tips:vpn:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
tips:vpn:openvpn [2016/10/17 16:11] – [Certification Autorithy] scipiotips:vpn:openvpn [2018/06/14 17:54] (current) – [Linux client] scipio
Line 25: Line 25:
 ./pkitool --pass --server $NAME # create passphrase here ./pkitool --pass --server $NAME # create passphrase here
 openssl rsa -in keys/$NAME.key -out keys/$NAME.pem # give passphrase here openssl rsa -in keys/$NAME.key -out keys/$NAME.pem # give passphrase here
 +chmod 600 keys/$NAME.pem
 </code> </code>
  
Line 43: Line 44:
 import file=server.pem import file=server.pem
 import file=ca.crt import file=ca.crt
 +</code>
 +
 +<del>Simplier method</del>
 +<code bash>
 +openssl genrsa -des3 -out ca.key 4096
 +
 +# specify dns name of mikrotik server in common name
 +openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
 +
 +# now import in mikrotik ca.crt and after ca.key
 </code> </code>
  
Line 142: Line 153:
 <code> <code>
 systemctl start openvpn@client1 systemctl start openvpn@client1
 +systemctl enable openvpn@client1
 </code> </code>
  
Line 147: Line 159:
  
 <file txt /etc/openvpn/server.conf> <file txt /etc/openvpn/server.conf>
 +proto tcp
 +dev tun
 +
 +ca /etc/easy-rsa/keys/ca.crt
 +cert /etc/easy-rsa/keys/captive.crt
 +key /etc/easy-rsa/keys/captive.pem
 +dh /etc/easy-rsa/keys/dh2048.pem
 +
 +server 10.4.0.0 255.255.255.0
 +ifconfig-pool-persist ipp.txt
 +keepalive 10 120
 +cipher BF-CBC
 +max-clients 100
 +client-config-dir ccd
 +
 +# It's a good idea to reduce the OpenVPN
 +# daemon's privileges after initialization.
 +#
 +# You can uncomment this out on
 +# non-Windows systems.
 +user nobody
 +group nogroup
 +
 +persist-key
 +persist-tun
 +
 +# Output a short status file showing
 +# current connections, truncated
 +# and rewritten every minute.
 +#status /var/log/openvpn/captive.stats
 +log /var/log/openvpn/captive.log
 +
 +
 +# 0 is silent, except for fatal errors
 +# 4 is reasonable for general usage
 +# 5 and 6 can help to debug connection problems
 +# 9 is extremely verbose
 +#log         openvpn.log
 +#log-append  openvpn.log
 +verb 0
 +
 +# Silence repeating messages.  At most 20
 +# sequential messages of the same message
 +# category will be output to the log.
 +mute 20
 +
 +#fragment 1300
 +mssfix 1300
 +#link-mtu 1503
 +#tun-mtu 1460
 +
 +
 +#client-connect /etc/openvpn/on-client-connect
 +script-security 2
 +push "explicit-exit-notify"
 +
 +management localhost 7505
 +
 +client-to-client
 +
 </file> </file>
 +
 +===== Mikrotik client =====
 +
 +Import certificates
 +<code>
 +import file-name=ca.crt
 +import file-name=galileo.crt
 +import file-name=galileo.pem
 +</code>
 +
  
 ===== LXD ===== ===== LXD =====
  • tips/vpn/openvpn.1476713496.txt.gz
  • Last modified: 2016/10/17 16:11
  • by scipio