RecentChanges TextFormattingRules AllWikiTopics OrphanedWikiTopics ToDoWikiTopics WikiLockList RSS Export2HTML WikiSearch SetUsername StartingPoints Home |
vpn:openvpn @Aug 16, 2013 3:06:56 PM
To quote from http://openvpn.net/
"OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol" I'm going to create one VPN server and allow some clients to connect to it. This might be useful if you have one server on the Internet and others that need to create secure Virtual Private Networks to it. ServerInstall on the software. Ubuntu would be like this (my server is Red Hat and I forget how I installed, because it was that long ago)sudo apt-get -y install openvpn Copy the easy-rsa scripts from the install directory to /etc/openvpn. The source directory is different between Red Hat sudo cp -ar /usr/share/doc/openvpn-2.0/easy-rsa /etc/openvpn # Red Hat Make that directory more secure, as it's going to hold server and client certificates and keys cd /etc/openvpn/easy-rsa Clean and edit the environment variables, which saves a lot of typing in the next part, and check the keys folder is clean init-config # this script does not exist on Ubuntu and build the SSL ca certificate. Take the defaults, which you set in the vars file above sh ./build-ca Build the server's keys. Take the defaults, which you set in the vars file above, but make sure you set the Common Name to your servers hostname and answer y to the two questions at the end sh ./build-key-server server Build any client's keys. Take the defaults, which you set in the vars file above and answer y to the two questions at the end sh ./build-key client1 Build the Diffie-Hellman parameter (key) file sh ./build-dh Copy the server's certificates and keys to /etc/openvpn cp -a keys/ca.crt keys/server.crt keys/server.key keys/dh1024.pem ../ Copy the default server config file from the install directory to /etc/openvpn cd /etc/openvpn/ I suggest you keep those files as secure as you can on the server boxe. chmod 600 /etc/openvpn/dh1024.pem /etc/openvpn/ca.crt Edit the Open VPN server's config file vi /etc/openvpn/server.conf My server's config file looks like this, if I remove all the comments port 1194 Restart the OpenVPN service /etc/init.d/openvpn restart # Red Hat Did you remember to exit from the root shell on your server? ClientInstall on the server.sudo apt-get -y install openvpn Securely copy the certificate and keys from your server, where you just built them, to your client boxes. On the server the files are... /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client1.crt /etc/openvpn/easy-rsa/keys/client1.keyPut those files into /etc/openvpn Copy the default client config file from the install directory to /etc/openvpn cd /etc/openvpn I suggest you keep those files as secure as you can on the client boxes. chmod 600 /etc/openvpn/client.conf /etc/openvpn/ca.crt Edit the Open VPN server's config file vi /etc/openvpn/client.conf My client's config file looks like this, if I remove all the comments: client Restart the OpenVPN service /etc/init.d/openvpn restart # Red Hat Did you remember to exit from the root shell on your client? |