PKI build for static public IP addresses?

[gadams999]

Hi,

Totally loving this approach to OpenVPN and it's made my life easier to deploy! I'm pretty new to OpenVPN and the entire easy RSA process, but trying to determine if I can do the following:

1. Deploying docker-openvpn to multiple hosts with shared $OVPN_DATA data store where only one host is setting up the PKI
2. All static IP address (1-4) available to the host performing PKI setup
3. Using the ovpn_genconfig and ovpn_initpki, create a server certificate with all IP addresses as part of CN or SAN
4. Optionally, a client's outputted config file has remote entries for all endpoints

If there isn't the ability to do this directly, that's cool, just thought I'd see if there are approaches that could help get an OpenVPN setup that aligns with non-changing static IP addresses instead of FQDN.

[gadams999]

Okay, I've made progress on this. Modified the ovpn_initpki script to take arguments like the ovpn_genconfig, so that subject alternate names can work. In doing so, I had to add an option for nopass as well, so a pull request would be a breaking change.

The docker run command changes from ovpn_initpki nopass to ovpn_initpki -n -s "DNS:1.1.1.1;DNS:2.2.2.2", where -n is the flag for nopass.

Thoughts on the -n flag vs positional argument? I could add logic to check is $1 is equal to nopass or the start of options.