wiki:TipAndDoc/network/vpn/openvpn/purebridge

OpenVPN with no "server-bridge"

  • OpenVPN 2.1.0 with Ubuntu lucid

making certs

  • vpnserver:~$ sudo aptitude install -R openvpn bridge-utils -y
  • vpnserver:~$ sudo cp -av /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa
  • vpnserver:~$ sudo vim /etc/openvpn/easy-rsa/vars
  • root@vpnserver:/etc/openvpn/easy-rsa# . ./vars
  • root@vpnserver:/etc/openvpn/easy-rsa# ./clean-all
  • root@vpnserver:/etc/openvpn/easy-rsa# ./build-ca
    writing new private key to 'ca.key'
    -----
    
    The Subject's Distinguished Name is as follows
    countryName           :PRINTABLE:'JP'
    stateOrProvinceName   :PRINTABLE:'Ibraki'
    localityName          :PRINTABLE:'Tsukuba'
    organizationName      :PRINTABLE:'example.org'
    organizationalUnitName:PRINTABLE:'OpenVPN Server'
    commonName            :PRINTABLE:'vpnserver'
    emailAddress          :IA5STRING:'vpn@example.org'
    
  • root@vpnserver:/etc/openvpn/easy-rsa# ./build-key vpnclient
    writing new private key to 'vpnclient.key'
    -----
    
    The Subject's Distinguished Name is as follows
    countryName           :PRINTABLE:'JP'
    stateOrProvinceName   :PRINTABLE:'Ibraki'
    localityName          :PRINTABLE:'Tsukuba'
    organizationName      :PRINTABLE:'example.org'
    organizationalUnitName:PRINTABLE:'OpenVPN Client'
    commonName            :PRINTABLE:'vpnclient'
    emailAddress          :IA5STRING:'vpn@example.org'
    
  • root@vpnserver:/etc/openvpn/easy-rsa# ./build-dh

copy files for server

  • root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/dh1024.pem keys/vpnserver.crt keys/vpnserver.key /etc/openvpn/

copy files for client

  • root@vpnserver:/etc/openvpn/easy-rsa# mkdir ~/client
  • root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/vpnclient.crt keys/vpnclient.key ~/client/
  • root@vpnserver:~# tar czf client.tar.gz client/
    • client.tar.gz => vpnclient with sftp
Last modified 7 years ago Last modified on Jul 4, 2010 6:57:13 PM