Configuring OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 9: | Line 9: | ||
* To customise defaulr settings, | * To customise defaulr settings, | ||
:<code>cp vars.example vars</code> | :<code>cp vars.example vars</code> | ||
:and edit vars (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS) | :and edit <code>vars</code> (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS) | ||
[[Category: Linux]] | [[Category: Linux]] | ||
* Now run: | |||
<pre> | |||
# ./easyrsa init-pki | |||
# ./easyrsa build-ca | |||
# ./easyrsa gen-req foo nopass | |||
# ./easyrsa sign-req server foo | |||
# cd /etc/openvpn/certs/ | |||
# openssl dhparam -out dh2048.pem 2048 | |||
# cd /etc/openvpn/keys/ | |||
# /usr/sbin/openvpn --genkey --secret ta.key | |||
# cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ | |||
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ | |||
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | |||
</pre> | |||
Revision as of 18:32, 1 December 2019
Let the server be foo, client bar.
- Setup easy-rsa v.3:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customise defaulr settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run:
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/