mirror of
https://github.com/namibia/openvpn-install.git
synced 2024-12-22 23:08:55 +00:00
Add password option for clients (#160)
This commit is contained in:
parent
a0267c994d
commit
9ef0bbc47d
@ -88,6 +88,7 @@ This fork includes the following features :
|
||||
- [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2)
|
||||
- Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories.
|
||||
- Randomized certificate name
|
||||
- The ability to create passwordless clients and clients protected with a password
|
||||
- Other improvements !
|
||||
|
||||
## DNS
|
||||
|
@ -113,12 +113,28 @@ if [[ -e /etc/openvpn/server.conf ]]; then
|
||||
case $option in
|
||||
1)
|
||||
echo ""
|
||||
echo "Do you want to protect the configuration file with a password?"
|
||||
echo "(e.g. encrypt the private key with a password)"
|
||||
echo " 1) Add a passwordless client"
|
||||
echo " 2) Use a password for the client"
|
||||
until [[ "$pass" =~ ^[1-2]$ ]]; do
|
||||
read -rp "Select an option [1-2]: " -e -i 1 pass
|
||||
done
|
||||
echo ""
|
||||
echo "Tell me a name for the client cert"
|
||||
echo "Please, use one word only, no special characters"
|
||||
read -rp "Client name: " -e -i newclient CLIENT
|
||||
|
||||
read -rp "Client name: " -e -i newclient CLIENT
|
||||
cd /etc/openvpn/easy-rsa/ || return
|
||||
./easyrsa build-client-full $CLIENT nopass
|
||||
case $pass in
|
||||
1)
|
||||
./easyrsa build-client-full $CLIENT nopass
|
||||
;;
|
||||
2)
|
||||
echo "⚠️ You will be asked for the client password below ⚠️"
|
||||
./easyrsa build-client-full $CLIENT
|
||||
;;
|
||||
esac
|
||||
|
||||
# Generates the custom client.ovpn
|
||||
newclient "$CLIENT"
|
||||
@ -365,6 +381,14 @@ else
|
||||
;;
|
||||
esac
|
||||
echo ""
|
||||
echo "Do you want to protect the configuration file with a password?"
|
||||
echo "(e.g. encrypt the private key with a password)"
|
||||
echo " 1) Add a passwordless client"
|
||||
echo " 2) Use a password for the client"
|
||||
until [[ "$pass" =~ ^[1-2]$ ]]; do
|
||||
read -rp "Select an option [1-2]: " -e -i 1 pass
|
||||
done
|
||||
echo ""
|
||||
echo "Finally, tell me a name for the client certificate and configuration"
|
||||
while [[ $CLIENT = "" ]]; do
|
||||
echo "Please, use one word only, no special characters"
|
||||
@ -524,7 +548,15 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
|
||||
./easyrsa --batch build-ca nopass
|
||||
openssl dhparam -out dh.pem $DH_KEY_SIZE
|
||||
./easyrsa build-server-full $SERVER_NAME nopass
|
||||
./easyrsa build-client-full $CLIENT nopass
|
||||
case $pass in
|
||||
1)
|
||||
./easyrsa build-client-full $CLIENT nopass
|
||||
;;
|
||||
2)
|
||||
echo "⚠️ You will be asked for the client password below ⚠️"
|
||||
./easyrsa build-client-full $CLIENT
|
||||
;;
|
||||
esac
|
||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||
# generate tls-auth key
|
||||
openvpn --genkey --secret /etc/openvpn/tls-auth.key
|
||||
|
Loading…
Reference in New Issue
Block a user