On SERVER ip 192.168.5.1
copied entire easy-rsa to my_keys
edit vars
update vars
build dh
build ca
build server sertificate
build client sertificate
generate tls key
copied ca.crt,dh2048.pem,server.crt,server.key
make server config file
running openvpn
<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
On Client ip 192.168.5.5
on server copied openvpnclient1.crt,openvpnclient1.key and rename into client.crt,client.key
client certificate
client certificate key
ta key
back to client, make client config file
running openvpn client
# cd /etc/openvpn/ # mkdir my_keys/ # cd my_keys/
copied entire easy-rsa to my_keys
# cp /usr/share/openvpn/easy-rsa/2.0/* .
edit vars
# vim vars export EASY_RSA="/etc/openvpn/my_keys" export OPENSSL="openssl" export PKCS11TOOL="pkcs11-tool" export GREP="grep" export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` export KEY_DIR="$EASY_RSA/keys" echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR export PKCS11_MODULE_PATH="dummy" export PKCS11_PIN="dummy" export KEY_SIZE=2048 export CA_EXPIRE=3650 export KEY_EXPIRE=1000 export KEY_COUNTRY="ID" export KEY_PROVINCE="BANTEN" export KEY_CITY="TANGERANG" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain"
update vars
# . ./vars # ./clean-all
build dh
# ./build-dh
build ca
# ./build-ca
build server sertificate
# ./build-key-server openvpnserver
build client sertificate
# ./build-key openvpnclient1
generate tls key
# openvpn --genkey --secret ta.key
copied ca.crt,dh2048.pem,server.crt,server.key
# cp keys/ca.crt /etc/openvpn/my_keys/ca.crt # cp keys/dh2048.pem /etc/openvpn/my_keys/dh2048.pem # cp keys/openvpnserver.crt /etc/openvpn/my_keys/server.crt # cp keys/openvpnserver.key /etc/openvpn/my_keys/server.key
make server config file
# cp /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf /etc/openvpn/
# cd /etc/openvpn/
# vim /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca my_keys/ca.crt
cert my_keys/server.crt
key my_keys/server.key
dh my_keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
;script-security 2
;tls-verify /etc/openvpn/my_keys/ocsp.sh
;tls-auth /etc/openvpn/my_keys/ta.key 0
status openvpn-status.log
verb 3
running openvpn
# openvpn --config server.conf # ifconfig -a
<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
On Client ip 192.168.5.5
# cd /etc/openvpn # mkdir /etc/openvpn/my_keys
on server copied openvpnclient1.crt,openvpnclient1.key and rename into client.crt,client.key
client certificate
# scp /etc/openvpn/my_keys/keys/openvpnclient1.crt root@192.168.5.5:/etc/openvpn/my_keys/client.crt
client certificate key
# scp /etc/openvpn/my_keys/keys/openvpnclient1.key root@192.168.5.5:/etc/openvpn/my_keys/client.key
ta key
# scp /etc/openvpn/my_keys/ta.key root@192.168.5.5:/etc/openvpn/my_keys/ta.key
back to client, make client config file
# cp /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf /etc/openvpn/ # cd /etc/openvpn/ # vim client.conf client dev tun proto udp remote 192.168.5.1 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/my_keys/ca.crt cert /etc/openvpn/my_keys/client.crt key /etc/openvpn/my_keys/client.key ;ns-cert-type server ;tls-auth /etc/openvpn/my_keys/ta.key 1 comp-lzo verb 3
running openvpn client
# openvpn --config client.conf # ifconfig -a
how if you have a hundreds or even thousand clients?
ReplyDeleteHOW to build client keys quickly and effectively?
is it cannot be done, else building the client keys one-by-one????