OPENVPN WINDOWS LINUX: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
|||
| (14 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=LINUX= | =LINUX= | ||
| + | ===cert vezeichnis erstellen=== | ||
| + | mkdir /root/openvpn-certs | ||
===CA erstellen=== | ===CA erstellen=== | ||
| + | cd /root/openvpn-certs | ||
openssl dhparam -out dh1024.pem 1024 | openssl dhparam -out dh1024.pem 1024 | ||
openssl genrsa -des3 -out openvpn-ca.key 1024 | openssl genrsa -des3 -out openvpn-ca.key 1024 | ||
| Zeile 6: | Zeile 9: | ||
===Windows Client-Zertifikate erstellen=== | ===Windows Client-Zertifikate erstellen=== | ||
| + | cd /root/openvpn-certs | ||
openssl genrsa -out openvpn-windows.key | openssl genrsa -out openvpn-windows.key | ||
openssl req -new -key openvpn-windows.key -out openvpn-windows.csr | openssl req -new -key openvpn-windows.key -out openvpn-windows.csr | ||
| Zeile 11: | Zeile 15: | ||
-CAkey openvpn-ca.key -CAcreateserial -out openvpn-windows.crt | -CAkey openvpn-ca.key -CAcreateserial -out openvpn-windows.crt | ||
| − | === | + | ===Linux Client-Zertifikate erstellen=== |
| + | cd /root/openvpn-certs | ||
openssl genrsa -out openvpn-linux.key | openssl genrsa -out openvpn-linux.key | ||
openssl req -new -key openvpn-linux.key -out openvpn-linux.csr | openssl req -new -key openvpn-linux.key -out openvpn-linux.csr | ||
| Zeile 17: | Zeile 22: | ||
-CAkey openvpn-ca.key -CAcreateserial -out openvpn-linux.crt | -CAkey openvpn-ca.key -CAcreateserial -out openvpn-linux.crt | ||
| + | ==Installation Openvpn== | ||
| + | apt-get install openvpn | ||
| + | ==Kopieren der cert-datein== | ||
| + | cd /root/openvpn-certs | ||
| + | cp openvpn-ca.crt dh1024.pem openvpn-linux.crt openvpn-linux.key /etc/openvpn/ | ||
| + | ==openvpn config datei anlegen== | ||
| + | cat /etc/openvpn/server.conf | ||
| + | dev tun | ||
| + | mode server | ||
| + | tls-server | ||
| + | #proto tcp-server | ||
| + | port 5000 | ||
| + | topology subnet | ||
| + | server 172.31.2.0 255.255.255.0 | ||
| + | route-gateway 172.31.2.1 | ||
| + | push 'route-gateway 172.31.2.1' | ||
| + | cipher AES-256-CBC | ||
| + | link-mtu 1558 | ||
| + | status /tmp/cool-vpn.status | ||
| + | keepalive 10 30 | ||
| + | client-to-client | ||
| + | max-clients 150 | ||
| + | verb 3 | ||
| + | dh /etc/openvpn/dh1024.pem | ||
| + | ca /etc/openvpn/openvpn-ca.crt | ||
| + | cert /etc/openvpn/openvpn-linux.crt | ||
| + | key /etc/openvpn/openvpn-linux.key | ||
| + | comp-lzo | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | duplicate-cn | ||
| + | ===Testen=== | ||
| + | openvpn --config /etc/openvpn/server.conf | ||
| − | == | + | ==Windows== |
| − | + | ===Konfiguration=== | |
| + | Den Client unter http://openvpn.net/index.php/download/community-downloads.html downloaden _NICHT_ "OpenVPN Connect" | ||
| + | |||
| + | ===Dateien nach C:\\Program Files\OpenVpn\config\ übertragen=== | ||
| + | openvpn-ca.crt | ||
| + | openvpn-windows.crt | ||
| + | openvpn-windows.key | ||
| + | |||
| + | ===C:\\Program Files\OpenVpn\config\config.ovpn=== | ||
| + | port 5000 #udp by default | ||
| + | dev tun0 | ||
| + | remote 192.168.240.42 | ||
| + | tls-client | ||
| + | ca C:\\Program Files\\OpenVpn\\config\\openvpn-ca.crt | ||
| + | cert C:\\Program Files\\OpenVpn\\config\\openvpn-windows.crt | ||
| + | key C:\\Program Files\\OpenVpn\\config\\openvpn-windows.key | ||
| + | #tun-mtu 1500 | ||
| + | #tun-mtu-extra 32 | ||
| + | mssfix 1450 | ||
| + | pull | ||
| + | comp-lzo | ||
| + | verb 3 | ||
Aktuelle Version vom 13. März 2018, 15:25 Uhr
LINUX
cert vezeichnis erstellen
mkdir /root/openvpn-certs
CA erstellen
cd /root/openvpn-certs openssl dhparam -out dh1024.pem 1024 openssl genrsa -des3 -out openvpn-ca.key 1024 openssl req -new -key openvpn-ca.key -x509 -days 365 -out openvpn-ca.crt
Windows Client-Zertifikate erstellen
cd /root/openvpn-certs openssl genrsa -out openvpn-windows.key openssl req -new -key openvpn-windows.key -out openvpn-windows.csr openssl x509 -req -days 365 -in openvpn-windows.csr -CA openvpn-ca.crt \ -CAkey openvpn-ca.key -CAcreateserial -out openvpn-windows.crt
Linux Client-Zertifikate erstellen
cd /root/openvpn-certs openssl genrsa -out openvpn-linux.key openssl req -new -key openvpn-linux.key -out openvpn-linux.csr openssl x509 -req -days 365 -in openvpn-linux.csr -CA openvpn-ca.crt \ -CAkey openvpn-ca.key -CAcreateserial -out openvpn-linux.crt
Installation Openvpn
apt-get install openvpn
Kopieren der cert-datein
cd /root/openvpn-certs cp openvpn-ca.crt dh1024.pem openvpn-linux.crt openvpn-linux.key /etc/openvpn/
openvpn config datei anlegen
cat /etc/openvpn/server.conf dev tun mode server tls-server #proto tcp-server port 5000 topology subnet server 172.31.2.0 255.255.255.0 route-gateway 172.31.2.1 push 'route-gateway 172.31.2.1' cipher AES-256-CBC link-mtu 1558 status /tmp/cool-vpn.status keepalive 10 30 client-to-client max-clients 150 verb 3 dh /etc/openvpn/dh1024.pem ca /etc/openvpn/openvpn-ca.crt cert /etc/openvpn/openvpn-linux.crt key /etc/openvpn/openvpn-linux.key comp-lzo persist-key persist-tun duplicate-cn
Testen
openvpn --config /etc/openvpn/server.conf
Windows
Konfiguration
Den Client unter http://openvpn.net/index.php/download/community-downloads.html downloaden _NICHT_ "OpenVPN Connect"
Dateien nach C:\\Program Files\OpenVpn\config\ übertragen
openvpn-ca.crt openvpn-windows.crt openvpn-windows.key
C:\\Program Files\OpenVpn\config\config.ovpn
port 5000 #udp by default dev tun0 remote 192.168.240.42 tls-client ca C:\\Program Files\\OpenVpn\\config\\openvpn-ca.crt cert C:\\Program Files\\OpenVpn\\config\\openvpn-windows.crt key C:\\Program Files\\OpenVpn\\config\\openvpn-windows.key #tun-mtu 1500 #tun-mtu-extra 32 mssfix 1450 pull comp-lzo verb 3