openvpn
Posted on .
# pkg install openvpn
# easyrsa init-pki
# easyrsa build-ca
# easyrsa gen-req server nopass
# easyrsa sign-req server server
# easyrsa gen-dh
# easyrsa build-client-full client01 nopass
# easyrsa build-client-full client02 nopass
# easyrsa build-client-full client03 nopass
# easyrsa build-client-full client04 nopass
# mkdir /usr/local/etc/openvpn
# vim openvpn.conf
# openvpn --genkey --secret ta.keyport 1194 proto udp dev tun ca /usr/local/share/easy-rsa/pki/ca.crt cert /usr/local/share/easy-rsa/pki/issued/server.crt key /usr/local/share/easy-rsa/pki/private/server.key dh /usr/local/share/easy-rsa/pki/dh.pem topology subnet server 192.168.200.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.1.1 255.255.255.255" client-config-dir ccd keepalive 10 120 tls-auth ta.key 0 cipher AES-256-CBC user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 3 explicit-exit-notify 1
# mkdir /usr/local/etc/openvpn/ccd
# vim /usr/local/etc/openvpn/ccd/client01
# echo 'openvpn_enable="YES"' >> /etc/rc.confifconfig-push 192.168.200.101 255.255.255.0
# /usr/local/etc/rc.d/openvpn start
# tar zcvf client01.tar.gz /usr/local/share/easy-rsa/pki/ca.crt /usr/local/share/easy-rsa/pki/private/client01.key /usr/local/share/easy-rsa/pki/issued/client01.crt /usr/local/etc/openvpn/ta.key
# scp client01.tar.gz client01:~/
client# pkg install openvpn
client# mkdir /usr/local/etc/openvpn
client# vim /usr/local/etc/openvpn/openvpn.conf
client# echo 'openvpn_enable="YES"' >> /etc/rc.confclient dev tun0 proto udp remote 123.123.123.123 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt cert client01.crt key client01.key remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC verb 3
client# echo 'cloned_interfaces="tun0"' >> /etc/rc.conf
