cdwilson · July 7, 2012 21:49
diff --git a/setup_bridged_vpn.sh b/setup_bridged_vpn.sh
 #!/bin/sh

 # Ubuntu 12.04

 # https://help.ubuntu.com/12.04/serverguide/openvpn.html

 # don't actually run this as a script
 exit 0

 # setup airport to port forward 1194 to OpenVPN server

 sudo apt-get -y install openvpn bridge-utils

 sudo mkdir /etc/openvpn/easy-rsa/
 sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

 # edit /etc/openvpn/easy-rsa/vars:
 # export KEY_COUNTRY="US"
 # export KEY_PROVINCE="NC"
 # export KEY_CITY="Winston-Salem"
 # export KEY_ORG="Example Company"
 # export KEY_EMAIL="[email protected]"

 # CA
 cd /etc/openvpn/easy-rsa/
 # whichopensslcnf was broken so I had to hard code:
 # export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"
 source vars
 ./clean-all
 ./build-ca

 # server certs
 ./build-key-server server
 ./build-dh
 cd keys/
 cp server.crt server.key ca.crt dh1024.pem /etc/openvpn/

 # client certs
 cd /etc/openvpn/easy-rsa/
 source vars
 ./build-key client1
 # copy the following files to the client using a secure method:
 #    /etc/openvpn/ca.crt
 #    /etc/openvpn/easy-rsa/keys/client1.crt
 #    /etc/openvpn/easy-rsa/keys/client1.key

 # server config
 sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
 sudo gzip -d /etc/openvpn/server.conf.gz
 # edit /etc/openvpn/server.conf:
 # script-security 2
 # dev tap
 # ;dev tun
 # up "/etc/openvpn/up.sh br0 eth0"
 # ca ca.crt
 # cert server.crt
 # key server.key 
 # dh dh1024.pem
 # ;server 10.8.0.0 255.255.255.0
 # server-bridge 10.0.1.204 255.255.255.0 10.0.1.50 10.0.1.99

 # FYI, initially, i wasn't able to connect because I hadn't specified "script-security 2"
 # inspecting /var/log/syslog revealed: 
 #   NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
 #   ...
 #   WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
 #   WARNING: Failed running command (--up/--down): external program fork failed
 #   Exiting

 # client config
 # install openvpn client on OSX, http://code.google.com/p/tunnelblick/
 sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
 # edit /etc/openvpn/client.conf:
 # dev tap
 # ;dev tun
 # remote vpn.cdwilson.us 1194
 # ca ca.crt
 # cert client1.crt
 # key client1.key

 # start openvpn on the server
 sudo service openvpn start

 # install the client.conf and keys on the client, and connect!
	#!/bin/sh

	# Ubuntu 12.04

	# https://help.ubuntu.com/12.04/serverguide/openvpn.html

	# don't actually run this as a script
	exit 0

	# setup airport to port forward 1194 to OpenVPN server

	sudo apt-get -y install openvpn bridge-utils

	sudo mkdir /etc/openvpn/easy-rsa/
	sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

	# edit /etc/openvpn/easy-rsa/vars:
	# export KEY_COUNTRY="US"
	# export KEY_PROVINCE="NC"
	# export KEY_CITY="Winston-Salem"
	# export KEY_ORG="Example Company"
	# export KEY_EMAIL="[email protected]"

	# CA
	cd /etc/openvpn/easy-rsa/
	# whichopensslcnf was broken so I had to hard code:
	# export KEY_CONFIG="$EASY_RSA/openssl-1.0.0.cnf"
	source vars
	./clean-all
	./build-ca

	# server certs
	./build-key-server server
	./build-dh
	cd keys/
	cp server.crt server.key ca.crt dh1024.pem /etc/openvpn/

	# client certs
	cd /etc/openvpn/easy-rsa/
	source vars
	./build-key client1
	# copy the following files to the client using a secure method:
	# /etc/openvpn/ca.crt
	# /etc/openvpn/easy-rsa/keys/client1.crt
	# /etc/openvpn/easy-rsa/keys/client1.key

	# server config
	sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
	sudo gzip -d /etc/openvpn/server.conf.gz
	# edit /etc/openvpn/server.conf:
	# script-security 2
	# dev tap
	# ;dev tun
	# up "/etc/openvpn/up.sh br0 eth0"
	# ca ca.crt
	# cert server.crt
	# key server.key
	# dh dh1024.pem
	# ;server 10.8.0.0 255.255.255.0
	# server-bridge 10.0.1.204 255.255.255.0 10.0.1.50 10.0.1.99

	# FYI, initially, i wasn't able to connect because I hadn't specified "script-security 2"
	# inspecting /var/log/syslog revealed:
	# NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
	# ...
	# WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.
	# WARNING: Failed running command (--up/--down): external program fork failed
	# Exiting

	# client config
	# install openvpn client on OSX, http://code.google.com/p/tunnelblick/
	sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
	# edit /etc/openvpn/client.conf:
	# dev tap
	# ;dev tun
	# remote vpn.cdwilson.us 1194
	# ca ca.crt
	# cert client1.crt
	# key client1.key

	# start openvpn on the server
	sudo service openvpn start

	# install the client.conf and keys on the client, and connect!