Can't recognize changes - hopefuly they are useful.
This commit is contained in:
parent
b0c63a4385
commit
3f3d8449dd
2988
OLD/install_openvpn.sh
Executable file
2988
OLD/install_openvpn.sh
Executable file
File diff suppressed because it is too large
Load Diff
@ -78,6 +78,12 @@ info (){
|
||||
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
|
||||
echo ""
|
||||
}
|
||||
|
||||
print_command () {
|
||||
echo ""
|
||||
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
|
||||
echo ""
|
||||
}
|
||||
echo_done() {
|
||||
echo -e "\033[80G[ \033[32mdone\033[m ]"
|
||||
}
|
||||
@ -397,7 +403,7 @@ read ok
|
||||
echo ""
|
||||
|
||||
if $EASYRSA_LAYOUT_NEW ; then
|
||||
${EASY_RSA_DIR}/easyrsa build-client-full ${_CLIENT_CN}
|
||||
${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-client-full ${_CLIENT_CN}
|
||||
else
|
||||
${EASY_RSA_DIR}/build-key-pass ${NEW_KEY_NAME}
|
||||
fi
|
||||
@ -405,12 +411,23 @@ if [[ $? -eq 0 ]] ; then
|
||||
info "Building key '${NEW_KEY_NAME}.key' was successfully."
|
||||
else
|
||||
error "Building key '${NEW_KEY_NAME}.key' failed!"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" init-pki"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echononl "Type <return> to continue: "
|
||||
read ok
|
||||
echo ""
|
||||
#echo ""
|
||||
#echononl "Type <return> to continue: "
|
||||
#read ok
|
||||
#echo ""
|
||||
|
||||
echononl " Add new key credentials to file ${OPENVPN_BASE_DIR}/keys-created.txt"
|
||||
cat << EOF >> ${OPENVPN_BASE_DIR}/keys-created.txt
|
||||
@ -723,7 +740,8 @@ else
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
blank_line
|
||||
if $_copy_to_user_home_dir ; then
|
||||
_home_dir=$(eval echo "~$user_name")
|
||||
_target_dir="${_home_dir}/VPN/${_CLIENT_CN}"
|
||||
|
||||
@ -143,6 +143,12 @@ info (){
|
||||
echo ""
|
||||
}
|
||||
|
||||
print_command () {
|
||||
echo ""
|
||||
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
|
||||
echo ""
|
||||
}
|
||||
|
||||
echo_done() {
|
||||
echo -e "\033[80G[ \033[32mdone\033[m ]"
|
||||
}
|
||||
@ -1559,7 +1565,50 @@ if [[ "$OK" != "YES" ]] ; then
|
||||
fatal "Abort by user request - Answer as not 'YES'"
|
||||
fi
|
||||
|
||||
|
||||
#cat <<EOF
|
||||
#
|
||||
#OPENVPN_SERVER="$OPENVPN_SERVER"
|
||||
#SERVER_PORT="$SERVER_PORT"
|
||||
#
|
||||
#ORG_SHORTCUT="$ORG_SHORTCUT"
|
||||
#
|
||||
#OPENVPN_NAME="$OPENVPN_NAME"
|
||||
#OPENVPN_BASE_DIR="$OPENVPN_BASE_DIR"
|
||||
#EASY_RSA_DIR="$EASY_RSA_DIR"
|
||||
#OPENVPN_KEY_DIR="$OPENVPN_KEY_DIR"
|
||||
#OPENVPN_CCD_DIR="$OPENVPN_CCD_DIR"
|
||||
#
|
||||
#CA_EXPIRE="$CA_EXPIRE"
|
||||
#CERT_EXPIRE="$CERT_EXPIRE"
|
||||
#KEY_SIZE=$KEY_SIZE
|
||||
#
|
||||
#KEY_COUNTRY="$KEY_COUNTRY"
|
||||
#KEY_COUNTRY="$KEY_PROVINCE"
|
||||
#KEY_CITY="$KEY_CITY"
|
||||
#KEY_ORG="$KEY_ORG"
|
||||
#KEY_EMAIL="$KEY_EMAIL"
|
||||
#KEY_OU="$KEY_OU"
|
||||
#
|
||||
#KEY_CN="$KEY_CN"
|
||||
#KEY_ALTNAMES="$KEY_ALTNAMES"
|
||||
#
|
||||
#OPENVPN_NETWORK="$OPENVPN_NETWORK"
|
||||
#
|
||||
#OPENVPN_SERVER_IP="$OPENVPN_SERVER_IP"
|
||||
#
|
||||
#SERVER_CIPHER="$SERVER_CIPHER"
|
||||
#
|
||||
#LZO_COMPRESSION="$LZO_COMPRESSION"
|
||||
#
|
||||
#REMOTE_NETWORK_ARR=${REMOTE_NETWORK_ARR[@]}
|
||||
#
|
||||
#DNS_SERVER="$DNS_SERVER"
|
||||
#
|
||||
#SEARCH_DOMAINS_ARR=${SEARCH_DOMAINS_ARR[@]}
|
||||
#
|
||||
#LOCAL_NETWORK_ARR=${LOCAL_NETWORK_ARR[@]}
|
||||
#
|
||||
#EOF
|
||||
|
||||
#---------------------------------------
|
||||
#-----------------------------
|
||||
@ -2331,12 +2380,23 @@ else
|
||||
# - Removes & re-initializes the PKI dir for a clean PKI
|
||||
# -
|
||||
echononl " Initialise PKI Directory"
|
||||
${EASY_RSA_DIR}/easyrsa init-pki > "$log_file" 2>&1
|
||||
${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" init-pki > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" init-pki"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
fi
|
||||
|
||||
fi
|
||||
@ -2348,13 +2408,25 @@ echononl " Create Root CA.."
