operating_systems:linux:debian:openvpn
This is an old revision of the document!
OpenVPN
Install needed packages:
# apt install --no-install-recommends openvpn openssl
Download easy-rsa v3.0.4 and install it.
We don't use the git clone version because we would need to use the build.sh script with the –version=3.0.4 version to generate the final version
# wget --no-check-certificate https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz # tar -xvzf EasyRSA-3.0.4.tgz # rm EasyRSA-3.0.4.tgz # mv EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
Make sure you have this option set: set_var EASYRSA_PKI “/etc/openvpn/easy-rsa/pki” in /etc/openvpn/easy-rsa/vars
Initialize a new PKI and generate a CA keypair that will be used to sign certificates.
# cd /etc/openvpn/easy-rsa # export EASYRSA=$(pwd) # easyrsa init-pki # easyrsa build-ca nopass
Common name : Testing server OpenVPN certificate
Now build the intermediate certificate.
# ./easyrsa build-server-full server nopass
Once you have generated and signed OpenVPN server certificate, rename the root CA and CA (intermediate) certificates.
# cd /etc/openvpn/easy-rsa/pki/ # mv ca.crt root_ca.crt # mv private/ca.key private/root_ca.key # mv issued/server.crt issued/ca.crt # mv private/server.key private/ca.key
Also move ca.crt to /etc/openvpn/easy-rsa/pki.
# mv /etc/openvpn/easy-rsa/pki/issued/ca.crt //etc/openvpn/easy-rsa/pki
operating_systems/linux/debian/openvpn.1560782317.txt.gz · Last modified: 2019/06/17 14:38 by maferreira