On SERVER ip 192.168.5.1
copied entire easy-rsa to my_keys
edit vars
update vars
build dh
build ca
build server sertificate
build client sertificate
generate tls key
copied ca.crt,dh2048.pem,server.crt,server.key
make server config file
running openvpn
<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
On Client ip 192.168.5.5
on server copied openvpnclient1.crt,openvpnclient1.key and rename into client.crt,client.key
client certificate
client certificate key
ta key
back to client, make client config file
running openvpn client
# cd /etc/openvpn/ # mkdir my_keys/ # cd my_keys/
copied entire easy-rsa to my_keys
# cp /usr/share/openvpn/easy-rsa/2.0/* .
edit vars
# vim vars export EASY_RSA="/etc/openvpn/my_keys" export OPENSSL="openssl" export PKCS11TOOL="pkcs11-tool" export GREP="grep" export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` export KEY_DIR="$EASY_RSA/keys" echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR export PKCS11_MODULE_PATH="dummy" export PKCS11_PIN="dummy" export KEY_SIZE=2048 export CA_EXPIRE=3650 export KEY_EXPIRE=1000 export KEY_COUNTRY="ID" export KEY_PROVINCE="BANTEN" export KEY_CITY="TANGERANG" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain"
update vars
# . ./vars # ./clean-all
build dh
# ./build-dh
build ca
# ./build-ca
build server sertificate
# ./build-key-server openvpnserver
build client sertificate
# ./build-key openvpnclient1
generate tls key
# openvpn --genkey --secret ta.key
copied ca.crt,dh2048.pem,server.crt,server.key
# cp keys/ca.crt /etc/openvpn/my_keys/ca.crt # cp keys/dh2048.pem /etc/openvpn/my_keys/dh2048.pem # cp keys/openvpnserver.crt /etc/openvpn/my_keys/server.crt # cp keys/openvpnserver.key /etc/openvpn/my_keys/server.key
make server config file
# cp /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf /etc/openvpn/ # cd /etc/openvpn/ # vim /etc/openvpn/server.conf port 1194 proto udp dev tun ca my_keys/ca.crt cert my_keys/server.crt key my_keys/server.key dh my_keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun ;script-security 2 ;tls-verify /etc/openvpn/my_keys/ocsp.sh ;tls-auth /etc/openvpn/my_keys/ta.key 0 status openvpn-status.log verb 3
running openvpn
# openvpn --config server.conf # ifconfig -a
<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
On Client ip 192.168.5.5
# cd /etc/openvpn # mkdir /etc/openvpn/my_keys
on server copied openvpnclient1.crt,openvpnclient1.key and rename into client.crt,client.key
client certificate
# scp /etc/openvpn/my_keys/keys/openvpnclient1.crt root@192.168.5.5:/etc/openvpn/my_keys/client.crt
client certificate key
# scp /etc/openvpn/my_keys/keys/openvpnclient1.key root@192.168.5.5:/etc/openvpn/my_keys/client.key
ta key
# scp /etc/openvpn/my_keys/ta.key root@192.168.5.5:/etc/openvpn/my_keys/ta.key
back to client, make client config file
# cp /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf /etc/openvpn/ # cd /etc/openvpn/ # vim client.conf client dev tun proto udp remote 192.168.5.1 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/my_keys/ca.crt cert /etc/openvpn/my_keys/client.crt key /etc/openvpn/my_keys/client.key ;ns-cert-type server ;tls-auth /etc/openvpn/my_keys/ta.key 1 comp-lzo verb 3
running openvpn client
# openvpn --config client.conf # ifconfig -a
how if you have a hundreds or even thousand clients?
ReplyDeleteHOW to build client keys quickly and effectively?
is it cannot be done, else building the client keys one-by-one????