README.rdoc in vpnmaker-1.0.8 vs README.rdoc in vpnmaker-1.0.9

- old
+ new

@@ -1,13 +1,21 @@ -most of the code was stolen from here: http://github.com/pc/vpnmaker -i made a gem and converted it to use haml +most of the code was stolen from here: http://github.com/pc/vpnmaker, thank you! +i made a gem, converted it to use haml, added bin/vpnmaker cli = VPNMaker VPNMaker takes the teetering jankiness out of setting up and administering OpenVPN. -== Key management +It comes without any guarantees, the code seems to work for me, your mileage will invariably vary! +== Usage +* vpnmaker -h is your best friend +help format sucks, but it's better then using easy-rsa or doing openssl by hand +== Example +>>#vpnmaker init cli conf_name new_dir_path country province city organization organization_unit common_name key_name email +== From the forked version: +=== Key management + To set up your VPN, run: irb -r vpnmaker >> VPNMaker.generate('foocorp', '/root') @@ -65,11 +73,11 @@ >> mgr.user('joe') => {:user=>"joe", :revoked=>[0, 1], :email=>"joe.bloggs@foocorp.com", :name=>"Joe Bloggs", :modified=>Mon Oct 11 11:32:10 -0700 2010, :active_key=>1} Which does the same revocation as in <tt>regenerate_user</tt>, but doesn't generate new keys. -== OpenVPN management +=== OpenVPN management To get OpenVPN set up, you should go back and edit <tt>foocorp.config.yaml</tt>, and add the following section: :server: :base_ip: 10.10.10.0 @@ -84,8 +92,8 @@ >> puts mgr.config_generator.server Which will output a config file that you can copy and paste into <tt>openvpn.conf</tt> on your server. You'll want make sure that the following files exist in <tt>/root/openvpn</tt> (or whatever your root directory is): <tt>ca.crt</tt> (so that the server can verify the validity of client certificates), <tt>dh.pem</tt> (for encryption of the connection), <tt>server.crt</tt> (the server's public key), <tt>server.key</tt> (the server's private key), <tt>ta.key</tt> (shared secret between server and clients), and <tt>crl.pem</tt> (so that the server will reject revoked certificates). -== OpenVPN client +=== OpenVPN client Each client will need: <tt>user.key</tt>, <tt>user.crt</tt>, <tt>ca.crt</tt> and <tt>ta.key</tt>. Make sure to enable tls-auth = 1.