Configuring OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
''Based on https://docs.slackware.com/howtos:network_services:openvpn'' | |||
Let the server be ''foo'', client ''bar''. | Let the server be ''foo'', client ''bar''. | ||
* Setup easy-rsa | * Setup easy-rsa: | ||
<pre> | <pre> | ||
# cd | # cd | ||
| Line 28: | Line 30: | ||
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | ||
</pre> | </pre> | ||
* The server is ready. On the client, first setup easy-rsa | * The server is ready. On the client, first setup easy-rsa and customize <code>vars</code> as above. | ||
* Then run: | * Then run: | ||
<pre> | <pre> | ||
$ ./easyrsa init-pki | |||
$ ./easyrsa gen-req bar nopass | |||
</pre> | </pre> | ||
* Copy <code>pki/reqs/bar.req</code> to the server. | * Copy <code>pki/reqs/bar.req</code> to the server. | ||
Latest revision as of 19:24, 2 December 2019
Based on https://docs.slackware.com/howtos:network_services:openvpn
Let the server be foo, client bar.
- Setup easy-rsa:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customize default settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run (skip
nopassif you want to protect the server with a password):
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
- The server is ready. On the client, first setup easy-rsa and customize
varsas above. - Then run:
$ ./easyrsa init-pki $ ./easyrsa gen-req bar nopass
- Copy
pki/reqs/bar.reqto the server. - On the server run:
# ./easyrsa import-req /root/bar.req bar # ./easyrsa sign-req client bar
- Copy
pki/issued/bar.crtto the client.