Configuring OpenVPN: Difference between revisions

From Notes to self
Jump to navigation Jump to search
← Older editNewer edit →
Verbovet (talk | contribs)
Bureaucrats, Interface administrators, Administrators
2,627 edits
No edit summary
No edit summary
Line 27: Line 27:
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
</pre>
* The server is ready. On the client, first setup easy-rsa v.3 and customize <code>vars</code> as above.
* Then run:
<pre>
./easyrsa init-pki
./easyrsa gen-req bar nopass
</pre>
</pre>

Revision as of 18:38, 1 December 2019

Let the server be foo, client bar.

  • Setup easy-rsa v.3:
# cd
# git clone http://github.com/OpenVPN/easy-rsa
# cd easy-rsa/easyrsa3
  • To customise defaulr settings,
cp vars.example vars
and edit vars (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
  • Now run (skip nopass if you want to protect the server with a password):
# ./easyrsa init-pki
# ./easyrsa build-ca

# ./easyrsa gen-req foo nopass
# ./easyrsa sign-req server foo

# cd /etc/openvpn/certs/
# openssl dhparam -out dh2048.pem 2048
# cd /etc/openvpn/keys/
# /usr/sbin/openvpn --genkey --secret ta.key

# cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
  • The server is ready. On the client, first setup easy-rsa v.3 and customize vars as above.
  • Then run:
./easyrsa init-pki
./easyrsa gen-req bar nopass
Retrieved from "https://alik.ejik.org/index.php?title=Configuring_OpenVPN&oldid=1931"