Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

openvpn-easy-rsa@ 10829

Last change on this file since 10829 was 10458, checked in by rick, 13 years ago
OpenVPN easy-rsa is an great tool, hacking it into a NanoBSD env was a bit more challenging, but this should do the trick more and less. Please note generating the random bits can take an long...time.
Property svn:executable set to ``*
File size: 2.6 KB

Line
1	#!/bin/sh
2	#
3	# Initialize the OpenVPN Easy-RSA 2.0 scripts
4	#
5	# Rick van der Zwet <rick@wirelessleiden.nl>
6	#
7
8	# This variable should point to
9	# the top level of the easy-rsa
10	# tree.
11	export EASY_RSA=${EASY_RSA:-"/usr/local/share/easy-rsa"}
12
13	if [ ! -d "$EASY_RSA" ]; then
14	echo "# Installing easy-rsa at $EASY_RSA"
15	trap "mount -ur /; exit 1" 1 2 15
16	mount -uwo noatime / \|\| exit 1
17	make -C /usr/local/share/doc/openvpn/easy-rsa/2.0 install DESTDIR=$EASY_RSA \|\| exit 1
18	# Avoid disasters and move the vars template holder
19	mv $EASY_RSA/vars $EASY_RSA/vars.old \|\| exit 1
20	mount -ur /
21	trap - 1 2 15
22	fi
23
24	#
25	# This variable should point to
26	# the requested executables
27	#
28	export OPENSSL="openssl"
29	export PKCS11TOOL="pkcs11-tool"
30	export GREP="grep"
31
32
33	# This variable should point to
34	# the openssl.cnf file included
35	# with easy-rsa.
36	export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
37
38	# Edit this variable to point to
39	# your soon-to-be-created key
40	# directory.
41	#
42	# WARNING: clean-all will do
43	# a rm -rf on this directory
44	# so make sure you define
45	# it correctly!
46	export KEY_DIR="${KEY_DIR:-/etc/easy-rsa-keys}"
47
48	# Issue rm -rf warning
49	echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
50
51	# PKCS11 fixes
52	export PKCS11_MODULE_PATH="dummy"
53	export PKCS11_PIN="dummy"
54
55	# Increase this to 2048 if you
56	# are paranoid. This will slow
57	# down TLS negotiation performance
58	# as well as the one-time DH parms
59	# generation process.
60	export KEY_SIZE=1024
61
62	# In how many days should the root CA key expire?
63	export CA_EXPIRE=3650
64
65	# In how many days should certificates expire?
66	export KEY_EXPIRE=3650
67
68	# These are the default values for fields
69	# which will be placed in the certificate.
70	# Don't leave any of these fields blank.
71	export KEY_COUNTRY="US"
72	export KEY_PROVINCE="CA"
73	export KEY_CITY="SanFrancisco"
74	export KEY_ORG="Fort-Funston"
75	export KEY_EMAIL="me@myhost.mydomain"
76	export KEY_EMAIL=mail@host.domain
77	export KEY_CN=changeme
78	export KEY_NAME=changeme
79	export KEY_OU=changeme
80	export PKCS11_MODULE_PATH=changeme
81	export PKCS11_PIN=1234
82
83	# Start the local shell
84	cd $EASY_RSA
85	echo "#"
86	echo "# Type exit when done to write changes to persistent disk"
87	echo "#"
88	# Primer to remember what we are doing
89	sed -n -e '/Typical/,$p' README \| sed -e 's/^/## /g' \| grep -v '. ./vars'
90	echo "#"
91	bash \|\| sh
92
93	echo "# Writing changes to persistent storage (/cfg)"
94	trap "umount /cfg; exit 1" 1 2 15 EXIT
95
96	mount -ro noatime /cfg \|\| exit 1
97	CFG_KEY_DIR=/cfg/`basename $KEY_DIR`
98	diff -b -B -q -r $KEY_DIR $CFG_KEY_DIR \|\| {
99	mount -uwo noatime /cfg \|\| exit 1
100	rm -fR $CFG_KEY_DIR \|\| exit 1
101	cp -R $KEY_DIR $CFG_KEY_DIR \|\| exit 1
102	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: hybrid/branches/releng-9.0/nanobsd/files/tools/openvpn-easy-rsa@ 10829

Download in other formats: