Commit b06f8e70 authored by root's avatar root
Browse files
parents 683d921e 94a1d022
......@@ -9,6 +9,7 @@ comp-lzo
client
pkcs12 %%ORGNICK%%-%%USERNAME%%.p12
ns-cert-type server
cipher AES-256-CBC
pull
verb 4
......
......@@ -7,7 +7,7 @@ Standards-Version: 3.6.1
Package: openvpn-server
Architecture: all
Depends: openvpn, openssl, nsis (>= 2.06-4), zip, ucf, ${misc:Depends}, bc, cryptsetup, ifstat, bsd-mailx, sharutils, bash-completion
Depends: openvpn, openssl, nsis (>= 2.06-4), zip, ucf, ${misc:Depends}, bc, cryptsetup, ifstat, bsd-mailx, sharutils, bash-completion, at
Description: A system to assist the management of OpenVPN servers
Provides a simplified OpenVPN server configuration at installation time,
and a set of scripts to automatically create Windows and Linux client
......
......@@ -74,9 +74,9 @@ if [ ! -f /var/lib/openvpn-server/openssl/ca.key ]; then
echo " done."
fi
if [ ! -f /etc/openvpn-server/dh2048.pem ]; then
if [ ! -f /etc/openvpn-server/dh4096.pem ]; then
echo -n "Generating dhparams (may take a while)..."
openssl dhparam -out /etc/openvpn-server/dh2048.pem 2048 >/tmp/ovpns-install.log 2>&1
openssl dhparam -out /etc/openvpn-server/dh4096.pem 4096 >/tmp/ovpns-install.log 2>&1
echo " done."
fi
......@@ -141,6 +141,7 @@ OVPN_ORGNICK="$ORGNICK"
OVPN_ORGNAME="$KEY_ORGANISATION"
OVPN_REMOTE="$SERVERADDR"
FIREWALLED=no
ALLOCATEIP=yes
EOF
md5sum $TMPCONF/config.sh >$TMPCONF/config.sh.md5sum
......@@ -168,9 +169,11 @@ port 1194
proto udp
dev tun
dh /etc/openvpn-server/dh2048.pem
dh /etc/openvpn-server/dh4096.pem
pkcs12 /etc/openvpn-server/$ORGNICK-server.p12
crl-verify /etc/openvpn-server/ca.crl
cipher AES-256-CBC
client-config-dir /etc/openvpn/ccd
$SERVERLINE
......@@ -197,6 +200,9 @@ verb 1
mute 5
EOF
# Make the ccd dir
mkdir -p /etc/openvpn/ccd
# To trick ucf a bit and hopefully reduce the amount of gratuitous
# question-asking, we need to generate the md5sum of a sever config file
# that looks like the one generated by pre-0.3.0 versions of openvpn-server.
......
......@@ -25,6 +25,7 @@ if [ "$1" = "purge" ]; then
rmdir --ignore-fail-on-non-empty /var/lib/openvpn-server/openssl >/dev/null 2>&1 || true
rmdir --ignore-fail-on-non-empty /var/lib/openvpn-server/openvpn >/dev/null 2>&1 || true
rmdir --ignore-fail-on-non-empty /var/lib/openvpn-server >/dev/null 2>&1 || true
rmdir --ignore-fail-on-non-empty /etc/openvpn/ccd >/dev/null 2>&1 || true
fi
##DEBHELPER##
......@@ -28,6 +28,20 @@ function ask_key_questions
read -p "Users E-mail address for certificate: " OVPN_EMAIL
}
function allocate_ip {
if [ -z $ALLOCATEIP ]; then
read -p "Do you want to allocate a static VPN IP to the client for firewalling? (y/n)" ALLOCATEIP
fi
if [ "$ALLOCATEIP" = "yes" ]; then
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
fi
}
# make_pkcs12
# Generate a PKCS12 certificate bundle from the given
# parameters, and utilising the openvpn-server generated default files (CA,
......@@ -144,8 +158,7 @@ y" | \
#
function get_current_certificates () {
echo "Index User <email address>"
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "/" $5}' | sed "s/[a-Z]*=//g" | awk -F "/" '{print $1 "\t" $6 " <" $7 ">"}'
grep ^V /var/lib/openvpn-server/openssl/index.txt | awk '{print $3 "--/--" $6, $7, $8, $9}' | sed -e "s|--/--[a-Z/ 0-9]*=|/|g" -e 's/[[:space:]]*$//' -e 's/emailAddress=//g' | awk -F "/" 'BEGIN {format = "%-6s %-35s %-45s \n" ; printf format, "Index", "User", "Email Address" ; printf format, "-----", "----", "-------------"}{printf format, $1, $2, $3}'
}
......
