Configuring OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
''Based on https://docs.slackware.com/howtos:network_services:openvpn'' | |||
Let the server be ''foo'', client ''bar''. | Let the server be ''foo'', client ''bar''. | ||
Revision as of 18:46, 1 December 2019
Based on https://docs.slackware.com/howtos:network_services:openvpn
Let the server be foo, client bar.
- Setup easy-rsa:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customize default settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run (skip
nopassif you want to protect the server with a password):
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
- The server is ready. On the client, first setup easy-rsa and customize
varsas above. - Then run:
# ./easyrsa init-pki # ./easyrsa gen-req bar nopass
- Copy
pki/reqs/bar.reqto the server. - On the server run:
# ./easyrsa import-req /root/bar.req bar # ./easyrsa sign-req client bar
- Copy
pki/issued/bar.crtto the client.