Created
October 27, 2021 10:57
-
-
Save velotiotech/1e2c38de1784238987ff0e8fea6376eb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#switch to easy-rsa directory | |
cd ~/easy-rsa/easyrsa3 | |
#copy vars.example to vars | |
cp vars.example vars | |
#Find below variables in "vars" file and edit them according to your needs | |
set_var EASYRSA_REQ_COUNTRY "US" | |
set_var EASYRSA_REQ_PROVINCE "California" | |
set_var EASYRSA_REQ_CITY "San Francisco" | |
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" | |
set_var EASYRSA_REQ_EMAIL "me@example.net" | |
set_var EASYRSA_REQ_OU "My Organizational Unit" | |
#Also edit below two variables if you plan to run easyrsa in non-interactive mode | |
# EASYRSA_REQ_CN should be set to your ElasticIP Address. | |
# Note: If your are using openvpn behind a load balancer, or if you plan to map DNS to your server, then this should be set to your DNS name | |
set_var EASYRSA_REQ_CN "Your Instance Elastic IP" | |
set_var EASYRSA_BATCH "NONEMPTY" | |
#==================================================== | |
#Generate certificate and keys for server and client | |
./easyrsa init-pki | |
./easyrsa build-ca nopass | |
./easyrsa gen-dh | |
./easyrsa build-server-full server nopass | |
./easyrsa build-client-full client nopass | |
#Copy certificates and keys to server configuration | |
cp -p ./pki/ca.crt /etc/openvpn/ | |
cp -p ./pki/issued/server.crt /etc/openvpn/ | |
cp -p ./pki/private/server.key /etc/openvpn/ | |
cp -p ./pki/dh.pem /etc/openvpn/dh2049.pem | |
cd /etc/openvpn | |
openvpn --genkey --secret myvpn.tlsauth | |
echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf | |
sysctl -p |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment