mirror, mirror on the wall

mirror, mirror on the wall

openvpn

Posted on .


# pkg install openvpn
# easyrsa init-pki
# easyrsa build-ca
# easyrsa gen-req server nopass
# easyrsa sign-req server server
# easyrsa gen-dh
# easyrsa build-client-full client01 nopass
# easyrsa build-client-full client02 nopass
# easyrsa build-client-full client03 nopass
# easyrsa build-client-full client04 nopass
# mkdir /usr/local/etc/openvpn
# vim openvpn.conf
port 1194
proto udp
dev tun
ca /usr/local/share/easy-rsa/pki/ca.crt
cert /usr/local/share/easy-rsa/pki/issued/server.crt
key /usr/local/share/easy-rsa/pki/private/server.key
dh /usr/local/share/easy-rsa/pki/dh.pem
topology subnet
server 192.168.200.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.1 255.255.255.255"
client-config-dir ccd
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
explicit-exit-notify 1
# openvpn --genkey --secret ta.key
# mkdir /usr/local/etc/openvpn/ccd
# vim /usr/local/etc/openvpn/ccd/client01
ifconfig-push 192.168.200.101 255.255.255.0
# echo 'openvpn_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/openvpn start
# tar zcvf client01.tar.gz /usr/local/share/easy-rsa/pki/ca.crt /usr/local/share/easy-rsa/pki/private/client01.key /usr/local/share/easy-rsa/pki/issued/client01.crt /usr/local/etc/openvpn/ta.key
# scp client01.tar.gz client01:~/

client# pkg install openvpn
client# mkdir /usr/local/etc/openvpn
client# vim /usr/local/etc/openvpn/openvpn.conf
client
dev tun0
proto udp
remote 123.123.123.123 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
client# echo 'openvpn_enable="YES"' >> /etc/rc.conf
client# echo 'cloned_interfaces="tun0"' >> /etc/rc.conf

About

github

Creative Commons

RSS