......@@ -28,7 +28,12 @@ pushd $WORKDIR >/dev/null
mkdir -p DEBIAN etc/openvpn
ask_key_questions
if [ -z $1 ] || [ -z $2 ] ; then
ask_key_questions
else
OVPN_COMMONNAME=$1
OVPN_EMAIL=$2
fi
FILEBASE=`echo "${OVPN_ORGNICK}-${OVPN_COMMONNAME}"`
# deb files can only contain a-z and - so lets just fix the deb file, the name would need to be pretty screwed to fail or duplicate
......@@ -65,12 +70,4 @@ fi
rm -rf $WORKDIR
read -p "Do you want to allocate a static VPN IP to the client for firewalling? (y/n)" ALLOCATEIPYN
if [ "$ALLOCATEIPYN" = "y" ]
then
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
fi
allocate_ip()
......@@ -25,7 +25,12 @@ WORKDIR=$(mktemp -d)
pushd $WORKDIR >/dev/null
ask_key_questions
if [ -z $1 ] || [ -z $2 ] ; then
ask_key_questions
else
OVPN_COMMONNAME=$1
OVPN_EMAIL=$2
fi
FILEBASE="${OVPN_ORGNICK}-${OVPN_COMMONNAME}"
......@@ -61,9 +66,11 @@ fi
rm -rf $WORKDIR
read -p "Do you want to email this .ovpn file now (y/n)" EMAIL
if [ "$EMAIL" = "y" ]
then
if [ -z $1 ]; then
read -p "Do you want to email this .ovpn file now (y/n)" EMAIL
fi
if [ "$EMAIL" = "y" ]; then
read -p "Users E-mail address to send .ovpn file: " EMAILADDRESS
......@@ -76,19 +83,11 @@ then
#https://itunes.apple.com/us/app/openvpn-connect/id590379981
#EOM
uuencode $OVPNFILE $OVPNFILE | bsd-mailx -s 'OpenVPN Client' $EMAILADDRESS
uuencode $OVPNFILE $OVPNFILE | bsd-mailx -s "OpenVPN Client $OVPN_COMMONNAME" $EMAILADDRESS
else
echo -n
fi
read -p "Do you want to allocate a static VPN IP to the client for firewalling? (y/n)" ALLOCATEIPYN
if [ "$ALLOCATEIPYN" = "y" ]
then
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
fi
allocate_ip()
echo "Your OpenVPN config file is $OVPNFILE"
......@@ -22,7 +22,12 @@ WORKDIR=$(mktemp -d)
pushd $WORKDIR >/dev/null
ask_key_questions
if [ -z $1 ] || [ -z $2 ] ; then
ask_key_questions
else
OVPN_COMMONNAME=$1
OVPN_EMAIL=$2
fi
FILEBASE="${OVPN_ORGNICK}-${OVPN_COMMONNAME}"
......@@ -53,15 +58,6 @@ fi
rm -rf $WORKDIR
#/usr/lib/openvpn-server/ovs-commands/umount-ca-store
read -p "Do you want to allocate a static VPN IP to the client for firewalling? (y/n)" ALLOCATEIPYN
if [ "$ALLOCATEIPYN" = "y" ]
then
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
fi
allocate_ip()
......@@ -25,7 +25,12 @@ WORKDIR=$(mktemp -d)
pushd $WORKDIR >/dev/null
ask_key_questions
if [ -z $1 ] || [ -z $2 ] ; then
ask_key_questions
else
OVPN_COMMONNAME=$1
OVPN_EMAIL=$2
fi
FILEBASE="${OVPN_ORGNICK}-${OVPN_COMMONNAME}"
......@@ -46,14 +51,6 @@ fi
rm -rf $WORKDIR
read -p "Do you want to allocate a static VPN IP to the client for firewalling? (y/n)" ALLOCATEIPYN
if [ "$ALLOCATEIPYN" = "y" ]
then
export $OVPN_ORGNICK
/usr/lib/openvpn-server/ovs-commands/make-static-ip $OVPN_COMMONNAME
else
echo -n
fi
allocate_ip()
echo "Your OpenVPN config files are in openvpn-${FILEBASE}.zip"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment