Update easy-rsa to 3.1.2 and fix compatibility with Ubuntu 22.04

Based on this patch by @zerodivisi0n: https://github.com/angristan/openvpn-install/issues/1000#issuecomment-1283484772
This commit is contained in:
Stanislas Lange 2023-01-22 00:06:51 +01:00 committed by Stanislas
parent ca8d58d5f0
commit 2f76bb5e40
2 changed files with 6 additions and 7 deletions

View File

@ -15,6 +15,7 @@ jobs:
- debian-11-x64 - debian-11-x64
- ubuntu-18-04-x64 - ubuntu-18-04-x64
- ubuntu-20-04-x64 - ubuntu-20-04-x64
- ubuntu-22-04-x64
- fedora-35-x64 - fedora-35-x64
- centos-7-x64 - centos-7-x64
- centos-stream-8-x64 - centos-stream-8-x64

View File

@ -706,7 +706,7 @@ function installOpenVPN() {
# Install the latest version of easy-rsa from source, if not already installed. # Install the latest version of easy-rsa from source, if not already installed.
if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
local version="3.0.7" local version="3.1.2"
wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
mkdir -p /etc/openvpn/easy-rsa mkdir -p /etc/openvpn/easy-rsa
tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
@ -729,18 +729,16 @@ function installOpenVPN() {
SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
echo "$SERVER_NAME" >SERVER_NAME_GENERATED echo "$SERVER_NAME" >SERVER_NAME_GENERATED
echo "set_var EASYRSA_REQ_CN $SERVER_CN" >>vars
# Create the PKI, set up the CA, the DH params and the server certificate # Create the PKI, set up the CA, the DH params and the server certificate
./easyrsa init-pki ./easyrsa init-pki
./easyrsa --batch build-ca nopass ./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
if [[ $DH_TYPE == "2" ]]; then if [[ $DH_TYPE == "2" ]]; then
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand # ECDH keys are generated on-the-fly so we don't need to generate them beforehand
openssl dhparam -out dh.pem $DH_KEY_SIZE openssl dhparam -out dh.pem $DH_KEY_SIZE
fi fi
./easyrsa build-server-full "$SERVER_NAME" nopass ./easyrsa --batch build-server-full "$SERVER_NAME" nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
case $TLS_SIG in case $TLS_SIG in
@ -1087,11 +1085,11 @@ function newClient() {
cd /etc/openvpn/easy-rsa/ || return cd /etc/openvpn/easy-rsa/ || return
case $PASS in case $PASS in
1) 1)
./easyrsa build-client-full "$CLIENT" nopass ./easyrsa --batch build-client-full "$CLIENT" nopass
;; ;;
2) 2)
echo "⚠️ You will be asked for the client password below ⚠️" echo "⚠️ You will be asked for the client password below ⚠️"
./easyrsa build-client-full "$CLIENT" ./easyrsa --batch build-client-full "$CLIENT"
;; ;;
esac esac
echo "Client $CLIENT added." echo "Client $CLIENT added."