]>
description | OpenVPN auto-provisioning |
owner | John Runyon |
last change | Fri, 10 Nov 2023 22:41:47 +0000 (15:41 -0700) |
clone URL | https://jfr.im/git/vpn-prov.git |
cp config.php.example config.php
&& vim config.php
vim base.ovpn
and adjust to tastesta.key
from OpenVPN server into root folder.cd easy-rsa
cp vars.example vars
&& vim vars
mkdir keys && sudo chown <php username> keys
sudo -u <php username> ./build-key <name>
to testsudo -u <php username> ./build-key-server <name>
to create server keys
There is also ./revoke-full <name>
if you should need to revoke a key.To start fresh: rm -rf easy-rsa/keys
Note: the instance of PHP which is running this tool, should be running under a dedicated user account. This ensures the security of the keys.
Production instances should be used like an Apache Alias, i.e. Alias /vpn-prov/ /var/www/vpn-prov/www/
Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share. Optionally create services in GPO to ensure the service is started even if user disabled it.
2023-11-10 | John Runyon | misc updates main | commit | commitdiff | tree | snapshot (tar.bz2 zip tar.gz) |
2023-10-23 | John Runyon | update gpresult to reflect monthly sch task | commit | commitdiff | tree | snapshot (tar.bz2 zip tar.gz) |
2023-10-23 | John Runyon | config.php.example - add LDAP_BASE | commit | commitdiff | tree | snapshot (tar.bz2 zip tar.gz) |
2023-10-23 | John Runyon | init | commit | commitdiff | tree | snapshot (tar.bz2 zip tar.gz) |
5 months ago | main | shortlog | log | tree |