Vpn: Use crl.

Vpn: Add info on user revokation.
Vpn: Fix days arg.
2024-11-27 16:42:00 +03:00 · 2024-11-27 16:41:58 +03:00 · 2024-11-27 16:41:57 +03:00 · 2024-11-27 16:41:55 +03:00
1 changed files with 11 additions and 4 deletions
--- a/container/Vpn.nix
+++ b/container/Vpn.nix
@ -1,9 +1,15 @@
-# easyrsa init-pki
+# easyrsa --days=36500 init-pki
-# easyrsa build-ca
+# easyrsa --days=36500 build-ca
-# easyrsa build-server-full <SERVER_NAME> nopass
+# easyrsa --days=36500 build-server-full <SERVER_NAME> nopass
-# easyrsa build-client-full <CLIENT_NAME> nopass
+# easyrsa --days=36500 build-client-full <CLIENT_NAME> nopass
 # easyrsa gen-crl
 # openssl dhparam -out dh2048.pem 2048
 # Don't forget to set tls hostname on the client to match SERVER_NAME *AND* disable ipv6 ?
 # easyrsa revoke <CLIENT_NAME>
 # easyrsa gen-crl
 # restart container
 # SEE: https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/server.conf
 # SRC: https://github.com/TinCanTech/easy-tls
 {
@ -86,6 +92,7 @@ in {
 						ca /data/pki/ca.crt
 						cert /data/pki/issued/home.crt
 						client-to-client
 						crl-verify /data/pki/crl.pem
 						dev tun
 						dh /data/dh2048.pem
 						explicit-exit-notify 1
Author	SHA1	Message	Date
Dmitry Voronin	372ba8bfad	Vpn: Use crl.	2024-11-27 16:42:00 +03:00
Dmitry Voronin	6450658e27	Vpn: Add info on user revokation.	2024-11-27 16:41:58 +03:00
Dmitry Voronin	95d17c2ddb	Vpn: Fix days arg.	2024-11-27 16:41:57 +03:00
Dmitry Voronin	255de1df52	Vpn: Add a note on cert expirity configuration.	2024-11-27 16:41:55 +03:00