From f5057dfac4c2b9da136d5b52902cae4fda412735 Mon Sep 17 00:00:00 2001 From: "vladimir.kuznetsov" Date: Fri, 21 Apr 2023 07:44:35 +0300 Subject: [PATCH] removed crl-verify from client config - specified full path to crl in server config - added crl generation when setting up a container --- client/server_scripts/openvpn/configure_container.sh | 2 +- client/server_scripts/openvpn/run_container.sh | 5 +++-- client/server_scripts/openvpn/template.ovpn | 1 - client/server_scripts/openvpn_cloak/configure_container.sh | 2 +- client/server_scripts/openvpn_cloak/run_container.sh | 4 +++- client/server_scripts/openvpn_cloak/template.ovpn | 1 - .../openvpn_shadowsocks/configure_container.sh | 2 +- client/server_scripts/openvpn_shadowsocks/run_container.sh | 4 +++- client/server_scripts/openvpn_shadowsocks/template.ovpn | 1 - 9 files changed, 12 insertions(+), 10 deletions(-) diff --git a/client/server_scripts/openvpn/configure_container.sh b/client/server_scripts/openvpn/configure_container.sh index 838088cf..5ec0163f 100644 --- a/client/server_scripts/openvpn/configure_container.sh +++ b/client/server_scripts/openvpn/configure_container.sh @@ -18,7 +18,7 @@ user nobody group nobody persist-key persist-tun -crl-verify crl.pem +crl-verify /opt/amnezia/openvpn/crl.pem status openvpn-status.log verb 1 tls-server diff --git a/client/server_scripts/openvpn/run_container.sh b/client/server_scripts/openvpn/run_container.sh index 5649dd21..a9e7538e 100644 --- a/client/server_scripts/openvpn/run_container.sh +++ b/client/server_scripts/openvpn/run_container.sh @@ -21,5 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \ cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\ cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\ cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\ -cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn' - +cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\ +cd /opt/amnezia/openvpn && easyrsa gen-crl;\ +cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem' diff --git a/client/server_scripts/openvpn/template.ovpn b/client/server_scripts/openvpn/template.ovpn index 8ab0c9bf..c0b4a044 100644 --- a/client/server_scripts/openvpn/template.ovpn +++ b/client/server_scripts/openvpn/template.ovpn @@ -5,7 +5,6 @@ resolv-retry infinite nobind persist-key persist-tun -crl-verify crl.pem $OPENVPN_NCP_DISABLE cipher $OPENVPN_CIPHER auth $OPENVPN_HASH diff --git a/client/server_scripts/openvpn_cloak/configure_container.sh b/client/server_scripts/openvpn_cloak/configure_container.sh index 94d9610b..2bb53724 100644 --- a/client/server_scripts/openvpn_cloak/configure_container.sh +++ b/client/server_scripts/openvpn_cloak/configure_container.sh @@ -18,7 +18,7 @@ user nobody group nobody persist-key persist-tun -crl-verify crl.pem +crl-verify /opt/amnezia/openvpn/crl.pem status openvpn-status.log verb 1 tls-server diff --git a/client/server_scripts/openvpn_cloak/run_container.sh b/client/server_scripts/openvpn_cloak/run_container.sh index bec8e889..0b97c02b 100644 --- a/client/server_scripts/openvpn_cloak/run_container.sh +++ b/client/server_scripts/openvpn_cloak/run_container.sh @@ -21,4 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \ cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\ cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\ cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\ -cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn' +cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\ +cd /opt/amnezia/openvpn && easyrsa gen-crl;\ +cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem' diff --git a/client/server_scripts/openvpn_cloak/template.ovpn b/client/server_scripts/openvpn_cloak/template.ovpn index 062cf8a2..7f9494b9 100644 --- a/client/server_scripts/openvpn_cloak/template.ovpn +++ b/client/server_scripts/openvpn_cloak/template.ovpn @@ -5,7 +5,6 @@ resolv-retry infinite nobind persist-key persist-tun -crl-verify crl.pem $OPENVPN_NCP_DISABLE cipher $OPENVPN_CIPHER auth $OPENVPN_HASH diff --git a/client/server_scripts/openvpn_shadowsocks/configure_container.sh b/client/server_scripts/openvpn_shadowsocks/configure_container.sh index 0d176214..d72bc7b3 100644 --- a/client/server_scripts/openvpn_shadowsocks/configure_container.sh +++ b/client/server_scripts/openvpn_shadowsocks/configure_container.sh @@ -18,7 +18,7 @@ user nobody group nobody persist-key persist-tun -crl-verify crl.pem +crl-verify /opt/amnezia/openvpn/crl.pem status openvpn-status.log verb 1 tls-server diff --git a/client/server_scripts/openvpn_shadowsocks/run_container.sh b/client/server_scripts/openvpn_shadowsocks/run_container.sh index 3714aa62..147d4321 100644 --- a/client/server_scripts/openvpn_shadowsocks/run_container.sh +++ b/client/server_scripts/openvpn_shadowsocks/run_container.sh @@ -21,4 +21,6 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \ cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\ cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\ cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\ -cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn' +cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\ +cd /opt/amnezia/openvpn && easyrsa gen-crl;\ +cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem' diff --git a/client/server_scripts/openvpn_shadowsocks/template.ovpn b/client/server_scripts/openvpn_shadowsocks/template.ovpn index 3cdf2ef3..64cbd4be 100644 --- a/client/server_scripts/openvpn_shadowsocks/template.ovpn +++ b/client/server_scripts/openvpn_shadowsocks/template.ovpn @@ -5,7 +5,6 @@ resolv-retry infinite nobind persist-key persist-tun -crl-verify crl.pem $OPENVPN_NCP_DISABLE cipher $OPENVPN_CIPHER auth $OPENVPN_HASH