Configuring OpenVPN: Difference between revisions

From Notes to self
Jump to navigation Jump to search
← Older editNewer edit →
Verbovet (talk | contribs)
Bureaucrats, Interface administrators, Administrators
2,627 edits
No edit summary
No edit summary
Line 11: Line 11:
:and edit <code>vars</code> (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
:and edit <code>vars</code> (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
[[Category: Linux]]
[[Category: Linux]]
* Now run:
* Now run (skip <code>nopass</code> if you want to protect the server with a password):
<pre>
<pre>
# ./easyrsa init-pki
# ./easyrsa init-pki

Revision as of 18:34, 1 December 2019

Let the server be foo, client bar.

  • Setup easy-rsa v.3:
# cd
# git clone http://github.com/OpenVPN/easy-rsa
# cd easy-rsa/easyrsa3
  • To customise defaulr settings,
cp vars.example vars
and edit vars (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
  • Now run (skip nopass if you want to protect the server with a password):
# ./easyrsa init-pki
# ./easyrsa build-ca

# ./easyrsa gen-req foo nopass
# ./easyrsa sign-req server foo

# cd /etc/openvpn/certs/
# openssl dhparam -out dh2048.pem 2048
# cd /etc/openvpn/keys/
# /usr/sbin/openvpn --genkey --secret ta.key

# cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
Retrieved from "https://alik.ejik.org/index.php?title=Configuring_OpenVPN&oldid=1930"