supereasyrsa
At some point I got confused and lost a couple of days in confusion using the "new" easyrsa-3 script, then I threw together this small script to streamline the configuration of simple pki for openvpn.
Dependencies: tput openvpn openssl git
Usage: #0. Prepare a list of users and key passwords for your clients, as well as a PEM password
#1. Put this script in an empty directory directory, dedicated to a VPN
#2. Set the variables: Edit the variable section of the script to suit your needs #Variables:
##Server name (name that will define your server) servername="MyServer"
##Clients with password (list of clients, separated by a space) clientsnamesec="Client_01 Client_02 Client_03"
##Clients without password (list servers and mobiles - separated by a space)
note that I include mobiles here because the android version bugs when a key is password protected
Also, beware to ensure strong security on the mobile devised with VPN installed!!!
clientsnamenonsec="otherserver mymobile"
IP where the VPN is listening on
serverlistip="1.2.3.4"
##public IP where the clients try to connect to serverip="1.2.3.4"
##server's listening port (port the server is listening on) serverlistport="1194"
##port where the clients connect to serverport="1194"
##LAN range to route lanrange="172.28.25.0"
##ip from local lan dns (as the clients could use specific local resolving inside vpn) dnsip="172.28.25.1"
##bits - don't change unless sure biits="4096"
#3. Launch script - it should drive you through the generation of the keys and conf files.
#4. sorted output will be located in "keys" directory (at same level as clients and server)