On Sun, 05 Mar 2023 23:29:14 +0000, tincantech via Openvpn-users
<[email protected]> wrote:
>Thank you for your patience and determination!
>It has been invaluable to solving this issue.
Glad to be able to contribute some to the OpenVPN project!
I have used it since about 2012 as a way to hook up my different locations
(home, summer cottage, two daughter's homes, my brother-in-law's two homes etc.)
All using OpenVPN on Raspberry Pi devices to start with but now also on PC based
Ubuntu servers.
>
>FTR: Yes, this upgrade is essentially to move files to where they are
>expected by easyrsa v3.
>
>It also removes old easyrsa v2 shell and .bat files.
>
>And, recognition, is now better than it was before!
>
>Thank you
I have an additional question after looking over modifications to my old script
to create the client OVPN files:
My existing script accepts as arguments a client name and a switch to define if
the ovpn file should be provided with a password or not.
Like this:
./MakeOVPN ClientCommonName [P | N]
With no second parameter or $2 != N it will protect the OVPN file using a
password.
It is done like this:
# Now run the key creation commands:
if [ $USEPWD == "P" ]; then
eval "./build-key-pass $NAME"
eval "openssl rsa -in $KEY_DIR/$NAME.key -des3 -out $KEY_DIR/$NAME.3des.key"
else
eval "./build-key $NAME"
fi
Note the two different calls in the two cases for easyrsa2:
./build-key-pass $NAME
vs
./build-key $NAME
When I start easyrsa3 without argument it shows a list of commands like this:
...
build-client-full <file_name_base> [ cmd-opts ]
build-server-full <file_name_base> [ cmd-opts ]
build-serverClient-full <file_name_base> [ cmd-opts ]
...
But the help command for client yields this:
./easyrsa help build-client-full
* build-client-full <file_name_base> [ cmd-opts ]
* build-server-full <file_name_base> [ cmd-opts ]
* build-serverClient-full <file_name_base> [ cmd-opts ]
Generate a keypair and sign locally for a client and/or server
This mode uses the <file_name_base> as the X509 CN.
Available command options [ cmd-opts ]:
* nopass - Do not encrypt the private key (default is encrypted)
(Equivalent to global option '--nopass|--no-pass')
* inline - Create an inline credentials file for this node
How can I use this to create the client files with or without password in my
script?
Can I just do this:
if [ $USEPWD == "P" ]; then
eval "./easyrsa build-client-full $NAME nopass"
eval "openssl rsa -in $KEY_DIR/$NAME.key -des3 -out $KEY_DIR/$NAME.3des.key"
else #if no password is requested:
eval "./easyrsa build-client-full $NAME nopass"
fi
Would that work OK?
And I guess now $KEY_DIR needs to be changed to a set of different dirs
depending on the type of file being worked on...
--
Bo Berglund
Developer in Sweden
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
