then
#EOM
uuencode $OVPNFILE $OVPNFILE | bsd-mailx -s "OpenVPN Client $OVPN_COMMONNAME" $EMAILADDRESS
else
echo -n
echo -n ""
fi
allocate_ip()
echo "Your OpenVPN config file is $OVPNFILE"
echo "Your OpenVPN config file is ${OVPNFILE}"
......@@ -60,4 +60,6 @@ rm -rf $WORKDIR
allocate_ip()
echo "Your OpenVPN config file is ${OVPNFILE}"
......@@ -83,21 +83,20 @@ if [ -x $ip ] ; then
echo "then run \$ $0 $COMMONNAME"
else
endpointip=$(get_server_endpoint_ip $ip)
echo "your new ip will be $ip"
echo "your new ip will be $ip"
echo "your new gateway will be $endpointip"
if [ $COMMONNAME != "" ] ; then
echo "writing new ccd $COMMONNAME"
echo ifconfig-push $ip $endpointip > $CCDDIR$COMMONNAME
if [ $COMMONNAME != "" ] ; then
echo "writing new ccd $COMMONNAME"
echo ifconfig-push $ip $endpointip > $CCDDIR$COMMONNAME
echo "writing new shorewall vars"
create_shorewall_vars
prompt_restart_shorewall
else
echo "no command name supplied so nothing will be written out"
echo "to write the results run \$ $0 <COMMONNAME>"
fi
echo "writing new shorewall vars"
create_shorewall_vars
else
echo "no command name supplied so nothing will be written out"
echo "to write the results run \$ $0 <COMMONNAME>"
fi
fi
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment