Configuring OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Let the server be ''foo'', client ''bar''. | Let the server be ''foo'', client ''bar''. | ||
* Setup easy-rsa | * Setup easy-rsa: | ||
<pre> | <pre> | ||
# cd | # cd | ||
| Line 28: | Line 28: | ||
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/ | ||
</pre> | </pre> | ||
* The server is ready. On the client, first setup easy-rsa | * The server is ready. On the client, first setup easy-rsa and customize <code>vars</code> as above. | ||
* Then run: | * Then run: | ||
<pre> | <pre> | ||
Revision as of 18:44, 1 December 2019
Let the server be foo, client bar.
- Setup easy-rsa:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customize default settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run (skip
nopassif you want to protect the server with a password):
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
- The server is ready. On the client, first setup easy-rsa and customize
varsas above. - Then run:
# ./easyrsa init-pki # ./easyrsa gen-req bar nopass
- Copy
pki/reqs/bar.reqto the server. - On the server run:
# ./easyrsa import-req /root/bar.req bar # ./easyrsa sign-req client bar
- Copy
pki/issued/bar.crtto the client.