1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto
mkdir -p /etc/openvpn/server
cd /etc/openvpn/server
if [ -z "$2" ]; then
echo "Caranya: $0 <nama-server> <network>"
echo "Contoh: $0 vpn-server 10.8.41.0"
exit 0
fi
HOSTNAME=$1
NETWORK=$2
if [ ! -d easy-rsa ]; then
if [ ! -f /usr/bin/git ]; then
apt-get install git
fi
git clone https://github.com/OpenVPN/easy-rsa --depth=1
fi
cp -r easy-rsa/easyrsa3 easyrsa3-ca
cd easyrsa3-ca
echo "Current directory "`pwd`
./easyrsa init-pki || exit 1
sed -e 's/^#set_var EASYRSA_CA_EXPIRE/set_var EASYRSA_CA_EXPIRE/g' /usr/share/easy-rsa/vars.example > /tmp/vars || exit 1
sed -e 's/^#set_var EASYRSA_CERT_EXPIRE\t825/set_var EASYRSA_CERT_EXPIRE\t3650/g' /tmp/vars > pki/vars || exit 1
./easyrsa build-ca || exit 1
cd ..
echo "Current directory "`pwd`
cp -r easy-rsa/easyrsa3 easyrsa3-server
cd easyrsa3-server
echo "Current directory "`pwd`
./easyrsa init-pki || exit 1
sed -e 's/^#set_var EASYRSA_CA_EXPIRE/set_var EASYRSA_CA_EXPIRE/g' /usr/share/easy-rsa/vars.example > /tmp/vars || exit 1
sed -e 's/^#set_var EASYRSA_CERT_EXPIRE\t825/set_var EASYRSA_CERT_EXPIRE\t3650/g' /tmp/vars > pki/vars || exit 1
./easyrsa gen-req $HOSTNAME nopass || exit 1
cd ..
echo "Current directory "`pwd`
cd easyrsa3-ca
echo "Current directory "`pwd`
./easyrsa import-req ../easyrsa3-server/pki/reqs/$HOSTNAME.req $HOSTNAME || exit 1
./easyrsa sign server $HOSTNAME || exit 1
./easyrsa gen-dh || exit 1
cd ..
echo "Current directory "`pwd`
cp -va easyrsa3-ca/pki/ca.crt .
cp -va easyrsa3-ca/pki/issued/$HOSTNAME.crt server.crt
cp -va easyrsa3-ca/pki/dh.pem .
cp -va easyrsa3-server/pki/private/$HOSTNAME.key server.key
# http://stackoverflow.com/questions/3368955/how-to-make-a-line-as-a-comment-in-sed
if [ -f server.conf ]; then
exit 0
fi
if [ -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
cp -v /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz .
gunzip server.conf.gz
else
cp -v /usr/share/doc/openvpn/examples/sample-config-files/server.conf . || exit 1
fi
sed '/^proto udp/s/^/;/' server.conf > server.conf.tmp
sed -e 's/^;proto tcp/proto tcp/g' server.conf.tmp > server.conf
sed '/^dev tap/s/^/;/' server.conf > server.conf.tmp
sed -e 's/^;dev tun/dev tun/g' server.conf.tmp > server.conf
sed -e 's/^dh dh2048.pem/dh dh.pem/g' server.conf > server.conf.tmp
sed -e 's/^server 10.8.0.0/server '$NETWORK' /g' server.conf.tmp > server.conf
sed -e 's/^;client-to-client/client-to-client/g' server.conf > server.conf.tmp
sed '/^explicit-exit-notify/s/^/;/' server.conf.tmp > server.conf
sed '/^tls-auth ta.key 0/s/^/;/' server.conf > server.conf.tmp
mv server.conf.tmp server.conf
cd /etc/openvpn
ln -s server/dh.pem
ln -s server/ca.crt
ln -s server/server.key
ln -s server/server.crt
ln -s server/server.conf