From bce63c209c0685540517373db22b052b6516db9a Mon Sep 17 00:00:00 2001 From: Evgeniy Ivanov Date: Sun, 24 Jul 2016 14:44:59 +0300 Subject: [PATCH] ECDSA fixed --- config.cfg | 3 +-- configs/.gitinit | 0 templates/easy-rsa.vars.j2 | 4 ++-- templates/ipsec.secrets.j2 | 2 +- templates/mobileconfig.j2 | 4 ++++ 5 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 configs/.gitinit diff --git a/config.cfg b/config.cfg index 197b62b..ac8beb2 100644 --- a/config.cfg +++ b/config.cfg @@ -5,13 +5,12 @@ # secp384r1 # secp521r1 easyrsa_dir: /opt/easy-rsa-ipsec -easyrsa_curve: prime256v1 easyrsa_ca_expire: 3650 easyrsa_cert_expire: 3650 easyrsa_p12_export_password: vpn # if True re-init all existing certificates. Boolean -easyrsa_reinit_existent: False +easyrsa_reinit_existent: True # Domain or ip server_name: www.ivlis.me diff --git a/configs/.gitinit b/configs/.gitinit new file mode 100644 index 0000000..e69de29 diff --git a/templates/easy-rsa.vars.j2 b/templates/easy-rsa.vars.j2 index 6ab31c9..19447c6 100644 --- a/templates/easy-rsa.vars.j2 +++ b/templates/easy-rsa.vars.j2 @@ -102,11 +102,11 @@ set_var EASYRSA_DN "cn_only" # * rsa # * ec -set_var EASYRSA_ALGO rsa +set_var EASYRSA_ALGO ec # Define the named curve, used in ec mode only: -set_var EASYRSA_CURVE {{ easyrsa_curve }} +set_var EASYRSA_CURVE prime256v1 # In how many days should the root CA key expire? diff --git a/templates/ipsec.secrets.j2 b/templates/ipsec.secrets.j2 index 3ddf94b..4cae96e 100644 --- a/templates/ipsec.secrets.j2 +++ b/templates/ipsec.secrets.j2 @@ -1,2 +1,2 @@ -: RSA {{ server_name }}.key +: ECDSA {{ server_name }}.key diff --git a/templates/mobileconfig.j2 b/templates/mobileconfig.j2 index fe8ba42..39847a8 100644 --- a/templates/mobileconfig.j2 +++ b/templates/mobileconfig.j2 @@ -45,6 +45,10 @@ {{ item.0 }} PayloadCertificateUUID 1FB2907D-14D3-4BAB-A472-B304F4B7F7D9 + CertificateType + ECDSA256 + ServerCertificateIssuerCommonName + www.ivlis.me RemoteAddress {{ server_name }} RemoteIdentifier