cert server.crt
key server.key
dh dh2048.pem
-tls-auth ta.key 0
+tls-crypt shared.key
#+END_SRC
Finally, here are the tasks (and handler) required to install and
mode: u=r,g=,o=
loop:
- { src: front-dh2048.pem, dest: dh2048.pem }
- - { src: front-ta.key, dest: ta.key }
+ - { src: front-shared.key, dest: shared.key }
notify: Restart OpenVPN.
- name: Configure OpenVPN.
ca /usr/local/share/ca-certificates/{{ domain_name }}.crt
cert client.crt
key client.key
-tls-auth ta.key 1
+tls-crypt shared.key
#+END_SRC
The tasks that install and configure the OpenVPN client configuration
- name: Install OpenVPN secret.
become: yes
copy:
- src: ../Secret/front-ta.key
- dest: /etc/openvpn/ta.key
+ src: ../Secret/front-shared.key
+ dest: /etc/openvpn/shared.key
mode: u=r,g=,o=
notify: Restart OpenVPN.
cert /etc/server.crt
key /etc/server.key
dh dh2048.pem
-tls-auth ta.key 0
+tls-crypt shared.key
#+END_SRC
Finally, here are the tasks (and handler) required to install and
mode: u=r,g=,o=
loop:
- { src: gate-dh2048.pem, dest: dh2048.pem }
- - { src: gate-ta.key, dest: ta.key }
+ - { src: gate-shared.key, dest: shared.key }
notify: Restart OpenVPN.
- name: Configure OpenVPN.
mysystem "cd Secret/CA; ./easyrsa build-server-full core.$pvt nopass";
mysystem "cd Secret/CA; ./easyrsa build-client-full core nopass";
umask 077;
- mysystem "openvpn --genkey secret Secret/front-ta.key";
- mysystem "openvpn --genkey secret Secret/gate-ta.key";
+ mysystem "openvpn --genkey secret Secret/front-shared.key";
+ mysystem "openvpn --genkey secret Secret/gate-shared.key";
mysystem "openssl dhparam -out Secret/front-dh2048.pem 2048";
mysystem "openssl dhparam -out Secret/gate-dh2048.pem 2048";
<<openvpn-up>>";
if ($type ne "campus") {
- my $TA = read_file "Secret/front-ta.key";
- write_template ($DEV,$UP,$CA,$CRT,$KEY,$TA, $front_addr,
+ my $TC = read_file "Secret/front-shared.key";
+ write_template ($DEV,$UP,$CA,$CRT,$KEY,$TC, $front_addr,
$domain_name, "public.ovpn");
print "Wrote public VPN configuration to public.ovpn.\n";
}
- my $TA = read_file "Secret/gate-ta.key";
- write_template ($DEV,$UP,$CA,$CRT,$KEY,$TA, $gate_wifi_addr,
+ my $TC = read_file "Secret/gate-shared.key";
+ write_template ($DEV,$UP,$CA,$CRT,$KEY,$TC, $gate_wifi_addr,
"gate.$domain_priv", "campus.ovpn");
print "Wrote campus VPN configuration to campus.ovpn.\n";
}
sub write_template ($$$$$$$$$) {
- my ($DEV,$UP,$CA,$CRT,$KEY,$TA,$ADDR,$NAME,$FILE) = @_;
+ my ($DEV,$UP,$CA,$CRT,$KEY,$TC,$ADDR,$NAME,$FILE) = @_;
my $O = new IO::File;
open ($O, ">$FILE.tmp") or die "Could not open $FILE.tmp: $!\n";
print $O "client
<ca>\n$CA</ca>
<cert>\n$CRT</cert>
<key>\n$KEY</key>
-<tls-auth>\n$TA</tls-auth>\n";
+<tls-crypt>\n$TC</tls-crypt>\n";
close $O or die "Could not close $FILE.tmp: $!\n";
