|
@@ -454,141 +454,111 @@ function remove_user_vpn {
|
454
|
454
|
new_username="$1"
|
455
|
455
|
}
|
456
|
456
|
|
457
|
|
-function install_stunnel {
|
458
|
|
- apt-get -yq install stunnel4
|
459
|
|
-
|
460
|
|
- cd /etc/stunnel
|
461
|
|
-
|
|
457
|
+function generate_stunnel_keys {
|
462
|
458
|
openssl req -x509 -nodes -days 3650 -sha256 \
|
463
|
459
|
-subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
|
464
|
|
- -newkey rsa:2048 -keyout key.pem \
|
465
|
|
- -out cert.pem
|
466
|
|
- if [ ! -f key.pem ]; then
|
|
460
|
+ -newkey rsa:2048 -keyout /etc/stunnel/key.pem \
|
|
461
|
+ -out /etc/stunnel/cert.pem
|
|
462
|
+ if [ ! -f /etc/stunnel/key.pem ]; then
|
467
|
463
|
echo $'stunnel key not created'
|
468
|
464
|
exit 793530
|
469
|
465
|
fi
|
470
|
|
- if [ ! -f cert.pem ]; then
|
|
466
|
+ if [ ! -f /etc/stunnel/cert.pem ]; then
|
471
|
467
|
echo $'stunnel cert not created'
|
472
|
468
|
exit 204587
|
473
|
469
|
fi
|
474
|
|
- chmod 400 key.pem
|
475
|
|
- chmod 640 cert.pem
|
|
470
|
+ chmod 400 /etc/stunnel/key.pem
|
|
471
|
+ chmod 640 /etc/stunnel/cert.pem
|
476
|
472
|
|
477
|
|
- cat key.pem cert.pem >> stunnel.pem
|
478
|
|
- chmod 640 stunnel.pem
|
|
473
|
+ cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
|
|
474
|
+ chmod 640 /etc/stunnel/stunnel.pem
|
479
|
475
|
|
480
|
|
- openssl pkcs12 -export -out stunnel.p12 -inkey key.pem -in cert.pem -passout pass:
|
481
|
|
- if [ ! -f stunnel.p12 ]; then
|
|
476
|
+ openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
|
|
477
|
+ if [ ! -f /etc/stunnel/stunnel.p12 ]; then
|
482
|
478
|
echo $'stunnel pkcs12 not created'
|
483
|
479
|
exit 639353
|
484
|
480
|
fi
|
485
|
|
- chmod 640 stunnel.p12
|
|
481
|
+ chmod 640 /etc/stunnel/stunnel.p12
|
486
|
482
|
|
487
|
|
- echo 'chroot = /var/lib/stunnel4' > stunnel.conf
|
488
|
|
- echo 'pid = /stunnel4.pid' >> stunnel.conf
|
489
|
|
- echo 'setuid = stunnel4' >> stunnel.conf
|
490
|
|
- echo 'setgid = stunnel4' >> stunnel.conf
|
491
|
|
- echo 'socket = l:TCP_NODELAY=1' >> stunnel.conf
|
492
|
|
- echo 'socket = r:TCP_NODELAY=1' >> stunnel.conf
|
493
|
|
- echo 'cert = /etc/stunnel/stunnel.pem' >> stunnel.conf
|
494
|
|
- echo '[openvpn]' >> stunnel.conf
|
495
|
|
- echo "accept = $VPN_TLS_PORT" >> stunnel.conf
|
496
|
|
- echo 'connect = localhost:1194' >> stunnel.conf
|
497
|
|
- echo 'cert = /etc/stunnel/stunnel.pem' >> stunnel.conf
|
498
|
|
-
|
499
|
|
- sed -i 's|ENABLED=.*|ENABLED=1|g' /etc/default/stunnel4
|
|
483
|
+ cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
|
|
484
|
+ cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
|
|
485
|
+ chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
|
|
486
|
+}
|
500
|
487
|
|
501
|
|
- echo '[openvpn]' > stunnel-client.conf
|
502
|
|
- echo 'client = yes' >> stunnel-client.conf
|
503
|
|
- echo "accept = $STUNNEL_PORT" >> stunnel-client.conf
|
504
|
|
- echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> stunnel-client.conf
|
505
|
|
- echo 'cert = stunnel.pem' >> stunnel-client.conf
|
506
|
|
-
|
507
|
|
- echo '[Unit]' > /etc/systemd/system/stunnel.service
|
508
|
|
- echo 'Description=SSL tunnel for network daemons' >> /etc/systemd/system/stunnel.service
|
509
|
|
- echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> /etc/systemd/system/stunnel.service
|
510
|
|
- echo 'DefaultDependencies=no' >> /etc/systemd/system/stunnel.service
|
511
|
|
- echo 'After=network.target' >> /etc/systemd/system/stunnel.service
|
512
|
|
- echo 'After=syslog.target' >> /etc/systemd/system/stunnel.service
|
513
|
|
- echo '' >> /etc/systemd/system/stunnel.service
|
514
|
|
- echo '[Install]' >> /etc/systemd/system/stunnel.service
|
515
|
|
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/stunnel.service
|
516
|
|
- echo 'Alias=stunnel.target' >> /etc/systemd/system/stunnel.service
|
517
|
|
- echo '' >> /etc/systemd/system/stunnel.service
|
518
|
|
- echo '[Service]' >> /etc/systemd/system/stunnel.service
