zdt-openvpn/bin/ovpn_create_server

#!/bin/bash

#
# Initialize the EasyRSA PKI
#

if [ "$DEBUG" == "1" ]; then
  set -x
else
  exec 2> /dev/null
fi

set -e

# these might get lost if empty syncing to object storage
mkdir -p $OPENVPN/pki/reqs $OPENVPN/pki/issued $OPENVPN/pki/certs_by_serial $OPENVPN/otp $OPENVPN/ccd
touch $OPENVPN/otp/_empty $OPENVPN/ccd/_empty

# Finally generate server cert
easyrsa build-server-full "$1" nopass

# write server FQDN
echo "$1" > $OPENVPN/server

# static server config
cat <<EOF > $OPENVPN/openvpn.conf
port 1194
proto udp
dev tun
topology subnet
cipher AES-256-GCM

keepalive 10 120

user nobody
group nogroup

persist-key
persist-tun

status /var/run/openvpn-status.log
status-version 3
verb 3

verify-client-cert require
reneg-sec 0

plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login USERNAME password snafu pin PASSWORD"
#plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD pin OTP"
#auth-user-pass-optional

ifconfig-pool-persist ipp.txt

ca /etc/openvpn/ca.crt
dh /etc/openvpn/dh.pem
crl-verify /etc/openvpn/crl.pem
tls-auth /etc/openvpn/ta.key

# Include local config last
config /etc/openvpn/local.conf
EOF
feat: first working release of ZDT OpenVPN 2022-07-07 12:44:39 +00:00			`#!/bin/bash`

			`#`
			`# Initialize the EasyRSA PKI`
			`#`

			`if [ "$DEBUG" == "1" ]; then`
			`set -x`
fix: minor tweaks, first trial of arm64 support 2022-10-11 12:59:40 +00:00			`else`
			`exec 2> /dev/null`
feat: first working release of ZDT OpenVPN 2022-07-07 12:44:39 +00:00			`fi`

			`set -e`

			`# these might get lost if empty syncing to object storage`
			`mkdir -p $OPENVPN/pki/reqs $OPENVPN/pki/issued $OPENVPN/pki/certs_by_serial $OPENVPN/otp $OPENVPN/ccd`
			`touch $OPENVPN/otp/_empty $OPENVPN/ccd/_empty`

			`# Finally generate server cert`
			`easyrsa build-server-full "$1" nopass`

			`# write server FQDN`
			`echo "$1" > $OPENVPN/server`

			`# static server config`
			`cat <<EOF > $OPENVPN/openvpn.conf`
			`port 1194`
			`proto udp`
			`dev tun`
			`topology subnet`
			`cipher AES-256-GCM`

			`keepalive 10 120`

			`user nobody`
			`group nogroup`

			`persist-key`
			`persist-tun`

			`status /var/run/openvpn-status.log`
			`status-version 3`
			`verb 3`

			`verify-client-cert require`
			`reneg-sec 0`

			`plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login USERNAME password snafu pin PASSWORD"`
			`#plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD pin OTP"`
			`#auth-user-pass-optional`

			`ifconfig-pool-persist ipp.txt`

			`ca /etc/openvpn/ca.crt`
			`dh /etc/openvpn/dh.pem`
			`crl-verify /etc/openvpn/crl.pem`
			`tls-auth /etc/openvpn/ta.key`

			`# Include local config last`
			`config /etc/openvpn/local.conf`
			`EOF`