rename ("$FILE.tmp", $FILE)
or die "Could not rename $FILE.tmp: $!\n";
--- /dev/null
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+38bb9f2e2ecf092249801644212b9546
+9eee27dad596e738c3b290f814e87136
+4e571cf3cfe990c6e2423c6583f00c4a
+37c4c11bea6c7b70947dd3473792e973
+6106f6a0b0eb96861ade6b2f641e39ca
+59829de1d1d0455afa8510183f6eda5d
+2df99306c448d5d4a52699fdced9d45f
+5cd650e057eeac3b8ee134dfda4a3f36
+dda2fae254a8fffb2a4aafe5b1f9b505
+7087da1a362df472cf27f7b5690eaac5
+4476c76635f9919506e3922aca44ea72
+5d6ea54559619f85b7b6c830a66e8d95
+be0c0b73830784ea463aa1f4b1a837ba
+3f9b90057e30941c6d8ad1ab49a6e4d5
+8215cbe4865e4d0b30f60223dd72b30a
+5c2940c22b1cdc3778d060a3cedbc4d4
+-----END OpenVPN Static key V1-----
+++ /dev/null
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-fdb61812ceb4d5ba83f0016642320cfd
-f1e6632d8a6b08e5a20e009a81ed3e31
-3f4340500a8b3ad21fbb7a42aacb9f36
-dd86d96bae740065e2edea03add75272
-e806c05694fdfb666a8e84ea650e35d5
-c39f20053a525ff16fbba2c28b836a60
-98e3e482205de399c0e965e82b61a83c
-25ff589e395681e8a08ec22115ea4e95
-23b026fa239594cda3b80df28e48a9f9
-023b8b0c0a79ec031cde847781557475
-9eb2702fe2b766c06c6a15d83c3070c3
-f8b7e33dae75ac3814b4e17c07148934
-4e055c8451f663ec555a67a9a86a8616
-9e2c736ee6330ecbafd8c9144bc93350
-8fac74ec0fe2ec823fba7423c54be1d8
-5d8c79c0cec56b4cc7cc7e6dcee71991
------END OpenVPN Static key V1-----
--- /dev/null
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+c5ceb7e1cb1c786f5ad2afd2cc62b2c8
+45fb74fe0116d0e2aad97a9b9066eb30
+6127c851931a6bd97b3e6cf896f09a44
+b0f68b3656d1fa46a73202c0bec5368b
+20f23e743d09826169ffbee8328974ea
+5134e6c1c9050e31aa02f29722e1df2e
+cce6bea69c8ec5d3cf6c1b1b15afcf78
+fad7f12c48436006bab293aba68840cb
+88a358378f326a9f99bf09f21028ddf9
+b85b158bce9745663d74f8fd0b217738
+ae90d4da0d151ea458a961dbfeb8e3e5
+59ccd15678a90fa8da9d567e47e1ca10
+80d8706c7cbf6f10a2055258ec337105
+f567a4be6b758438b74f48a54ce86bdd
+556abbef5bed0c07cd4fc305b22a3195
+6a6e9093ca2efffc299aa94906e95fc4
+-----END OpenVPN Static key V1-----
+++ /dev/null
-#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-1c3632d86e265c77f3ff112183cd715c
-f64febfc4ebd48b6b34847a5718a4c68
-2d86a5fffbd46b157586c59148a62582
-f13c511edf584938f9a985528b141e03
-e1ef39dfdde9ac2b72f3738fd2eb759c
-74e774ccdd4376720c6f598233748dee
-56013726afb984218ed858f099c231b0
-70b18d01d37d81eb42044b2a2752bacf
-3a51f3e3da1fb5fd0826b4940934b4b8
-800a216c252af314144746945c6a78b6
-9e3f4c8b4871c992a10cf413a778402c
-bbaa65c0a82fac9557257abbb3e7bc56
-4e3da795966c7fa86662ea6b9b97cb19
-4cd73356e4b9310ea1f1d5e4c7c17f5c
-2f0e6595af00060a0d4e101fa18236d5
-8820a9e4b6535f72080ff5207e1eeceb
------END OpenVPN Static key V1-----
mysystem "cd Secret/CA; ./easyrsa build-server-full core.$pvt nopass";