|
519
|
|
- echo 'Type=forking' >> /etc/systemd/system/stunnel.service
|
520
|
|
- echo 'RuntimeDirectory=stunnel' >> /etc/systemd/system/stunnel.service
|
521
|
|
- echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> /etc/systemd/system/stunnel.service
|
522
|
|
- echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> /etc/systemd/system/stunnel.service
|
523
|
|
- echo 'ExecStop=/usr/bin/killall -9 stunnel' >> /etc/systemd/system/stunnel.service
|
524
|
|
- echo 'RemainAfterExit=yes' >> /etc/systemd/system/stunnel.service
|
525
|
|
-
|
526
|
|
- if [ $VPN_TLS_PORT -eq 443 ]; then
|
527
|
|
- systemctl stop nginx
|
528
|
|
- systemctl disable nginx
|
529
|
|
- else
|
530
|
|
- systemctl enable nginx
|
531
|
|
- systemctl restart nginx
|
|
488
|
+function install_stunnel {
|
|
489
|
+ prefix=
|
|
490
|
+ prefixchroot=
|
|
491
|
+ userhome=/home/$MY_USERNAME
|
|
492
|
+ if [ $rootdir ]; then
|
|
493
|
+ prefix=$rootdir
|
|
494
|
+ prefixchroot="chroot $rootdir"
|
532
|
495
|
fi
|
533
|
496
|
|
534
|
|
- systemctl enable stunnel
|
535
|
|
- systemctl daemon-reload
|
536
|
|
- systemctl start stunnel
|
|
497
|
+ $prefixchroot apt-get -yq install stunnel4
|
537
|
498
|
|
538
|
|
- cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
|
539
|
|
- cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
|
540
|
|
- cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
|
541
|
|
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
|
542
|
|
-}
|
|
499
|
+ if [ ! $prefix ]; then
|
|
500
|
+ cd /etc/stunnel
|
|
501
|
+ generate_stunnel_keys
|
|
502
|
+ fi
|
543
|
503
|
|
544
|
|
-function install_vpn {
|
545
|
|
- apt-get -yq install fastd openvpn easy-rsa
|
|
504
|
+ echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
|
|
505
|
+ echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
|
|
506
|
+ echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
|
|
507
|
+ echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
|
|
508
|
+ echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
|
|
509
|
+ echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
|
|
510
|
+ echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
|
|
511
|
+ echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
|
|
512
|
+ echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
|
|
513
|
+ echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
|
|
514
|
+ echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
|
546
|
515
|
|
547
|
|
- groupadd vpn
|
548
|
|
- useradd -r -s /bin/false -g vpn vpn
|
|
516
|
+ sed -i 's|ENABLED=.*|ENABLED=1|g' /etc/default/stunnel4
|
549
|
517
|
|
550
|
|
- # server configuration
|
551
|
|
- echo 'port 1194' > /etc/openvpn/server.conf
|
552
|
|
- echo 'proto tcp' >> /etc/openvpn/server.conf
|
553
|
|
- echo 'dev tun' >> /etc/openvpn/server.conf
|
554
|
|
- echo 'tun-mtu 1500' >> /etc/openvpn/server.conf
|
555
|
|
- echo 'tun-mtu-extra 32' >> /etc/openvpn/server.conf
|
556
|
|
- echo 'mssfix 1450' >> /etc/openvpn/server.conf
|
557
|
|
- echo 'ca /etc/openvpn/ca.crt' >> /etc/openvpn/server.conf
|
558
|
|
- echo 'cert /etc/openvpn/server.crt' >> /etc/openvpn/server.conf
|
559
|
|
- echo 'key /etc/openvpn/server.key' >> /etc/openvpn/server.conf
|
560
|
|
- echo 'dh /etc/openvpn/dh2048.pem' >> /etc/openvpn/server.conf
|
561
|
|
- echo 'server 10.8.0.0 255.255.255.0' >> /etc/openvpn/server.conf
|
562
|
|
- echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
563
|
|
- echo "push \"dhcp-option DNS 85.214.73.63\"" >> /etc/openvpn/server.conf
|
564
|
|
- echo "push \"dhcp-option DNS 213.73.91.35\"" >> /etc/openvpn/server.conf
|
565
|
|
- echo 'keepalive 5 30' >> /etc/openvpn/server.conf
|
566
|
|
- echo 'comp-lzo' >> /etc/openvpn/server.conf
|
567
|
|
- echo 'persist-key' >> /etc/openvpn/server.conf
|
568
|
|
- echo 'persist-tun' >> /etc/openvpn/server.conf
|
569
|
|
- echo 'status /dev/null' >> /etc/openvpn/server.conf
|
570
|
|
