| Jesse Andrews | 2969c70 | 2011-09-24 12:31:57 -0700 | [diff] [blame^] | 1 | # rough history from wilk - need to cleanup |
| 2 | apt-get install -y openvpn bridge-utils |
| 3 | cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/ |
| 4 | cd /etc/openvpn/easy-rsa |
| 5 | source vars |
| 6 | ./clean-all |
| 7 | ./build-dh |
| 8 | ./pkitool --initca |
| 9 | ./pkitool --server server |
| 10 | ./pkitool client1 |
| 11 | cd keys |
| 12 | openvpn --genkey --secret ta.key ## Build a TLS key |
| 13 | cp server.crt server.key ca.crt dh1024.pem ta.key ../../ |
| 14 | cd ../../ |
| 15 | |
| 16 | cat >/etc/openvpn/server.conf <<EOF |
| 17 | duplicate-cn |
| 18 | port 6081 |
| 19 | proto tcp |
| 20 | dev tun |
| 21 | ca ca.crt |
| 22 | cert server.crt |
| 23 | key server.key # This file should be kept secret |
| 24 | dh dh1024.pem |
| 25 | server 172.16.28.0 255.255.255.0 |
| 26 | ifconfig-pool-persist ipp.txt |
| 27 | push "route 10.0.0.0 255.255.255.224" |
| 28 | comp-lzo |
| 29 | persist-key |
| 30 | persist-tun |
| 31 | status openvpn-status.log |
| 32 | EOF |
| 33 | /etc/init.d/openvpn restart |
| 34 | |
| 35 | echo Use the following ca for your client: |
| 36 | cat /etc/openvpn/ca.crt |
| 37 | |
| 38 | echo |
| 39 | echo Use the following cert for your client |
| 40 | cat /etc/openvpn/easy-rsa/keys/client1.crt |
| 41 | echo |
| 42 | echo Use the following key for your client |
| 43 | cat /etc/openvpn/easy-rsa/keys/client1.key |
| 44 | echo |
| 45 | echo Use the following client config: |
| 46 | cat <<EOF |
| 47 | ca ca.crt |
| 48 | cert client.crt |
| 49 | key client.key |
| 50 | client |
| 51 | dev tun |
| 52 | proto tcp |
| 53 | remote 50.56.12.212 6081 |
| 54 | resolv-retry infinite |
| 55 | nobind |
| 56 | persist-key |
| 57 | persist-tun |
| 58 | comp-lzo |
| 59 | verb 3 |
| 60 | EOF |