added support for tls key

2015-11-28 18:39:55 +01:00 · 2015-11-28 18:39:55 +01:00 · 095ebee8c3
commit 095ebee8c3
parent e58addc2c5
1 changed files with 14 additions and 9 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -50,6 +50,9 @@ newclient () {
 	echo "<key>" >> ~/$1.ovpn
 	cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
 	echo "</key>" >> ~/$1.ovpn
+	echo "<tls-auth>" >> ~/$1.ovpn
+	cat /etc/openvpn/easy-rsa/ta.key >> ~/$1.ovpn
+	echo "</tls-auth>"
 }


@ -216,8 +219,9 @@ else
 	./easyrsa build-server-full server nopass
 	./easyrsa build-client-full $CLIENT nopass
 	./easyrsa gen-crl
+	openvpn --genkey --secret ta.key
 	# Move the stuff we need
-	cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn
+	cp ta.key pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn
 	# Generate server.conf
 	echo "port $PORT
 proto udp
@ -230,7 +234,8 @@ key server.key
 dh dh.pem
 topology subnet
 server 10.8.0.0 255.255.255.0
-ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
+ifconfig-pool-persist ipp.txt
+tls-auth ta.key 0" > /etc/openvpn/server.conf
 	echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
 	# DNS
 	case $DNS in