-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcreate-openvpnserver-rsa3
More file actions
137 lines (100 loc) · 3.46 KB
/
create-openvpnserver-rsa3
File metadata and controls
137 lines (100 loc) · 3.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/bash
######################
## GLOBAL VARIABLES ##
######################
rsatar=https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
ovpnfolder=/etc/openvpn/easyrsa3
rsa=/etc/openvpn/easyrsa3/easyrsa
pki=/etc/openvpn/easyrsa3/pki
loginstall=install.log
###############
## FUNCTIONS ##
###############
## folderovpn - Validate if the folder exists, if not it creates and copies the contents of rsa3 to the folder inside openvpn
## folderovpn - Validar se existe a pasta , se não existe ele cria e copia o conteudo da rsa3 para a pasta dentro da openvpn
##
## createvars - It will create the vars file from the information passed on by the user such as: id, province, city, organization name and email for support
## createvars - Ele vai criar o arquivo vars a partir das informações repassadas pelo usuário como: id,provincia,cidade,nome da organização e email para suporte
##
## process - Validate that the vars folder and file exist, if they exist skips the process and if they do not, create the vars folder and file
## process - Validar se a pasta e o arquivo vars existem , se existirem pula o processo e caso não existam criam a pasta e o arquivo vars
folderovpn(){
cd /etc/openvpn
wget $rsatar -O easyrsa3.tgz
tar -zxvf easyrsa3.tgz
mv EasyRSA-3.0.8 easyrsa3
chown -R root:root easyrsa3
}
createvars(){
echo "Inform the Country ID. Examplo BR"
read id
echo "Inform the Province"
read province
echo "Inform the City"
read city
echo "Organization name"
read orgname
echo "Support Email"
read emailsup
cat <<EOF > $ovpnfolder/vars
set_var EASYRSA "$PWD"
set_var EASYRSA_PKI "$ovpnfolder/pki"
set_var EASYRSA_DN "cn_only"
set_var EASYRSA_REQ_COUNTRY "$id"
set_var EASYRSA_REQ_PROVINCE "$province"
set_var EASYRSA_REQ_CITY "$city"
set_var EASYRSA_REQ_ORG "$orgname CERTIFICATE AUTHORITY"
set_var EASYRSA_REQ_EMAIL "$emailsup"
set_var EASYRSA_REQ_OU "$orgname EASY CA"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 7500
set_var EASYRSA_CERT_EXPIRE 3650
set_var EASYRSA_NS_SUPPORT "no"
set_var EASYRSA_NS_COMMENT "$orgname CERTIFICATE AUTHORITY"
set_var EASYRSA_EXT_DIR "$ovpnfolder/x509-types"
set_var EASYRSA_SSL_CONF "$ovpnfolder/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"
EOF
chmod +x $ovpnfolder/vars
}
serverfiles(){
$rsa init-pki
$rsa build-ca nopass
$rsa gen-dh
$rsa gen-crl
cp $ovpnfolder/openssl-easyrsa.cnf $ovpnfolder/pki/safessl-easyrsa.cnf
}
serverconf(){
echo "Enter the name of the ovpn server and client. Example nomecliente-local"
read clientname
$rsa gen-req server-$clientname nopass
$rsa sign-req server server-$clientname
openssl verify -CAfile $pki/ca.crt $pki/issued/server-$clientname.crt
$rsa gen-req client-$clientname nopass
$rsa sign-req client client-$clientname
openssl verify -CAfile $pki/ca.crt $pki/issued/client-$clientname.crt
}
process() {
if [ -d "$ovpnfolder" ]; then
echo -e "Directory '$ovpnfolder' already exists \n" >> $loginstall
else
folderovpn
fi
if [ -f "$ovpnfolder/vars" ]; then
echo -e "File '$ovpnfolder/vars' already exists \n" >> $loginstall
else
createvars
fi
}
## PRE-REQUISITS ##
yum install epel-release wget tar -y > $loginstall
echo >> $loginstall
## INSTALL ##
yum install openvpn -y >> $loginstall
echo >> $loginstall
## PROCESS ##
process
## SERVER ##
serverfiles
serverconf