From: John Runyon <redacted>
Date: Mon, 23 Oct 2023 19:32:00 +0000 (-0600)
Subject: misc updates
X-Git-Url: https://jfr.im/git/vpn-prov.git/commitdiff_plain/02449cb16716b209d37a41b535d39dd149b3b064

misc updates
---

diff --git a/README.md b/README.md
index ec43625..aa40217 100644
--- a/README.md
+++ b/README.md
@@ -8,9 +8,9 @@
 1. `mkdir keys && sudo chown <php username> keys`
 1. Access /init.php to create the necessary files.  
    (This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
-1. `./build-ca`
-1. `./build-key <name>` to test
-1. `./build-key-server <name>` to create server keys
+1. `sudo -u <php username> ./build-key <name>` to test
+1. `sudo -u <php username> ./build-key-server <name>` to create server keys
+   There is also `./revoke-full <name>` if you should need to revoke a key.
 
 To start fresh: `rm -rf easy-rsa/keys`
 
diff --git a/create-cert.sh b/create-cert.sh
index 9adb2c8..072f061 100755
--- a/create-cert.sh
+++ b/create-cert.sh
@@ -17,6 +17,7 @@ $(cat ta.key)
 </tls-auth>
 
 <ca>
+$(cat easy-rsa/keys/rootca.crt)
 $(cat easy-rsa/keys/ca.crt)
 </ca>
 
diff --git a/easy-rsa/keys/index.txt.attr b/easy-rsa/keys/index.txt.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/easy-rsa/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/easy-rsa/revoke-full b/easy-rsa/revoke-full
index 439f6a0..d3514e4 100755
--- a/easy-rsa/revoke-full
+++ b/easy-rsa/revoke-full
@@ -21,7 +21,15 @@ if [ "$KEY_DIR" ]; then
     export KEY_NAME=""
 
     # revoke key and generate a new CRL
-    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+    if [ -f "$1.crt" ]; then
+        crtname="$1.crt"
+    elif [ -f "$1.pem" ]; then
+        crtname="$1.pem"
+    else
+        echo "That certificate doesn't exist ($1.crt or $1.pem)"
+        exit
+    fi
+    $OPENSSL ca -revoke "$crtname" -config "$KEY_CONFIG"
 
     # generate a new CRL -- try to be compatible with
     # intermediate PKIs
@@ -33,7 +41,7 @@ if [ "$KEY_DIR" ]; then
     fi
 
     # verify the revocation
-    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+    $OPENSSL verify -CAfile "$RT" -crl_check "$crtname"
 else
     echo 'Please source the vars script first (i.e. "source ./vars")'
     echo 'Make sure you have edited it to reflect your configuration.'
diff --git a/gpresult.html b/gpresult.html
index ad6f1a1..c1cdc31 100755
Binary files a/gpresult.html and b/gpresult.html differ
diff --git a/install-openvpn.bat b/install-openvpn.bat
index 2ba9883..ac385bb 100755
--- a/install-openvpn.bat
+++ b/install-openvpn.bat
@@ -1,5 +1,7 @@
+if not exist "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" del "C:\Program Files\OpenVPN\config-auto\*.ovpn" "C:\Program Files\OpenVPN\config\*.ovpn"
+
 mkdir "C:\Program Files\OpenVPN\config-auto"
-curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov-%COMPUTERNAME%.ovpn" "https://example.com/vpn-prov/create.php"
+curl -u : --negotiate -o "C:\Program Files\OpenVPN\config-auto\vpnprov.ovpn" "https://example.com/vpn-prov/create.php"
 
 start /wait msiexec /i \\server\share\OpenVPN-2.6.6-I001-amd64.msi /quiet /qn /norestart /log c:\windows\temp\openvpn.msi.log ADDLOCAL=OpenVPN.Service,Drivers.OvpnDco,OpenVPN,Drivers,Drivers.TAPWindows6,Drivers.Wintun