Initial commit.

2019-04-14 18:34:38 +02:00 · 2019-04-14 18:34:38 +02:00 · 122039a653
commit 122039a653
5 changed files with 60 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 conf/
--- a/6
+++ b/6
@ -0,0 +1,6 @@
 https://stackoverflow.com/questions/17089889/openssl-x509v3-extended-key-usage
 https://forums.openvpn.net/viewtopic.php?t=7484
 https://serverfault.com/questions/785108/why-does-openvpn-give-the-error-unsupported-certificate-purpose-for-an-interm
 https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
 https://github.com/openssl/openssl/issues/6481
--- a/create_conf.sh
+++ b/create_conf.sh
@ -0,0 +1,21 @@
 #!/bin/bash
 mkdir -p conf
 cd conf
 openssl req -nodes -days 3650 -new -x509 -keyout ca.key -out ca.crt -subj "/C=FR/O=scimetis/CN=scimetis.net" 
 openssl dhparam -out dh1024.pem 1024
 openssl req -nodes -new -keyout server.key -out server.csr -subj "/C=FR/O=scimetis/CN=scimetis.net" -reqexts server -config ../openssl.conf
 openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions server -extfile ../openssl.conf -in server.csr -out server.crt
 openssl req -nodes -new -keyout client.key -out client.csr -subj "/C=FR/O=scimetis/CN=serveur Windows" -reqexts usr_cert -config ../openssl.conf
 openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in client.csr -out client.crt
 openssl req -nodes -new -keyout client2.key -out client2.csr -subj "/C=FR/O=scimetis/CN=PC client" -reqexts usr_cert -config ../openssl.conf
 openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -extensions usr_cert -extfile ../openssl.conf -in client2.csr -out client2.crt
 chcon -R -u system_u -r object_r -t svirt_sandbox_file_t ./
 mkdir keys
 mkdir ccd
 cp -a ca.crt ca.srl dh1024.pem server.crt server.key keys/
 echo "ifconfig-push 192.168.102.10 255.255.255.0" > "ccd/serveur Windows"
 cd ..
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,19 @@
 version: "2.1"
 services:
  openvpn-server:
    image: openvpn-server
    ports:
      - 1195:1194/udp
    volumes:
      - ./conf/keys:/etc/openvpn/server/keys
      - ./conf/ccd:/etc/openvpn/server/ccd
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    restart: always
    #entrypoint: /bin/bash
    #privileged: true
    #network_mode: "host"
--- a/openssl.conf
+++ b/openssl.conf
@ -0,0 +1,13 @@
 [req]
 distinguished_name=req_distinguished_name
 [ req_distinguished_name ]
 [usr_cert]
 extendedKeyUsage=clientAuth
 keyUsage = digitalSignature
 [server]
 extendedKeyUsage=serverAuth
 keyUsage = digitalSignature, keyEncipherment