Openvpn: Difference between revisions
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Info on TAP/bridge | |||
https://help.ubuntu.com/10.04/serverguide/openvpn.html | |||
==Centos 6.4== | ==Centos 6.4== | ||
=== Install === | === Install === | ||
* just explains easy rsa/keys | |||
<source> | <source> | ||
yum -y install openvpn easy-rsa | yum -y install openvpn easy-rsa | ||
Line 14: | Line 21: | ||
<source> | <source> | ||
emacs /etc/openvpn/easy-rsa/vars | |||
</source> | </source> | ||
<source> | <source> | ||
Line 28: | Line 34: | ||
export KEY_NAME=changeme | export KEY_NAME=changeme | ||
export KEY_OU=changeme | export KEY_OU=changeme | ||
</source> | |||
<source> | |||
cd /etc/openvpn/easy-rsa/ | |||
source ./vars | |||
./clean-all | |||
./build-ca | |||
</source> | |||
<source> | |||
cd /etc/openvpn/easy-rsa | |||
./build-key-server server | |||
</source> | |||
<source> | |||
cd /etc/openvpn/easy-rsa | |||
./build-dh | |||
cd /etc/openvpn/easy-rsa/keys | |||
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn | |||
</source> | |||
<source> | |||
# TLS key if needed/wanted | |||
cd /etc/openvpn/easy-rsa/keys | |||
openvpn --genkey --secret ta.key | |||
cp ta.key /etc/openvpn/ | |||
</source> | |||
<source> | |||
## this didn't work right.. | |||
#./build-key client | |||
#./build-key <client_name> | |||
# create your client config (replace hostname with your client hostname) | |||
cd /etc/openvpn/easy-rsa | |||
./pkitool hostname | |||
</source> | |||
</source> | |||
<source> | |||
emacs /etc/sysctl.conf | |||
net.ipv4.ip_forward = 1 | |||
sysctl -p | |||
</source> | |||
<source> | |||
cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/ | |||
emacs /etc/openvpn/server.conf | |||
</source> | |||
<source> | |||
chkconfig openvpn on | |||
service start openvpn | |||
</source> | </source> | ||
Latest revision as of 19:01, 29 August 2013
Info on TAP/bridge
https://help.ubuntu.com/10.04/serverguide/openvpn.html
Centos 6.4[edit]
Install[edit]
- just explains easy rsa/keys
<source> yum -y install openvpn easy-rsa </source>
<source>
mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
</source>
<source>
emacs /etc/openvpn/easy-rsa/vars
</source>
<source>
- modify variables in file: vars (bottom of file)
export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="SanFrancisco" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain" export KEY_EMAIL=mail@host.domain export KEY_CN=changeme export KEY_NAME=changeme export KEY_OU=changeme </source>
<source>
cd /etc/openvpn/easy-rsa/
source ./vars
./clean-all
./build-ca
</source>
<source>
cd /etc/openvpn/easy-rsa
./build-key-server server
</source>
<source>
cd /etc/openvpn/easy-rsa
./build-dh
cd /etc/openvpn/easy-rsa/keys
cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
</source>
<source>
- TLS key if needed/wanted
cd /etc/openvpn/easy-rsa/keys openvpn --genkey --secret ta.key cp ta.key /etc/openvpn/ </source>
<source>
- this didn't work right..
- ./build-key client
- ./build-key <client_name>
- create your client config (replace hostname with your client hostname)
cd /etc/openvpn/easy-rsa ./pkitool hostname </source> </source>
<source>
emacs /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
</source>
<source>
cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/
emacs /etc/openvpn/server.conf
</source>
<source>
chkconfig openvpn on
service start openvpn
</source>