User Tools

Site Tools


openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
openvpn [2018/07/12 09:07] kroduitopenvpn [2019/06/17 06:22] (current) maferreira
Line 5: Line 5:
   - Install mandadory packages<code>apt-get update   - Install mandadory packages<code>apt-get update
 apt-get install openvpn openssl curl jq vim --no-install-recommends </code> apt-get install openvpn openssl curl jq vim --no-install-recommends </code>
-  - Debian jessie (8) and stretch (9) repository have an old easy-rsa version (2.2) and we need at least 3.0.4, so we use github release.<code>wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz+  - Debian jessie (8) and stretch (9) repository have an old easy-rsa version (2.2) and we need at least 3.0.4, so we use github release. 
 +<code> 
 +wget --no-check-certificate https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
 tar -xvzf EasyRSA-3.0.4.tgz tar -xvzf EasyRSA-3.0.4.tgz
 rm EasyRSA-3.0.4.tgz rm EasyRSA-3.0.4.tgz
-mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/</code> +mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/ 
-  - Generate a 2048 RSA public and private key for centrale, with server5 (use sub ca), and add them in <code>vim /etc/openvpn/server/port_number.key+</code
 +<note warning>We don't use the git clone version because we would need to use the build.sh script with the --version=3.0.4 version to generate the final version</note
 +  - Generate a 2048 RSA public and private key for centrale, with server5 (use sub ca), and add them in <code> 
 +vim /etc/openvpn/server/port_number.key
 vim /etc/openvpn/server/port_number.crt vim /etc/openvpn/server/port_number.crt
-chmod 660 port_number.key port_number.crt #both files must belong to root:root</code>+chmod 660 port_number.key port_number.crt #both files must belong to root:root 
 +</code>
   - Generate diffie hellman file<code>openssl dhparam -out /etc/openvpn/server/dh.pem 2048</code>   - Generate diffie hellman file<code>openssl dhparam -out /etc/openvpn/server/dh.pem 2048</code>
   - Generate additonal key for tls-auth mode<code>openvpn --genkey --secret /etc/openvpn/server/ta.key</code>   - Generate additonal key for tls-auth mode<code>openvpn --genkey --secret /etc/openvpn/server/ta.key</code>
openvpn.1531386448.txt.gz · Last modified: 2018/07/12 09:07 by kroduit