+#!/bin/bash
+
+# create host key signed by CA
+# presumes standard directory of strongswan
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+echo "Entering strongswan config directory..."
cd /etc/strongswan/ipsec.d/
strongswan pki --gen --type rsa --size 2048 \
--outform pem \
strongswan pki --issue --lifetime 730 \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
- --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
- --san 207.148.98.140 \
+ --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
+ --san $VPN_IP_ADDRESS \
--flag serverAuth --flag ikeIntermediate \
--outform pem > certs/vpnHostCert.pem