free
/
freedombone
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Don't use ta.key

Bob Mottram 7 年之前
父節點
5ec792bcd6
當前提交
dea56279e4
共有 1 個文件被更改,包括 7 次插入0 次删除
分割檢視 顯示文件統計
  1. 7
    0
      src/freedombone-app-vpn

+ 7
- 0
src/freedombone-app-vpn 查看文件 

@@ -190,6 +190,7 @@ y
190 190 
     sed -i 's|ca ca.crt|;ca ca.crt|g' $user_vpn_cert_file
191 191 
     sed -i 's|cert client.crt|;cert client.crt|g' $user_vpn_cert_file
192 192 
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
193 
+    sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
193 194
194 195 
     echo '<ca>' >> $user_vpn_cert_file
195 196 
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
 
@@ -229,11 +230,14 @@ function install_vpn {
229 230 
         echo $'Example openvpn server config not found'
230 231 
         exit 783953
231 232 
     fi
233 
+
234 
+    # server configuration
232 235 
     gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
233 236 
     sed -i "s|;push \"redirect-gateway|push \"redirect-gateway|g" /etc/openvpn/server.conf
234 237 
     sed -i 's|;push "dhcp-option|push "dhcp-option|g' /etc/openvpn/server.conf
235 238 
     sed -i 's|;user nobody|user nobody|g' /etc/openvpn/server.conf
236 239 
     sed -i 's|;group nogroup|group nogroup|g' /etc/openvpn/server.conf
240 
+
237 241 
     echo 1 > /proc/sys/net/ipv4/ip_forward
238 242 
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
239 243 
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
 
@@ -244,6 +248,7 @@ function install_vpn {
244 248 
         mkdir /etc/openvpn/easy-rsa/keys
245 249 
     fi
246 250
251 
+    # keys configuration
247 252 
     sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" /etc/openvpn/easy-rsa/vars
248 253 
     sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" /etc/openvpn/easy-rsa/vars
249 254 
     sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" /etc/openvpn/easy-rsa/vars
 
@@ -251,6 +256,8 @@ function install_vpn {
251 256 
     sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" /etc/openvpn/easy-rsa/vars
252 257 
     sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" /etc/openvpn/easy-rsa/vars
253 258 
     sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" /etc/openvpn/easy-rsa/vars
259 
+
260 
+    # generate host keys
254 261 
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
255 262 
         openssl dhparam -out /etc/openvpn/dh2048.pem 2048
256 263 
     fi