OpenVPN
apt-get install openvpn
cd /usr/share/doc/openvpn/examples/easy-rsa/
vi vars
. vars
./clean-all
./build-ca
./build-key-server server
當中問到 "Common Name" 設成 "server"
會產生
01.pem
server.crt
server.csr
server.key
./build-key client1
Generate Diffie Hellman parameters
./build-dh
cp -r keys /etc/openvpn/
cd /etc/openvpn/keys
openvpn --genkey --secret ta.key
/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "redirect-gateway"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
daemon
status openvpn-status.log
verb 3
Filename Needed By Purpose Secret
--------------------------------------------------------------------------
ca.crt server + all clients Root CA certificate NO
ca.key key signing machine only Root CA key YES
dh{n}.pem server only Diffie Hellman parameters NO
server.crt server only Server Certificate NO
server.key server only Server Key YES
client1.crt client1 only Client1 Certificate NO
client1.key client1 only Client1 Key YES
client2.crt client2 only Client2 Certificate NO
client2.key client2 only Client2 Key YES
client3.crt client3 only Client3 Certificate NO
client3.key client3 only Client3 Key YES
ta.key server + all clients YES
--------------------------------------------------------------------------
Clients Side
http://openvpn.net/download.html
or http://openvpn.net/download_action.php?openvpn-2.0.9-install.exe
/Programs Files/openvpn/conf
在 client1 端機器上修改 client.conf
----------------------------------
# 本台是當 client
client
dev tun
proto udp
# vpn server 的 ip 及 port
remote your_vpn_server_ip_address 1194
# 執行時的身份
user nobody
group nogroup
persist-key
persist-tun
tls-client
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
ns-cert-type server
comp-lzo
daemon
參考文獻
OpenVPN 2.0 HOWTO
Moto Debian Discussion Group
Setting Up OpenVPN
cd /usr/share/doc/openvpn/examples/easy-rsa/
vi vars
. vars
./clean-all
./build-ca
./build-key-server server
當中問到 "Common Name" 設成 "server"
會產生
01.pem
server.crt
server.csr
server.key
./build-key client1
Generate Diffie Hellman parameters
./build-dh
cp -r keys /etc/openvpn/
cd /etc/openvpn/keys
openvpn --genkey --secret ta.key
/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "redirect-gateway"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
daemon
status openvpn-status.log
verb 3
Filename Needed By Purpose Secret
--------------------------------------------------------------------------
ca.crt server + all clients Root CA certificate NO
ca.key key signing machine only Root CA key YES
dh{n}.pem server only Diffie Hellman parameters NO
server.crt server only Server Certificate NO
server.key server only Server Key YES
client1.crt client1 only Client1 Certificate NO
client1.key client1 only Client1 Key YES
client2.crt client2 only Client2 Certificate NO
client2.key client2 only Client2 Key YES
client3.crt client3 only Client3 Certificate NO
client3.key client3 only Client3 Key YES
ta.key server + all clients YES
--------------------------------------------------------------------------
Clients Side
http://openvpn.net/download.html
or http://openvpn.net/download_action.php?openvpn-2.0.9-install.exe
/Programs Files/openvpn/conf
在 client1 端機器上修改 client.conf
----------------------------------
# 本台是當 client
client
dev tun
proto udp
# vpn server 的 ip 及 port
remote your_vpn_server_ip_address 1194
# 執行時的身份
user nobody
group nogroup
persist-key
persist-tun
tls-client
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
ns-cert-type server
comp-lzo
daemon
參考文獻
OpenVPN 2.0 HOWTO
Moto Debian Discussion Group
Setting Up OpenVPN
Comments