Patch/openvpn-install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update EasyRSA-3.0.8

Browse Source
This commit is contained in:
guoew 2021-01-10 18:21:27 +08:00
parent 84177cf728
commit a955c58165
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
openvpn-install.sh
View File

@ -228,11 +228,11 @@ LimitNPROC=infinity' > /etc/systemd/system/openvpn-server@server.service.d/disab
yum install openvpn iptables openssl ca-certificates -y yum install openvpn iptables openssl ca-certificates -y
fi fi
# Get easy-rsa # Get easy-rsa
EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz' EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz'
wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL" wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
tar xzf ~/easyrsa.tgz -C ~/ tar xzf ~/easyrsa.tgz -C ~/
mv ~/EasyRSA-3.0.5/ /etc/openvpn/server/ mv ~/EasyRSA-3.0.8/ /etc/openvpn/server/
mv /etc/openvpn/server/EasyRSA-3.0.5/ /etc/openvpn/server/easy-rsa/ mv /etc/openvpn/server/EasyRSA-3.0.8/ /etc/openvpn/server/easy-rsa/
chown -R root:root /etc/openvpn/server/easy-rsa/ chown -R root:root /etc/openvpn/server/easy-rsa/
rm -f ~/easyrsa.tgz rm -f ~/easyrsa.tgz
cd /etc/openvpn/server/easy-rsa/ cd /etc/openvpn/server/easy-rsa/
@ -309,10 +309,6 @@ ca ca.crt
cert server.crt cert server.crt
key server.key key server.key
dh dh.pem dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server/server.conf ifconfig-pool-persist ipp.txt" > /etc/openvpn/server/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf
# DNS # DNS
@ -348,12 +344,18 @@ ifconfig-pool-persist ipp.txt" > /etc/openvpn/server/server.conf
;; ;;
esac esac
echo "keepalive 10 120 echo "keepalive 10 120
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC cipher AES-256-CBC
user nobody user nobody
group $GROUPNAME group $GROUPNAME
persist-key persist-key
persist-tun persist-tun
status openvpn-status.log status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3 verb 3
crl-verify crl.pem crl-verify crl.pem
auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
@ -423,6 +425,7 @@ rcvbuf 0
remote $IP $PORT remote $IP $PORT
resolv-retry infinite resolv-retry infinite
nobind nobind
key-direction 1
persist-key persist-key
persist-tun persist-tun
auth-user-pass auth-user-pass
@ -430,7 +433,6 @@ remote-cert-tls server
auth SHA512 auth SHA512
cipher AES-256-CBC cipher AES-256-CBC
setenv opt block-outside-dns setenv opt block-outside-dns
key-direction 1
verb 3" > /etc/openvpn/server/client-common.txt verb 3" > /etc/openvpn/server/client-common.txt
# Generates the custom client.ovpn # Generates the custom client.ovpn
newclient "$CLIENT" newclient "$CLIENT"