From dea56279e40433ed9209bb19e0c896683dafaa4e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 25 Sep 2017 21:54:54 +0100
Subject: [PATCH] Don't use ta.key

---
 src/freedombone-app-vpn | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index d3612e6f..5285c22a 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -190,6 +190,7 @@ y
     sed -i 's|ca ca.crt|;ca ca.crt|g' $user_vpn_cert_file
     sed -i 's|cert client.crt|;cert client.crt|g' $user_vpn_cert_file
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
+    sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
 
     echo '<ca>' >> $user_vpn_cert_file
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
@@ -229,11 +230,14 @@ function install_vpn {
         echo $'Example openvpn server config not found'
         exit 783953
     fi
+
+    # server configuration
     gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
     sed -i "s|;push \"redirect-gateway|push \"redirect-gateway|g" /etc/openvpn/server.conf
     sed -i 's|;push "dhcp-option|push "dhcp-option|g' /etc/openvpn/server.conf
     sed -i 's|;user nobody|user nobody|g' /etc/openvpn/server.conf
     sed -i 's|;group nogroup|group nogroup|g' /etc/openvpn/server.conf
+
     echo 1 > /proc/sys/net/ipv4/ip_forward
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
@@ -244,6 +248,7 @@ function install_vpn {
         mkdir /etc/openvpn/easy-rsa/keys
     fi
 
+    # keys configuration
     sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" /etc/openvpn/easy-rsa/vars
     sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" /etc/openvpn/easy-rsa/vars
     sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" /etc/openvpn/easy-rsa/vars
@@ -251,6 +256,8 @@ function install_vpn {
     sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" /etc/openvpn/easy-rsa/vars
     sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" /etc/openvpn/easy-rsa/vars
     sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" /etc/openvpn/easy-rsa/vars
+
+    # generate host keys
     if [ ! -f /etc/openvpn/dh2048.pem ]; then
         openssl dhparam -out /etc/openvpn/dh2048.pem 2048
     fi