|
||||
if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
|
||||
printf "\n\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/build-ca > "$log_file" 2>&1
|
||||
else
|
||||
printf "\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/easyrsa build-ca nopass > "$log_file" 2>&1
|
||||
printf "\n\n\n\n\n\n\n" | ${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-ca nopass > "$log_file" 2>&1
|
||||
fi
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" build-ca nopass"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
|
||||
fi
|
||||
|
||||
|
||||
@ -2380,7 +2452,7 @@ else
|
||||
if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
|
||||
cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1
|
||||
else
|
||||
#${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
|
||||
#${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars gen-dh > "$log_file" 2>&1
|
||||
openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1
|
||||
fi
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
@ -2388,6 +2460,18 @@ else
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "openssl dhparam -dsaparam -out \"${OPENVPN_KEY_DIR}/dh.pem\" ${KEY_SIZE}"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
|
||||
fi
|
||||
_DH_KEY="${OPENVPN_KEY_DIR}/dh.pem"
|
||||
fi
|
||||
@ -2432,12 +2516,24 @@ else
|
||||
# - nopass - do not encrypt the private key (default is encrypted)
|
||||
# -
|
||||
echononl " Generate server keypair '${KEY_CN}-server'.."
|
||||
${EASY_RSA_DIR}/easyrsa build-server-full "${KEY_CN}-server" nopass > "$log_file" 2>&1
|
||||
${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" build-server-full "${KEY_CN}-server" nopass > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" build-server-full \"${KEY_CN}-server\" nopass"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
|
||||
fi
|
||||
_SERVER_KEY="${OPENVPN_KEY_DIR}/private/${KEY_CN}-server.key"
|
||||
_SERVER_CERT="${OPENVPN_KEY_DIR}/issued//${KEY_CN}-server.crt"
|
||||
@ -2450,7 +2546,12 @@ fi
|
||||
# - to help block DoS attacks and UDP port flooding.
|
||||
# -
|
||||
echononl " Create 'ta.key' for additional security"
|
||||
openvpn --genkey --secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1
|
||||
if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 11 ]] ; then
|
||||
openvpn --genkey --secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1
|
||||
else
|
||||
openvpn --genkey secret ${OPENVPN_KEY_DIR}/ta.key > "$log_file" 2>&1
|
||||
fi
|
||||
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
@ -2471,12 +2572,23 @@ if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
|
||||
fi
|
||||
else
|
||||
echononl " Create CRL (Certificate Revokation List) '${OPENVPN_KEY_DIR}/crl.pem'.."
|
||||
${EASY_RSA_DIR}/easyrsa gen-crl > "$log_file" 2>&1
|
||||
${EASY_RSA_DIR}/easyrsa --vars="${EASY_RSA_DIR}/vars" gen-crl > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" "gen-crl
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -2896,6 +3008,7 @@ persist-tun
|
||||
persist-local-ip
|
||||
persist-remote-ip
|
||||
|
||||
|
||||
# Output a short status file showing
|
||||
# current connections, truncated
|
||||
# and rewritten every minute.
|
||||
|
||||
@ -83,6 +83,11 @@ info (){
|
||||
echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
|
||||
echo ""
|
||||
}
|
||||
print_command () {
|
||||
echo ""
|
||||
echo -e "\t\033[33m\033[1mCommand was\033[m: $*"
|
||||
echo ""
|
||||
}
|
||||
echo_done() {
|
||||
echo -e "\033[80G[ \033[32mdone\033[m ]"
|
||||
}
|
||||
@ -312,24 +317,48 @@ if $EASYRSA_LAYOUT_NEW ; then
|
||||
# - Revoke Key
|
||||
# ---
|
||||
echononl "Revoke key '$(basename "$_CLIENT_KEY")'.."
|
||||
$EASY_RSA_DIR/easyrsa revoke "$_CLIENT_CN" > "$log_file" 2>&1
|
||||
$EASY_RSA_DIR/easyrsa --vars="${EASY_RSA_DIR}/vars" revoke "$_CLIENT_CN" > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" revoke \"$_CLIENT_CN\""
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
|
||||
fi
|
||||
|
||||
# ---
|
||||
# - Generate new crl.pem
|
||||
# ---
|
||||
echononl "Generate new CRL (Certificate Revokation List) 'crl.pem'.."
|
||||
$EASY_RSA_DIR/easyrsa gen-crl > "$log_file" 2>&1
|
||||
$EASY_RSA_DIR/easyrsa --vars="${EASY_RSA_DIR}/vars" gen-crl > "$log_file" 2>&1
|
||||
if [[ $? -eq 0 ]] ; then
|
||||
echo_ok
|
||||
else
|
||||
echo_failed
|
||||
error "$(cat $log_file)"
|
||||
|
||||
print_command "${EASY_RSA_DIR}/easyrsa --vars=\"${EASY_RSA_DIR}/vars\" gen-crl"
|
||||
|
||||
echononl "continue anyway [yes/no]: "
|
||||
read OK
|
||||
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
|
||||
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
|
||||
echononl "Wrong entry! - repeat [yes/nno]: "
|
||||
read OK
|
||||
done
|
||||
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
|
||||
|
||||
fi
|
||||
|
||||
else
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user