Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

openvpn-easy-rsa@ 10604

Last change on this file since 10604 was 10458, checked in by rick, 13 years ago
OpenVPN easy-rsa is an great tool, hacking it into a NanoBSD env was a bit more challenging, but this should do the trick more and less. Please note generating the random bits can take an long...time.
Property svn:executable set to ``*
File size: 2.6 KB

Rev	Line
[10458]	1	#!/bin/sh
	2	#
	3	# Initialize the OpenVPN Easy-RSA 2.0 scripts
	4	#
	5	# Rick van der Zwet <rick@wirelessleiden.nl>
	6	#
	7
	8	# This variable should point to
	9	# the top level of the easy-rsa
	10	# tree.
	11	export EASY_RSA=${EASY_RSA:-"/usr/local/share/easy-rsa"}
	12
	13	if [ ! -d "$EASY_RSA" ]; then
	14	echo "# Installing easy-rsa at $EASY_RSA"
	15	trap "mount -ur /; exit 1" 1 2 15
	16	mount -uwo noatime / \|\| exit 1
	17	make -C /usr/local/share/doc/openvpn/easy-rsa/2.0 install DESTDIR=$EASY_RSA \|\| exit 1
	18	# Avoid disasters and move the vars template holder
	19	mv $EASY_RSA/vars $EASY_RSA/vars.old \|\| exit 1
	20	mount -ur /
	21	trap - 1 2 15
	22	fi
	23
	24	#
	25	# This variable should point to
	26	# the requested executables
	27	#
	28	export OPENSSL="openssl"
	29	export PKCS11TOOL="pkcs11-tool"
	30	export GREP="grep"
	31
	32
	33	# This variable should point to
	34	# the openssl.cnf file included
	35	# with easy-rsa.
	36	export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
	37
	38	# Edit this variable to point to
	39	# your soon-to-be-created key
	40	# directory.
	41	#
	42	# WARNING: clean-all will do
	43	# a rm -rf on this directory
	44	# so make sure you define
	45	# it correctly!
	46	export KEY_DIR="${KEY_DIR:-/etc/easy-rsa-keys}"
	47
	48	# Issue rm -rf warning
	49	echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
	50
	51	# PKCS11 fixes
	52	export PKCS11_MODULE_PATH="dummy"
	53	export PKCS11_PIN="dummy"
	54
	55	# Increase this to 2048 if you
	56	# are paranoid. This will slow
	57	# down TLS negotiation performance
	58	# as well as the one-time DH parms
	59	# generation process.
	60	export KEY_SIZE=1024
	61
	62	# In how many days should the root CA key expire?
	63	export CA_EXPIRE=3650
	64
	65	# In how many days should certificates expire?
	66	export KEY_EXPIRE=3650
	67
	68	# These are the default values for fields
	69	# which will be placed in the certificate.
	70	# Don't leave any of these fields blank.
	71	export KEY_COUNTRY="US"
	72	export KEY_PROVINCE="CA"
	73	export KEY_CITY="SanFrancisco"
	74	export KEY_ORG="Fort-Funston"
	75	export KEY_EMAIL="me@myhost.mydomain"
	76	export KEY_EMAIL=mail@host.domain
	77	export KEY_CN=changeme
	78	export KEY_NAME=changeme
	79	export KEY_OU=changeme
	80	export PKCS11_MODULE_PATH=changeme
	81	export PKCS11_PIN=1234
	82
	83	# Start the local shell
	84	cd $EASY_RSA
	85	echo "#"
	86	echo "# Type exit when done to write changes to persistent disk"
	87	echo "#"
	88	# Primer to remember what we are doing
	89	sed -n -e '/Typical/,$p' README \| sed -e 's/^/## /g' \| grep -v '. ./vars'
	90	echo "#"
	91	bash \|\| sh
	92
	93	echo "# Writing changes to persistent storage (/cfg)"
	94	trap "umount /cfg; exit 1" 1 2 15 EXIT
	95
	96	mount -ro noatime /cfg \|\| exit 1
	97	CFG_KEY_DIR=/cfg/`basename $KEY_DIR`
	98	diff -b -B -q -r $KEY_DIR $CFG_KEY_DIR \|\| {
	99	mount -uwo noatime /cfg \|\| exit 1
	100	rm -fR $CFG_KEY_DIR \|\| exit 1
	101	cp -R $KEY_DIR $CFG_KEY_DIR \|\| exit 1
	102	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: hybrid/branches/releng-9.0/nanobsd/files/tools/openvpn-easy-rsa@ 10604

Download in other formats: