openvpn_stuff
Differences
This shows you the differences between two versions of the page.
|
openvpn_stuff [2007/04/01 14:37] 66.207.222.14 |
openvpn_stuff [2013/09/28 16:06] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== setting up openvpn server ====== | ||
| - | |||
| - | This is old; check if there's new versions of stuff that you should use. | ||
| - | |||
| - | <code> | ||
| - | cd /usr/local/src | ||
| - | wget http://openvpn.net/release/openvpn-2.0.tar.gz | ||
| - | tar xvfz openvpn-2.0.tar.gz | ||
| - | cd openvpn-2.0 | ||
| - | apt-get install liblzo-dev | ||
| - | ./configure | ||
| - | make | ||
| - | make install | ||
| - | |||
| - | mkdir /etc/openvpn | ||
| - | mkdir /etc/openvpn/easy-rsa | ||
| - | cp /usr/local/src/easy-rsa/* /etc/openvpn/easy-rsa | ||
| - | </code> | ||
| - | |||
| - | **/etc/openvpn/server.conf:** | ||
| - | <code> | ||
| - | dev tap | ||
| - | port 5000 | ||
| - | proto tcp-server | ||
| - | verb 1 | ||
| - | mode server | ||
| - | tls-server | ||
| - | ping 60 | ||
| - | ca /etc/openvpn/ca.crt | ||
| - | cert /etc/openvpn/server.crt | ||
| - | key /etc/openvpn/server.key | ||
| - | dh /etc/openvpn/dh1024.pem | ||
| - | ifconfig 192.168.222.1 255.255.255.0 | ||
| - | ifconfig-pool 192.168.222.100 192.168.222.200 | ||
| - | route 192.168.222.0 255.255.255.0 | ||
| - | route-gateway 192.168.222.1 | ||
| - | </code> | ||
| - | |||
| - | **client.conf:** | ||
| - | <code> | ||
| - | dev tap | ||
| - | proto tcp-client | ||
| - | port 5000 | ||
| - | ping 15 | ||
| - | ping-restart 120 | ||
| - | resolv-retry infinite | ||
| - | remote openvpn.wirelesstoronto.ca | ||
| - | tls-client | ||
| - | ca /etc/openvpn/ca.crt | ||
| - | cert /etc/openvpn/client**NODEID**.crt | ||
| - | key /etc/openvpn/client**NODEID**.key | ||
| - | ifconfig 192.168.222.**NODEID** 255.255.255.0 | ||
| - | </code> | ||
| - | |||
| - | ===== making client certificate files on server: ===== | ||
| - | |||
| - | - ssh to pwd.ca, login as "wireless"<code> | ||
| - | cd easy-rsa | ||
| - | . ./vars | ||
| - | </code> | ||
| - | - (ignore the output)<code> | ||
| - | ./build-key client[NODEID] | ||
| - | </code> | ||
| - | - use defaults except for Common Name: **client[NODEID]** | ||
| - | - find the client<NODEID>.crt and client<NODEID>.key files in the ./keys folder -- KEEP THESE PRIVATE | ||
| - | - to copy them to the router, issue these commands on the router:<code> | ||
| - | scp wireless@pwd.ca:easy-rsa/keys/client<NODEID>.crt /etc/openvpn | ||
| - | scp wireless@pwd.ca:easy-rsa/keys/client<NODEID>.key /etc/openvpn | ||
| - | </code> | ||
| - | (it'll prompt you for the wireless@pwd.ca password each time) | ||
| - | |||
openvpn_stuff.txt ยท Last modified: 2013/09/28 16:06 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
