mirror of
https://github.com/angristan/openvpn-install.git
synced 2024-11-23 17:29:03 +01:00
Update easy-rsa to 3.1.2 and fix compatibility with Ubuntu 22.04
Based on this patch by @zerodivisi0n: https://github.com/angristan/openvpn-install/issues/1000#issuecomment-1283484772
This commit is contained in:
parent
ca8d58d5f0
commit
2f76bb5e40
1
.github/workflows/test.yml
vendored
1
.github/workflows/test.yml
vendored
@ -15,6 +15,7 @@ jobs:
|
|||||||
- debian-11-x64
|
- debian-11-x64
|
||||||
- ubuntu-18-04-x64
|
- ubuntu-18-04-x64
|
||||||
- ubuntu-20-04-x64
|
- ubuntu-20-04-x64
|
||||||
|
- ubuntu-22-04-x64
|
||||||
- fedora-35-x64
|
- fedora-35-x64
|
||||||
- centos-7-x64
|
- centos-7-x64
|
||||||
- centos-stream-8-x64
|
- centos-stream-8-x64
|
||||||
|
@ -706,7 +706,7 @@ function installOpenVPN() {
|
|||||||
|
|
||||||
# Install the latest version of easy-rsa from source, if not already installed.
|
# Install the latest version of easy-rsa from source, if not already installed.
|
||||||
if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
|
if [[ ! -d /etc/openvpn/easy-rsa/ ]]; then
|
||||||
local version="3.0.7"
|
local version="3.1.2"
|
||||||
wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
|
wget -O ~/easy-rsa.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v${version}/EasyRSA-${version}.tgz
|
||||||
mkdir -p /etc/openvpn/easy-rsa
|
mkdir -p /etc/openvpn/easy-rsa
|
||||||
tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
|
tar xzf ~/easy-rsa.tgz --strip-components=1 --no-same-owner --directory /etc/openvpn/easy-rsa
|
||||||
@ -729,18 +729,16 @@ function installOpenVPN() {
|
|||||||
SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
|
SERVER_NAME="server_$(head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)"
|
||||||
echo "$SERVER_NAME" >SERVER_NAME_GENERATED
|
echo "$SERVER_NAME" >SERVER_NAME_GENERATED
|
||||||
|
|
||||||
echo "set_var EASYRSA_REQ_CN $SERVER_CN" >>vars
|
|
||||||
|
|
||||||
# Create the PKI, set up the CA, the DH params and the server certificate
|
# Create the PKI, set up the CA, the DH params and the server certificate
|
||||||
./easyrsa init-pki
|
./easyrsa init-pki
|
||||||
./easyrsa --batch build-ca nopass
|
./easyrsa --batch --req-cn="$SERVER_CN" build-ca nopass
|
||||||
|
|
||||||
if [[ $DH_TYPE == "2" ]]; then
|
if [[ $DH_TYPE == "2" ]]; then
|
||||||
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
|
# ECDH keys are generated on-the-fly so we don't need to generate them beforehand
|
||||||
openssl dhparam -out dh.pem $DH_KEY_SIZE
|
openssl dhparam -out dh.pem $DH_KEY_SIZE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
./easyrsa build-server-full "$SERVER_NAME" nopass
|
./easyrsa --batch build-server-full "$SERVER_NAME" nopass
|
||||||
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
|
||||||
|
|
||||||
case $TLS_SIG in
|
case $TLS_SIG in
|
||||||
@ -1087,11 +1085,11 @@ function newClient() {
|
|||||||
cd /etc/openvpn/easy-rsa/ || return
|
cd /etc/openvpn/easy-rsa/ || return
|
||||||
case $PASS in
|
case $PASS in
|
||||||
1)
|
1)
|
||||||
./easyrsa build-client-full "$CLIENT" nopass
|
./easyrsa --batch build-client-full "$CLIENT" nopass
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
echo "⚠️ You will be asked for the client password below ⚠️"
|
echo "⚠️ You will be asked for the client password below ⚠️"
|
||||||
./easyrsa build-client-full "$CLIENT"
|
./easyrsa --batch build-client-full "$CLIENT"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
echo "Client $CLIENT added."
|
echo "Client $CLIENT added."
|
||||||
|
Loading…
Reference in New Issue
Block a user