devstack_custom/tools/install_openvpn.sh

# rough history from wilk - need to cleanup
apt-get install -y openvpn bridge-utils
cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
cd /etc/openvpn/easy-rsa
source vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
./pkitool client1
cd keys
openvpn --genkey --secret ta.key  ## Build a TLS key
cp server.crt server.key ca.crt dh1024.pem ta.key ../../
cd ../../

cat >/etc/openvpn/server.conf <<EOF
duplicate-cn
port 6081
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 172.16.28.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.224"
comp-lzo
persist-key
persist-tun
status openvpn-status.log
EOF
/etc/init.d/openvpn restart

echo Use the following ca for your client:
cat /etc/openvpn/ca.crt

echo
echo Use the following cert for your client
cat /etc/openvpn/easy-rsa/keys/client1.crt 
echo
echo Use the following key for your client
cat /etc/openvpn/easy-rsa/keys/client1.key 
echo
echo Use the following client config:
cat <<EOF
ca ca.crt
cert client.crt
key client.key
client
dev tun
proto tcp
remote 50.56.12.212 6081
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
EOF
initial commit of wilks work 2011-09-24 19:31:57 +00:00			`# rough history from wilk - need to cleanup`
			`apt-get install -y openvpn bridge-utils`
			`cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/`
			`cd /etc/openvpn/easy-rsa`
			`source vars`
			`./clean-all`
			`./build-dh`
			`./pkitool --initca`
			`./pkitool --server server`
			`./pkitool client1`
			`cd keys`
			`openvpn --genkey --secret ta.key ## Build a TLS key`
			`cp server.crt server.key ca.crt dh1024.pem ta.key ../../`
			`cd ../../`

			`cat >/etc/openvpn/server.conf <<EOF`
			`duplicate-cn`
			`port 6081`
			`proto tcp`
			`dev tun`
			`ca ca.crt`
			`cert server.crt`
			`key server.key # This file should be kept secret`
			`dh dh1024.pem`
			`server 172.16.28.0 255.255.255.0`
			`ifconfig-pool-persist ipp.txt`
			`push "route 10.0.0.0 255.255.255.224"`
			`comp-lzo`
			`persist-key`
			`persist-tun`
			`status openvpn-status.log`
			`EOF`
			`/etc/init.d/openvpn restart`

			`echo Use the following ca for your client:`
			`cat /etc/openvpn/ca.crt`

			`echo`
			`echo Use the following cert for your client`
			`cat /etc/openvpn/easy-rsa/keys/client1.crt`
			`echo`
			`echo Use the following key for your client`
			`cat /etc/openvpn/easy-rsa/keys/client1.key`
			`echo`
			`echo Use the following client config:`
			`cat <<EOF`
			`ca ca.crt`
			`cert client.crt`
			`key client.key`
			`client`
			`dev tun`
			`proto tcp`
			`remote 50.56.12.212 6081`
			`resolv-retry infinite`
			`nobind`
			`persist-key`
			`persist-tun`
			`comp-lzo`
			`verb 3`
			`EOF`