Provisioning PHP deployment

1. cp config.php.example config.php && vim config.php
2. vim base.ovpn and adjust to tastes
3. Copy ta.key from OpenVPN server into root folder.
4. cd easy-rsa
5. cp vars.example vars && vim vars
   Set KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to sane values
6. mkdir keys && sudo chown <php username> keys
7. Access /init.php to create the necessary files.
   (This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
8. sudo -u <php username> ./build-key <name> to test
9. sudo -u <php username> ./build-key-server <name> to create server keys There is also ./revoke-full <name> if you should need to revoke a key.

To start fresh: rm -rf easy-rsa/keys

Note: the instance of PHP which is running this tool, should be running under a dedicated user account. This ensures the security of the keys.

Production instances should be used like an Apache Alias, i.e. Alias /vpn-prov/ /var/www/vpn-prov/www/

GPO Deployment

Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share. Optionally create services in GPO to ensure the service is started even if user disabled it.