Created
June 18, 2020 23:05
-
-
Save m1k1o/fe3d65a44c6929a618894483d8f5911a to your computer and use it in GitHub Desktop.
Generate files for OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Source: https://wiki.archlinux.org/index.php/Easy-RSA | |
VER="3.0.7" | |
CA_NAME="EasyRSA CA" | |
# | |
# install easy-rsa | |
# | |
wget -O EasyRSA.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/v${VER}/EasyRSA-${VER}.tgz" | |
tar -xf EasyRSA.tgz | |
mv EasyRSA-*/ easy-rsa/ | |
rm -f EasyRSA.tgz | |
cd easy-rsa | |
# | |
# CA public certificate | |
# | |
# > pki/ca.crt | |
./easyrsa init-pki | |
echo "$CA_NAME" | ./easyrsa build-ca nopass | |
# | |
# Server certificate and private key | |
# | |
# > pki/reqs/server.req | |
# > private/server.key | |
echo | ./easyrsa gen-req server nopass | |
# | |
# Diffie-Hellman (DH) parameters file | |
# | |
# > dh.pem | |
openssl dhparam -out dh.pem 2048 | |
# | |
# Hash-based Message Authentication Code (HMAC) key | |
# | |
# > ta.key | |
openvpn --genkey --secret ta.key | |
# | |
# Client certificate and private key | |
# | |
# > pki/reqs/client.req | |
# > pki/private/client.key | |
echo | ./easyrsa gen-req client nopass | |
# | |
# Sign the certificates | |
# | |
# > pki/issued/server.crt | |
# > pki/issued/client.crt | |
echo "yes" | ./easyrsa sign-req server server | |
echo "yes" | ./easyrsa sign-req client client | |
# | |
# Copy files | |
# | |
mkdir -p openvpn/{server,client} | |
# CA public certificate | |
cp pki/ca.crt openvpn/server | |
cp pki/ca.crt openvpn/client | |
# Server public certificate & private key | |
cp pki/private/server.key openvpn/server | |
cp pki/issued/server.crt openvpn/server | |
# Client public certificate & private key | |
cp pki/private/client.key openvpn/client | |
cp pki/issued/client.crt openvpn/client | |
cp ta.key openvpn/server | |
cp ta.key openvpn/client | |
cp dh.pem openvpn/server |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment