wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-06 23:24:01 +02:00
Code Issues Projects Releases Wiki Activity

export p12 added

Browse source
This commit is contained in:
Evgeniy Ivanov 2016-07-12 21:05:06 +03:00
parent ec90d2acc7
commit 63e67cb3a6
3 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.cfg
View file

@ -13,7 +13,7 @@ easyrsa_cert_expire: 3650
easyrsa_reinit_existent: True
# Domain or ip
server_name: "win7.mycompany.local"
server_name: ivlis.me
server_ip: "{{ ansible_ssh_host }}"
users:

3
templates/ipsec.conf.j2
View file

@ -8,7 +8,6 @@ conn %default
rekey=no
keyexchange=ikev2
ike=aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
esp=aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,aes128-aes256-sha1-sha256,aes128-sha1,3des-sha1!
compress=yes
fragmentation=yes
@ -21,7 +20,7 @@ conn %default
leftsubnet=0.0.0.0/0,::/0
right=%any
#rightauth=pubkey
rightauth=pubkey
rightsourceip=10.0.0.0/24
rightdns=8.8.8.8,8.8.4.4

6
vpn.yml
View file

@ -78,7 +78,7 @@
- name: Build the server pair
shell: |
./easyrsa --subject-alt-name=DNS:{{ server_name }} build-server-full {{ server_name }} nopass
./easyrsa --subject-alt-name=DNS:{{ server_name }},IP:{{ server_ip }} build-server-full {{ server_name }} nopass
touch '{{ easyrsa_dir }}/easyrsa3/pki/server_initialized'
args:
chdir: '{{ easyrsa_dir }}/easyrsa3/'
@ -88,7 +88,7 @@
- name: Build the client's pair
shell: |
./easyrsa --subject-alt-name=DNS:{{ server_name }} build-client-full {{ item }} nopass
./easyrsa --subject-alt-name=DNS:{{ server_name }},IP:{{ server_ip }} build-client-full {{ item }} nopass
touch '{{ easyrsa_dir }}/easyrsa3/pki/{{ item }}_initialized'
args:
chdir: '{{ easyrsa_dir }}/easyrsa3/'
@ -97,7 +97,7 @@
- name: Build the client's p12
shell: |
./easyrsa export-p12 {{ item }} nopass
openssl pkcs12 -in {{ easyrsa_dir }}/easyrsa3//pki/issued/{{ item }}.crt -inkey {{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.key -export -name {{ item }} -out /{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 -certfile {{ easyrsa_dir }}/easyrsa3//pki/ca.crt -passout pass:vpn
touch '{{ easyrsa_dir }}/easyrsa3/pki/{{ item }}_p12_initialized'
args:
chdir: '{{ easyrsa_dir }}/easyrsa3/'