Add Configuration file 'install_openvpn.conf.sample[H' for installation script.
This commit is contained in:
parent
8da0813954
commit
2a3381a45d
48
conf/install_openvpn.conf.sample
Normal file
48
conf/install_openvpn.conf.sample
Normal file
@ -0,0 +1,48 @@
|
||||
## - Configuration/Initialization OpenVPN
|
||||
## -
|
||||
|
||||
# ====================
|
||||
# - Some Parameter Settings for using this installation howto
|
||||
# ====================
|
||||
|
||||
# ---
|
||||
# - Parameters OpenVPN Configuration / KEY Creation
|
||||
# ---
|
||||
|
||||
OPENVPN_BASE_DIR=/etc/openvpn
|
||||
EASY_RSA_DIR=${OPENVPN_BASE_DIR}/easy-rsa
|
||||
|
||||
# - (3*365+366)*8 = 11688 = 32 Jahre
|
||||
CA_EXPIRE=11688
|
||||
# - (3*365+366)*5 = 7305 = 20 Jahre
|
||||
KEY_EXPIRE=7305
|
||||
|
||||
KEY_COUNTRY="DE"
|
||||
KEY_PROVINCE="Berlin"
|
||||
KEY_CITY="Berlin"
|
||||
KEY_ORG="O.OPEN"
|
||||
KEY_EMAIL="ckubu-adm\@oopen.de"
|
||||
KEY_OU="Network Services"
|
||||
|
||||
KEY_NAME="VPN B3"
|
||||
KEY_CN="VPN-B3"
|
||||
|
||||
KEY_ALTNAMES="VPN B3"
|
||||
|
||||
|
||||
# ---
|
||||
# - Parameters for Server Configurations ( server-home.conf / server-gw-ckubu.conf)
|
||||
# ---
|
||||
|
||||
SERVER_PORT_HOME=1194
|
||||
OPENVPN_NETWORK_HOME="10.0.42.0"
|
||||
CCD_HOME="/etc/openvpn/ccd/server-home"
|
||||
|
||||
SERVER_PORT_GW_CKUBU=1195
|
||||
OPENVPN_NETWORK_GW_CKUBU="10.1.42.0"
|
||||
IPV4_OPENVPN_GW_CKUBU="10.1.42.1"
|
||||
CCD_GW_CKUBU="/etc/openvpn/ccd/server-gw-ckubu"
|
||||
|
||||
MAIN_NETWORK=192.168.42.0
|
||||
DNS_SERVER=192.168.42.1
|
||||
DOMAIN=b3-bornim.netz
|
||||
@ -198,7 +198,7 @@ fi
|
||||
# - Make the package included scripts available in directory
|
||||
# - "/etc/openvpn/easy-rsa"
|
||||
# -
|
||||
echononl " Backup directory '/etc/openvpn/easy-rsa'.."
|
||||
echononl " Backup directory '${EASY_RSA_DIR}'.."
|
||||
if [[ -d "$EASY_RSA_DIR" ]]; then
|
||||
mv $EASY_RSA_DIR ${EASY_RSA_DIR}.$_date > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@ -210,7 +210,7 @@ if [[ -d "$EASY_RSA_DIR" ]]; then
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
echononl " Create directory '/etc/openvpn/easy-rsa'.."
|
||||
echononl " Create directory '${EASY_RSA_DIR}'.."
|
||||
/usr/bin/make-cadir $EASY_RSA_DIR > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
@ -351,6 +351,8 @@ fi
|
||||
# - export EASY_RSA=\$BASE_DIR/easy_rsa
|
||||
# - export KEY_DIR=\$BASE_DIR/keys
|
||||
# -
|
||||
# - export KEY_SIZE=$KEY_SIZE
|
||||
# -
|
||||
# - # root CA expires in 30 years (= 10950 days)
|
||||
# - export CA_EXPIRE=$CA_EXPIRE
|
||||
# -
|
||||
@ -381,6 +383,11 @@ if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
|
||||
perl -i -n -p -e "s/^(\s*#*\s*export\s+KEY_SIZE=.*)/##\1\nexport KEY_SIZE=$KEY_SIZE/" ${EASY_RSA_DIR}/vars > "$log_file"
|
||||
2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
_failed=true
|
||||
fi
|
||||
perl -i -n -p -e "s/^(\s*#*\s*export\s+CA_EXPIRE=.*)/##\1\nexport CA_EXPIRE=$CA_EXPIRE/" ${EASY_RSA_DIR}/vars > "$log_file"
|
||||
2>&1
|
||||
if [[ $? -ne 0 ]]; then
|
||||
@ -550,7 +557,7 @@ echo ""
|
||||
# - to help block DoS attacks and UDP port flooding.
|
||||
# -
|
||||
echononl " Create 'ta.key' for additional security"
|
||||
openvpn --genkey --secret $OPENVPN_BASE_DIR/keys/ta.key > "$log_file" 2>&1
|
||||
openvpn --genkey --secret ${OPENVPN_BASE_DIR}/keys/ta.key > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -707,16 +714,16 @@ dev tun
|
||||
# Any X509 key management system can be used.
|
||||
# OpenVPN can also use a PKCS #12 formatted key file
|
||||
# (see "pkcs12" directive in man page).
|
||||
ca keys/ca.crt
|
||||
cert keys/server.crt
|
||||
key keys/server.key # This file should be kept secret
|
||||
ca ${OPENVPN_BASE_DIR}/keys/ca.crt
|
||||
cert ${OPENVPN_BASE_DIR}/keys/server.crt
|
||||
key ${OPENVPN_BASE_DIR}/keys/server.key # This file should be kept secret
|
||||
|
||||
# Diffie hellman parameters.
|
||||
# Generate your own with:
|
||||
# openssl dhparam -out dh1024.pem 1024
|
||||
# Substitute 2048 for 1024 if you are using
|
||||
# 2048 bit keys.
|
||||
dh keys/dh2048.pem
|
||||
dh ${OPENVPN_BASE_DIR}/keys/dh2048.pem
|
||||
|
||||
# Configure server mode and supply a VPN subnet
|
||||
# for OpenVPN to draw client addresses from.
|
||||
@ -872,7 +879,7 @@ keepalive 10 120
|
||||
# The second parameter should be '0'
|
||||
# on the server and '1' on the clients.
|
||||
;tls-auth ta.key 0 # This file is secret
|
||||
tls-auth keys/ta.key 0
|
||||
tls-auth ${OPENVPN_BASE_DIR}/keys/ta.key 0
|
||||
|
||||
# Select a cryptographic cipher.
|
||||
# This config item must be copied to
|
||||
@ -936,8 +943,8 @@ verb 4
|
||||
# category will be output to the log.
|
||||
;mute 20
|
||||
|
||||
#crl-verify /etc/openvpn/keys/crl.pem
|
||||
crl-verify /etc/openvpn/crl.pem
|
||||
# CRL (certificate revocation list) verification
|
||||
crl-verify ${OPENVPN_BASE_DIR}/crl.pem
|
||||
|
||||
EOF
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user