Configuring OpenVPN

From Notes to self
Revision as of 18:32, 1 December 2019 by Verbovet (talk | contribs)
Jump to navigation Jump to search

Let the server be foo, client bar.

  • Setup easy-rsa v.3:
# cd
# git clone http://github.com/OpenVPN/easy-rsa
# cd easy-rsa/easyrsa3
  • To customise defaulr settings,
cp vars.example vars
and edit vars (in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
  • Now run:
# ./easyrsa init-pki
# ./easyrsa build-ca

# ./easyrsa gen-req foo nopass
# ./easyrsa sign-req server foo

# cd /etc/openvpn/certs/
# openssl dhparam -out dh2048.pem 2048
# cd /etc/openvpn/keys/
# /usr/sbin/openvpn --genkey --secret ta.key

# cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/
# cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/
Retrieved from "https://alik.ejik.org/index.php?title=Configuring_OpenVPN&oldid=1929"