Commit 1240eb12 authored by Lindsay Harvey's avatar Lindsay Harvey
Browse files

Big rewrite of OVS init script and required changes to effected scripts and templates

parent a590a682
Pipeline #918 passed with stage
in 18 seconds
......@@ -79,30 +79,13 @@ string_mask = nombstr
req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = %%KEY_COUNTRY%%
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = %%KEY_PROVINCE%%
localityName = Locality Name (eg, city)
localityName_default = %%KEY_CITY%%
0.organizationName = Organization Name (eg, company)
0.organizationName_default = %%KEY_ORGANISATION%%
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_default = $ENV::KEY_NAME
commonName_max = 64
emailAddress = Email Address
emailAddress_default = $ENV::KEY_EMAIL
emailAddress_max = 40
countryName = %%KEY_COUNTRY%%
stateOrProvinceName = %%KEY_PROVINCE%%
localityName = %%KEY_CITY%%
0.organizationName = %%KEY_ORGANISATION%%
organizationalUnitName = OpenVPN
commonName = $ENV::KEY_NAME
emailAddress = $ENV::KEY_EMAIL
# SET-ex3 = SET extension number 3
......
dev tun
remote %%REMOTE%%
port 1194
port %%PORT%%
proto %%PROTOCOL%%
nobind
client
comp-lzo
pkcs12 %%ORGNICK%%-%%USERNAME%%.p12
remote-cert-tls server
cipher AES-256-CBC
......
dev tun
remote %%REMOTE%%
port 1194
port %%PORT%%
proto %%PROTOCOL%%
nobind
client
comp-lzo
remote-cert-tls server
cipher AES-256-CBC
pull
......
port %%SERVER_PORT%%
proto %%SERVER_PROTOCOL%%
dev tun
dh /etc/openvpn-server/dh4096.pem
pkcs12 /etc/openvpn-server/%%ORGNICK%%-server.p12
crl-verify /etc/openvpn-server/ca.crl
remote-cert-tls client
cipher AES-256-CBC
# Add a client config dir and don't allow connections if a client doesn't have a client config file
client-config-dir /etc/openvpn/ccd
ccd-exclusive
%%SERVERLINE%%
ifconfig-pool-persist /var/lib/openvpn-server/openvpn/ifconfig-pool.txt
%%SUBNETROUTES%%
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DOMAIN myfirst.domain"
#push "dhcp-option SEARCH myfirst.domain mysecond.domain"
keepalive 10 90
comp-lzo
persist-key
persist-tun
status /var/lib/openvpn-server/openvpn/status.log
status-version 2
verb 1
mute 5
\ No newline at end of file
......@@ -51,6 +51,8 @@ sed "s/%%ORGNICK%%/$OVPN_ORGNICK/;
sed "s/%%ORGNICK%%/$OVPN_ORGNICK/;
s/%%USERNAME%%/$OVPN_COMMONNAME/;
s/%%PORT%%/$OVPN_PORT/;
s/%%PROTOCOL%%/$OVPN_PROTO/;
s/%%REMOTE%%/$OVPN_REMOTE/" \
/usr/share/openvpn-server/config-templates/ovpn-client.conf \
> etc/openvpn/${FILEBASE}.conf
......
......@@ -40,7 +40,9 @@ CA=`cat "$OVPN_ORGNAME"-ca.crt`
CERT=`sed -n "/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p" $OVPN_COMMONNAME.crt`
KEY=`cat $OVPN_COMMONNAME.key`
sed "s/%%REMOTE%%/$OVPN_REMOTE/" \
sed "s/%%PORT%%/$OVPN_PORT/;
s/%%PROTOCOL%%/$OVPN_PROTO/;
s/%%REMOTE%%/$OVPN_REMOTE/" \
/usr/share/openvpn-server/config-templates/ovpn-generic-client.conf \
> ${FILEBASE}.ovpn
......
......@@ -40,6 +40,8 @@ sed "s/%%ORGNICK%%/$OVPN_ORGNICK/;
sed "s/%%ORGNICK%%/$OVPN_ORGNICK/;
s/%%USERNAME%%/$OVPN_COMMONNAME/;
s/%%PORT%%/$OVPN_PORT/;
s/%%PROTOCOL%%/$OVPN_PROTO/;
s/%%REMOTE%%/$OVPN_REMOTE/" \
/usr/share/openvpn-server/config-templates/ovpn-client.conf \
> ${FILEBASE}.ovpn
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment