-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvpn.startup
49 lines (37 loc) · 1.44 KB
/
vpn.startup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# STEP 1
cp -r /usr/share/easy-rsa /etc/openvpn/
cp /etc/openvpn/easy-rsa/vars.example /etc/openvpn/easy-rsa/vars
echo 'set_var KEY_COUNTRY "ITALY"' >> /etc/openvpn/easy-rsa/vars
echo 'set_var KEY_CITY "Bologna"' >> /etc/openvpn/easy-rsa/vars
echo 'set_var KEY_ORG "Ulisse"' >> /etc/openvpn/easy-rsa/vars
echo 'set_var KEY_EMAIL "[email protected]"' >> /etc/openvpn/easy-rsa/vars
echo 'set_var KEY_OU "OpenVPN"' >> /etc/openvpn/easy-rsa/vars
/etc/openvpn/easy-rsa/easyrsa init-pki
echo "EASY-RSA CA" | /etc/openvpn/easy-rsa/easyrsa build-ca nopass
echo "server" | /etc/openvpn/easy-rsa/easyrsa gen-req server nopass
echo "yes" | /etc/openvpn/easy-rsa/easyrsa sign-req server server
echo "client" | /etc/openvpn/easy-rsa/easyrsa gen-req client nopass
echo "yes" | /etc/openvpn/easy-rsa/easyrsa sign-req client client
# STEP 3
/etc/openvpn/easy-rsa/easyrsa gen-dh
# STEP 4
openvpn --genkey --secret ta.key
cp ta.key /etc/openvpn
# STEP 6
cp /pki/ca.crt /shared/
cp /pki/issued/client.crt /shared/
cp /pki/private/client.key /shared/
cp /etc/openvpn/ta.key /shared/
# STEP 8
cp /pki/ca.crt /etc/openvpn/
cp /pki/dh.pem /etc/openvpn/
cp /pki/issued/server.crt /etc/openvpn/
cp /pki/private/server.key /etc/openvpn/
# STEP 11
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -j ACCEPT
openvpn /etc/openvpn/server.conf
while [[ $(pgrep openvpn) -eq 0 ]]; do sleep 1; done