Merge pull request #228 from amnezia-vpn/bugfix/openvpn-crl-verify

bugfix/openvpn-crl-verify

client/server_scripts/openvpn/configure_container.sh

@@ -18,7 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify crl.pem
+crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn/run_container.sh

@@ -21,5 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
-
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
+cd /opt/amnezia/openvpn && easyrsa gen-crl;\
+cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'

client/server_scripts/openvpn/template.ovpn

@@ -5,7 +5,6 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
-crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH

client/server_scripts/openvpn_cloak/configure_container.sh

@@ -18,7 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify crl.pem
+crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn_cloak/run_container.sh

@@ -21,4 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
+cd /opt/amnezia/openvpn && easyrsa gen-crl;\
+cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'

client/server_scripts/openvpn_cloak/template.ovpn

@@ -5,7 +5,6 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
-crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH

client/server_scripts/openvpn_shadowsocks/configure_container.sh

@@ -18,7 +18,7 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify crl.pem
+crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn_shadowsocks/run_container.sh

@@ -21,4 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
+cd /opt/amnezia/openvpn && easyrsa gen-crl;\
+cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'

client/server_scripts/openvpn_shadowsocks/template.ovpn

@@ -5,7 +5,6 @@ resolv-retry infinite
 nobind
 persist-key
 persist-tun
-crl-verify crl.pem
 $OPENVPN_NCP_DISABLE
 cipher $OPENVPN_CIPHER
 auth $OPENVPN_HASH