Configuring OpenVPN
Let the server be foo, client bar.
- Setup easy-rsa v.3:
# cd # git clone http://github.com/OpenVPN/easy-rsa # cd easy-rsa/easyrsa3
- To customise defaulr settings,
cp vars.example vars- and edit
vars(in particular, the variables EASYRSA_CA_EXPIRE, EASYRSA_CERT_EXPIRE, and EASYRSA_CRL_DAYS)
- Now run (skip
nopassif you want to protect the server with a password):
# ./easyrsa init-pki # ./easyrsa build-ca # ./easyrsa gen-req foo nopass # ./easyrsa sign-req server foo # cd /etc/openvpn/certs/ # openssl dhparam -out dh2048.pem 2048 # cd /etc/openvpn/keys/ # /usr/sbin/openvpn --genkey --secret ta.key # cp /root/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/issued/foo.crt /etc/openvpn/certs/ # cp /root/easy-rsa/easyrsa3/pki/private/foo.key /etc/openvpn/keys/