Openvpn: Difference between revisions

From RARForge
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
Info on TAP/bridge
https://help.ubuntu.com/10.04/serverguide/openvpn.html
==Centos 6.4==
==Centos 6.4==


=== Install ===
=== Install ===
* just explains easy rsa/keys
<source>
<source>
yum -y install openvpn easy-rsa
yum -y install openvpn easy-rsa
Line 14: Line 21:


<source>
<source>
cd /etc/openvpn/easy-rsa/
emacs /etc/openvpn/easy-rsa/vars
emacs vars
</source>
</source>
<source>
<source>
Line 28: Line 34:
export KEY_NAME=changeme
export KEY_NAME=changeme
export KEY_OU=changeme
export KEY_OU=changeme
export PKCS11_MODULE_PATH=changeme
</source>
export PKCS11_PIN=1234
 
 
<source>
cd /etc/openvpn/easy-rsa/
source ./vars
./clean-all
./build-ca
</source>
 
 
<source>
cd /etc/openvpn/easy-rsa
./build-key-server server
</source>
<source>
cd /etc/openvpn/easy-rsa
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
</source>
<source>
# TLS key if needed/wanted
cd /etc/openvpn/easy-rsa/keys
openvpn --genkey --secret ta.key
cp ta.key /etc/openvpn/
</source>
 
 
<source>
## this didn't work right..
#./build-key client
#./build-key <client_name>
 
# create your client config (replace hostname with your client hostname)
cd /etc/openvpn/easy-rsa
./pkitool hostname
</source>
</source>
 
 
<source>
emacs /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
</source>
 
 
<source>
cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/
emacs /etc/openvpn/server.conf
</source>
 
 
<source>
chkconfig openvpn on
service start openvpn
</source>
</source>



Latest revision as of 19:01, 29 August 2013

Info on TAP/bridge

https://help.ubuntu.com/10.04/serverguide/openvpn.html

Centos 6.4[edit]

Install[edit]

  • just explains easy rsa/keys

<source> yum -y install openvpn easy-rsa </source>


<source> mkdir -p /etc/openvpn/easy-rsa/keys cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa </source>


<source> emacs /etc/openvpn/easy-rsa/vars </source> <source>

  1. modify variables in file: vars (bottom of file)

export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="SanFrancisco" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain" export KEY_EMAIL=mail@host.domain export KEY_CN=changeme export KEY_NAME=changeme export KEY_OU=changeme </source>


<source> cd /etc/openvpn/easy-rsa/ source ./vars ./clean-all ./build-ca </source>


<source> cd /etc/openvpn/easy-rsa ./build-key-server server </source> <source> cd /etc/openvpn/easy-rsa ./build-dh cd /etc/openvpn/easy-rsa/keys cp dh1024.pem ca.crt server.crt server.key /etc/openvpn </source> <source>

  1. TLS key if needed/wanted

cd /etc/openvpn/easy-rsa/keys openvpn --genkey --secret ta.key cp ta.key /etc/openvpn/ </source>


<source>

    1. this didn't work right..
  1. ./build-key client
  2. ./build-key <client_name>
  1. create your client config (replace hostname with your client hostname)

cd /etc/openvpn/easy-rsa ./pkitool hostname </source> </source>


<source> emacs /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p </source>


<source> cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/ emacs /etc/openvpn/server.conf </source>


<source> chkconfig openvpn on service start openvpn </source>