| Version 1 (modified by mitty, 14 years ago) (diff) |
|---|
OpenVPN with no "server-bridge"
- OpenVPN 2.1.0 with Ubuntu lucid
making certs
- vpnserver:~$ sudo aptitude install -R openvpn bridge-utils -y
- vpnserver:~$ sudo cp -av /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa
- vpnserver:~$ sudo vim /etc/openvpn/easy-rsa/vars
- root@vpnserver:/etc/openvpn/easy-rsa# . ./vars
- root@vpnserver:/etc/openvpn/easy-rsa# ./clean-all
- root@vpnserver:/etc/openvpn/easy-rsa# ./build-ca
writing new private key to 'ca.key' ----- The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Ibraki' localityName :PRINTABLE:'Tsukuba' organizationName :PRINTABLE:'example.org' organizationalUnitName:PRINTABLE:'OpenVPN Server' commonName :PRINTABLE:'vpnserver' emailAddress :IA5STRING:'vpn@example.org'
- root@vpnserver:/etc/openvpn/easy-rsa# ./build-key vpnclient
writing new private key to 'vpnclient.key' ----- The Subject's Distinguished Name is as follows countryName :PRINTABLE:'JP' stateOrProvinceName :PRINTABLE:'Ibraki' localityName :PRINTABLE:'Tsukuba' organizationName :PRINTABLE:'example.org' organizationalUnitName:PRINTABLE:'OpenVPN Client' commonName :PRINTABLE:'vpnclient' emailAddress :IA5STRING:'vpn@example.org'
- root@vpnserver:/etc/openvpn/easy-rsa# ./build-dh
copy files for server
- root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/dh1024.pem keys/vpnserver.crt keys/vpnserver.key /etc/openvpn/
copy files for client
- root@vpnserver:/etc/openvpn/easy-rsa# mkdir ~/client
- root@vpnserver:/etc/openvpn/easy-rsa# cp -a keys/ca.crt keys/vpnclient.crt keys/vpnclient.key ~/client/
- root@vpnserver:~# tar czf client.tar.gz client/
- client.tar.gz => vpnclient with sftp