- echo 'verb 3' >> /etc/openvpn/server.conf
|
571
|
|
- echo '' >> /etc/openvpn/server.conf
|
572
|
|
-
|
573
|
|
- echo 1 > /proc/sys/net/ipv4/ip_forward
|
574
|
|
- sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
575
|
|
- sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
|
576
|
|
- sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
|
577
|
|
-
|
578
|
|
- cp -r /usr/share/easy-rsa/ /etc/openvpn
|
579
|
|
- if [ ! -d /etc/openvpn/easy-rsa/keys ]; then
|
580
|
|
- mkdir /etc/openvpn/easy-rsa/keys
|
|
518
|
+ echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
|
|
519
|
+ echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
|
|
520
|
+ echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
|
|
521
|
+ echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
|
|
522
|
+ echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
|
|
523
|
+
|
|
524
|
+ echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
|
|
525
|
+ echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
|
|
526
|
+ echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
|
|
527
|
+ echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
|
|
528
|
+ echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
|
|
529
|
+ echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
|
|
530
|
+ echo '' >> $prefix/etc/systemd/system/stunnel.service
|
|
531
|
+ echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
|
|
532
|
+ echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
|
|
533
|
+ echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
|
|
534
|
+ echo '' >> $prefix/etc/systemd/system/stunnel.service
|
|
535
|
+ echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
|
|
536
|
+ echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
|
|
537
|
+ echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
|
|
538
|
+ echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
|
|
539
|
+ echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
|
|
540
|
+ echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
|
|
541
|
+ echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
|
|
542
|
+
|
|
543
|
+ if [ ! $prefix ]; then
|
|
544
|
+ if [ $VPN_TLS_PORT -eq 443 ]; then
|
|
545
|
+ systemctl stop nginx
|
|
546
|
+ systemctl disable nginx
|
|
547
|
+ else
|
|
548
|
+ systemctl enable nginx
|
|
549
|
+ systemctl restart nginx
|
|
550
|
+ fi
|
|
551
|
+
|
|
552
|
+ systemctl enable stunnel
|
|
553
|
+ systemctl daemon-reload
|
|
554
|
+ systemctl start stunnel
|
581
|
555
|
fi
|
582
|
556
|
|
583
|
|
- # keys configuration
|
584
|
|
- sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" /etc/openvpn/easy-rsa/vars
|
585
|
|
- sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" /etc/openvpn/easy-rsa/vars
|
586
|
|
- sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" /etc/openvpn/easy-rsa/vars
|
587
|
|
- sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" /etc/openvpn/easy-rsa/vars
|
588
|
|
- sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" /etc/openvpn/easy-rsa/vars
|
589
|
|
- sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" /etc/openvpn/easy-rsa/vars
|
590
|
|
- sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" /etc/openvpn/easy-rsa/vars
|
|
557
|
+ cp $prefix/etc/stunnel/stunnel-client.conf $prefix$userhome/stunnel-client.conf
|
|
558
|
+ chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
|
|
559
|
+}
|
591
|
560
|
|
|
561
|
+function vpn_generate_keys {
|
592
|
562
|
# generate host keys
|
593
|
563
|
if [ ! -f /etc/openvpn/dh2048.pem ]; then
|
594
|
564
|
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
|
|
@@ -621,7 +591,7 @@ function install_vpn {
|
621
|
591
|
sed -i 's| --interact||g' build-key-server
|
622
|
592
|
sed -i 's| --interact||g' build-ca
|
623
|
593
|
./build-ca
|
624
|
|
- ./build-key-server $OPENVPN_SERVER_NAME
|
|
594
|
+ ./build-key-server ${OPENVPN_SERVER_NAME}
|
625
|
595
|
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