mysystem "cd Secret/CA; ./easyrsa build-client-full core nopass";
umask 077;
- mysystem "openvpn --genkey secret Secret/front-ta.key";
- mysystem "openvpn --genkey secret Secret/gate-ta.key";
+ mysystem "openvpn --genkey secret Secret/front-shared.key";
+ mysystem "openvpn --genkey secret Secret/gate-shared.key";
mysystem "openssl dhparam -out Secret/front-dh2048.pem 2048";
mysystem "openssl dhparam -out Secret/gate-dh2048.pem 2048";
up-restart";
if ($type ne "campus") {
- my $TA = read_file "Secret/front-ta.key";
- write_template ($DEV,$UP,$CA,$CRT,$KEY,$TA, $front_addr,
+ my $TC = read_file "Secret/front-shared.key";
+ write_template ($DEV,$UP,$CA,$CRT,$KEY,$TC, $front_addr,
$domain_name, "public.ovpn");
print "Wrote public VPN configuration to public.ovpn.\n";
}
- my $TA = read_file "Secret/gate-ta.key";
- write_template ($DEV,$UP,$CA,$CRT,$KEY,$TA, $gate_wifi_addr,
+ my $TC = read_file "Secret/gate-shared.key";
+ write_template ($DEV,$UP,$CA,$CRT,$KEY,$TC, $gate_wifi_addr,
"gate.$domain_priv", "campus.ovpn");
print "Wrote campus VPN configuration to campus.ovpn.\n";
}
sub write_template ($$$$$$$$$) {
- my ($DEV,$UP,$CA,$CRT,$KEY,$TA,$ADDR,$NAME,$FILE) = @_;
+ my ($DEV,$UP,$CA,$CRT,$KEY,$TC,$ADDR,$NAME,$FILE) = @_;
my $O = new IO::File;
open ($O, ">$FILE.tmp") or die "Could not open $FILE.tmp: $!\n";
print $O "client
<ca>\n$CA</ca>
<cert>\n$CRT</cert>
<key>\n$KEY</key>
-<tls-auth>\n$TA</tls-auth>\n";
+<tls-crypt>\n$TC</tls-crypt>\n";
close $O or die "Could not close $FILE.tmp: $!\n";
rename ("$FILE.tmp", $FILE)
or die "Could not rename $FILE.tmp: $!\n";
- name: Install OpenVPN secret.
become: yes
copy:
- src: ../Secret/front-ta.key
- dest: /etc/openvpn/ta.key
+ src: ../Secret/front-shared.key
+ dest: /etc/openvpn/shared.key
mode: u=r,g=,o=
notify: Restart OpenVPN.
ca /usr/local/share/ca-certificates/{{ domain_name }}.crt
cert client.crt
key client.key
- tls-auth ta.key 1
+ tls-crypt shared.key
dest: /etc/openvpn/front.conf
mode: u=r,g=r,o=
notify: Restart OpenVPN.
mode: u=r,g=,o=
loop:
- { src: front-dh2048.pem, dest: dh2048.pem }
- - { src: front-ta.key, dest: ta.key }
+ - { src: front-shared.key, dest: shared.key }
notify: Restart OpenVPN.
- name: Configure OpenVPN.
cert server.crt
key server.key
dh dh2048.pem
- tls-auth ta.key 0
+ tls-crypt shared.key
dest: /etc/openvpn/server.conf
mode: u=r,g=r,o=
notify: Restart OpenVPN.
mode: u=r,g=,o=
loop:
- { src: gate-dh2048.pem, dest: dh2048.pem }
- - { src: gate-ta.key, dest: ta.key }
+ - { src: gate-shared.key, dest: shared.key }
notify: Restart OpenVPN.
- name: Configure OpenVPN.
cert /etc/server.crt
key /etc/server.key
dh dh2048.pem
- tls-auth ta.key 0
+ tls-crypt shared.key
dest: /etc/openvpn/server.conf
mode: u=r,g=r,o=
notify: Restart OpenVPN.
projects / Institute / commitdiff