|Jérémy Dubois c3be57410d||3 weeks ago|
|defaults||8 months ago|
|files||3 months ago|
|handlers||8 months ago|
|tasks||3 weeks ago|
|templates||3 weeks ago|
|README.md||6 months ago|
Install and configure OpenVPN, based on our HowtoOpenVPN wiki
Everything is in the
Some manual actions are requested at the end of the playbook, to do before finishing the playbook.
Here is a copy of what is requested :
- You have to manually create the CA on the server with
shellpki init server.example.com. The command will ask you to create a password, and will ask you again to give the same one several times.
- You have to manually generate the CRL on the server with
openssl ca -gencrl -keyfile /etc/shellpki/cakey.key -cert /etc/shellpki/cacert.pem -out /etc/shellpki/crl.pem -config /etc/shellpki/openssl.cnf. The previously created password will be asked.
- You have to manually create the server's certificate with
shellpki create server.example.com.
- You have to adjust the config file
/etc/openvpn/server.conffor the following parameters :
push(to complete if needed).
- Finally, you can (re)start the OpenVPN service with
systemctl restart firstname.lastname@example.org Debian, or
rcctl restart openvpnon OpenBSD.
Then, you can use
shellpki to generate client certificates.
openvpn_lan: network to use for OpenVPN
openvpn_netmask: netmask of the network to use for OpenVPN
openvpn_netmask_cidr: automatically generated prefix length of the netmask, in CIDR notation
- Files in
files/shellpki/*are gotten from the upstream shellpki and must be updated when the upstream is.