|
626
|
596
|
echo $'OpenVPN crt not found'
|
627
|
597
|
exit 7823352
|
|
@@ -643,19 +613,81 @@ function install_vpn {
|
643
|
613
|
fi
|
644
|
614
|
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
|
645
|
615
|
|
646
|
|
- create_user_vpn_key $MY_USERNAME
|
|
616
|
+ create_user_vpn_key ${MY_USERNAME}
|
|
617
|
+}
|
647
|
618
|
|
648
|
|
- firewall_enable_vpn
|
|
619
|
+function install_vpn {
|
|
620
|
+ prefix=
|
|
621
|
+ prefixchroot=
|
|
622
|
+ if [ $rootdir ]; then
|
|
623
|
+ prefix=$rootdir
|
|
624
|
+ prefixchroot="chroot $rootdir"
|
|
625
|
+ fi
|
|
626
|
+ $prefixchroot apt-get -yq install fastd openvpn easy-rsa
|
649
|
627
|
|
650
|
|
- if [ $VPN_TLS_PORT -ne 443 ]; then
|
651
|
|
- firewall_add VPN-TLS $VPN_TLS_PORT tcp
|
|
628
|
+ $prefixchroot groupadd vpn
|
|
629
|
+ $prefixchroot useradd -r -s /bin/false -g vpn vpn
|
|
630
|
+
|
|
631
|
+ # server configuration
|
|
632
|
+ echo 'port 1194' > $prefix/etc/openvpn/server.conf
|
|
633
|
+ echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
|
|
634
|
+ echo 'dev tun' >> $prefix/etc/openvpn/server.conf
|
|
635
|
+ echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
|
|
636
|
+ echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
|
|
637
|
+ echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
|
|
638
|
+ echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
|
|
639
|
+ echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
|
|
640
|
+ echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
|
|
641
|
+ echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
|
|
642
|
+ echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
|
|
643
|
+ echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
|
|
644
|
+ echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
|
|
645
|
+ echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
|
|
646
|
+ echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
|
|
647
|
+ echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
|
|
648
|
+ echo 'persist-key' >> $prefix/etc/openvpn/server.conf
|
|
649
|
+ echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
|
|
650
|
+ echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
|
|
651
|
+ echo 'verb 3' >> $prefix/etc/openvpn/server.conf
|
|
652
|
+ echo '' >> $prefix/etc/openvpn/server.conf
|
|
653
|
+
|
|
654
|
+ if [ ! $prefix ]; then
|
|
655
|
+ echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
656
|
+ fi
|
|
657
|
+ sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
|
|
658
|
+ sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
|
|
659
|
+ sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
|
|
660
|
+
|
|
661
|
+ cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
|
|
662
|
+ if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
|
|
663
|
+ mkdir $prefix/etc/openvpn/easy-rsa/keys
|
652
|
664
|
fi
|
653
|
665
|
|
654
|
|
- systemctl start openvpn
|
|
666
|
+ # keys configuration
|
|
667
|
+ sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
668
|
+ sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
669
|
+ sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
670
|
+ sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
671
|
+ sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
672
|
+ sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
673
|
+ sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
|
|
674
|
+
|
|
675
|
+ if [ ! $prefix ]; then
|
|
676
|
+ vpn_generate_keys
|
|
677
|
+ firewall_enable_vpn
|
|
678
|
+
|
|
679
|
+ if [ ${VPN_TLS_PORT} -ne 443 ]; then
|
|
680
|
+ firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
|
|
681
|
+ fi
|
|
682
|
+
|
|
683
|
+ systemctl start openvpn
|
|
684
|
+ fi
|
655
|
685
|
|
656
|
686
|
install_stunnel
|
657
|
687
|
|
658
|
|
- systemctl restart openvpn
|
|
688
|
+ if [ ! $prefix ]; then
|
|
689
|
+ systemctl restart openvpn
|
|
690
|
+ fi
|
659
|
691
|
|
660
|
692
|
APP_INSTALLED=1
|
661
|
693
|
}
|