Configuring OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
''Based on https://docs.slackware.com/howtos:network_services:openvpn'' | |||
Let the server be ''foo'', client ''bar''. | Let the server be ''foo'', client ''bar''. | ||
* Setup easy-rsa | * Setup easy-rsa: | ||
<pre> | <pre> | ||
# cd | # cd | ||
| Line 7: | Line 9: | ||
# cd easy-rsa/easyrsa3 | # cd easy-rsa/easyrsa3 | ||
</pre> | </pre> | ||
* To | * To customize default settings, | ||
:<code>cp vars.example vars</code> | :<code>cp vars.example vars</code> | ||
:and edit vars (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS) | :and edit <code>vars</code> (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS) | ||
[[Category: Linux]] | [[Category: Linux]] | ||
* Now run (skip <code>nopass</code> if you want to protect the server with a password): | |||
<pre> | |||
# ./easyrsa init-pki | |||
# ./easyrsa build-ca | |||
# ./easyrsa gen-req foo nopass | |||
# ./easyrsa sign-req server foo | |||
# cd /etc/openvpn/certs/ | |||
# openssl dhparam -out dh2048.pem 2048 | |||
# cd /etc/openvpn/keys/ | |||
# /usr/sbin/openvpn --genkey --secret ta.key | |||
# cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ | |||
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ | |||
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | |||
</pre> | |||
* The server is ready. On the client, first setup easy-rsa and customize <code>vars</code> as above. | |||
* Then run: | |||
<pre> | |||
$ ./easyrsa init-pki | |||
$ ./easyrsa gen-req bar nopass | |||
</pre> | |||
* Copy <code>pki/reqs/bar.req</code> to the server. | |||
* On the server run: | |||
<pre> | |||
# ./easyrsa import-req /root/bar.req bar | |||
# ./easyrsa sign-req client bar | |||
</pre> | |||
* Copy <code>pki/issued/bar.crt</code> to the client. | |||
Latest revision as of 19:24, 2 December 2019
Based on https://docs.slackware.com/howtos:network_services:openvpn
Let the server be foo, client bar.
- Setup easy-rsa:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customize default settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run (skip
nopassif you want to protect the server with a password):
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
- The server is ready. On the client, first setup easy-rsa and customize
varsas above. - Then run:
$ ./easyrsa init-pki $ ./easyrsa gen-req bar nopass
- Copy
pki/reqs/bar.reqto the server. - On the server run:
# ./easyrsa import-req /root/bar.req bar # ./easyrsa sign-req client bar
- Copy
pki/issued/bar.crtto the client.