diff --git a/Dockerfile b/Dockerfile index f36dab62..5335b116 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi ENV OPENVPN=/etc/openvpn ENV EASYRSA=/usr/share/easy-rsa \ EASYRSA_CRL_DAYS=3650 \ - EASYRSA_PKI=$OPENVPN/pki \ - EASYRSA_VARS_FILE=$OPENVPN/vars + EASYRSA_PKI=$OPENVPN/pki VOLUME ["/etc/openvpn"] diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 7207a09e..324b8363 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi ENV OPENVPN /etc/openvpn ENV EASYRSA /usr/share/easy-rsa ENV EASYRSA_PKI $OPENVPN/pki -ENV EASYRSA_VARS_FILE $OPENVPN/vars # Prevents refused client connection because of an expired CRL ENV EASYRSA_CRL_DAYS 3650 diff --git a/README.md b/README.md index 32939649..a9106737 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,8 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq). private key used by the newly generated certificate authority. docker volume create --name $OVPN_DATA - docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM - docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki + docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM + docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki * Start OpenVPN server process @@ -40,11 +40,11 @@ a corresponding [Digital Ocean Community Tutorial](http://bit.ly/1AGUZkq). * Generate a client certificate without a passphrase - docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass + docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass * Retrieve the client configuration with embedded certificates - docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn + docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn ## Next Steps diff --git a/bin/easyrsa_vars b/bin/easyrsa_vars deleted file mode 100755 index e2fb56f2..00000000 --- a/bin/easyrsa_vars +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -# -# Import/export EasyRSA default settings -# - -if [ "$DEBUG" == "1" ]; then - set -x -fi - -set -e - -if [ $# -lt 1 ]; then - echo "No command provided" - echo - echo "$0 export > /path/to/file" - echo "$0 import < /path/to/file" - exit 1 -fi - -cmd=$1 -shift - -case "$cmd" in - export) - if [ -f "$EASYRSA_VARS_FILE" ]; then - cat "$EASYRSA_VARS_FILE" - else - cat "$EASYRSA/vars.example" - fi - ;; - import) - cat > "$EASYRSA_VARS_FILE" - ;; - *) - echo "Unknown cmd \"$cmd\"" - exit 2 - ;; -esac diff --git a/bin/ovpn_initpki b/bin/ovpn_initpki index c7029d2e..14b8ec9e 100755 --- a/bin/ovpn_initpki +++ b/bin/ovpn_initpki @@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh" # Specify "nopass" as arg[2] to make the CA insecure (not recommended!) nopass=$1 -# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence -# in the init-pki script -touch $EASYRSA_VARS_FILE - # Provides a sufficient warning before erasing pre-existing files easyrsa init-pki