Openvpn Roadwarrior zu Firewall Linux-Firewall: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=OpenVPN= *COMMONNAME=openvpn-linux *openssl genrsa -aes256 -out ca.key 4096 *openssl req -new -key ca.key -x509 -days 3650 -out ca.crt *openssl genrsa -out $C…“) |
|||
| Zeile 1: | Zeile 1: | ||
| − | =OpenVPN= | + | =OpenVPN Host= |
*COMMONNAME=openvpn-linux | *COMMONNAME=openvpn-linux | ||
*openssl genrsa -aes256 -out ca.key 4096 | *openssl genrsa -aes256 -out ca.key 4096 | ||
| Zeile 10: | Zeile 10: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | =OpenVPN Client= | ||
| + | |||
| + | *config | ||
| + | <pre> | ||
| + | port 5000 | ||
| + | dev tun0 | ||
| + | remote openvpn-linux | ||
| + | tls-client | ||
| + | cipher AES-256-CBC | ||
| + | link-mtu 1542 | ||
| + | mssfix 1450 | ||
| + | pull | ||
| + | compress | ||
| + | verb 3 | ||
| + | auth-user-pass | ||
| + | <ca> | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIFmTCCA4GgAwIBAgIUNZjZ5vd2+5PANqxpc8HILqbs8wYwDQYJKoZIhvcNAQEL | ||
| + | BQAwXDELMAkGA1UEBhMCZGUxDDAKBgNVBAgMA3JscDELMAkGA1UEBwwCencxDjAM | ||
| + | BgNVBAoMBXhpbnV4MQswCQYDVQQLDAJpdDEVMBMGA1UEAwwMc2NodWx1bmdzLWNh | ||
| + | MB4XDTIyMDIwNzE1MzU0MVoXDTMyMDIwNTE1MzU0MVowXDELMAkGA1UEBhMCZGUx | ||
| + | DDAKBgNVBAgMA3JscDELMAkGA1UEBwwCencxDjAMBgNVBAoMBXhpbnV4MQswCQYD | ||
| + | VQQLDAJpdDEVMBMGA1UEAwwMc2NodWx1bmdzLWNhMIICIjANBgkqhkiG9w0BAQEF | ||
| + | AAOCAg8AMIICCgKCAgEAnjjwgUH/fg9eqzOqivuG9DrsYV/d19Kcuu+al/n4UErZ | ||
| + | W2JoFterwq0mbwDK6xmQ5GusCyUS4ENNsqAI1tiVNzTa2A7JBMlxB+QGqtuWc+6b | ||
| + | sOLmjEdIjWxpKpD2GxXaSp/PbBeKp6KDyXCaO5F8+OEO4+Q4D6Bgju4Tpy7dENI7 | ||
| + | 17lZl5Ohp6WOpVpL95m+bD6ZmD3rpte1uL0tQun57Y+w3ovBdPG7gZVOgtfKHCCQ | ||
| + | yRy89bfSNnx8hiIr1fYjg3TLR29Ki9EEdsxl6c4Fhendo4v3FPh9kDGFgHTsLieO | ||
| + | cpw/atLSiTm1me1CZwauEvaPbxO1LJDEOlfHQLiPNtZ55crmJELWLxANmjOK5fJn | ||
| + | 8pVMicCxSuYVIorhyGy7J37P0fOxoAQsYVupCUgogVSC5qUkhvbvU1C56/Y59dkT | ||
| + | mubUshcCqZkpr3B03as1pJ7wzMYHKrte9IIXhS8j0ljsPx5H5iwmXWwTkX+zah8M | ||
| + | KAyVK2hGGbwdc2Zi+zErlVFp1clggDWMfDzZxjgv6R/oclhXcMXaWlnSFBI7+hVC | ||
| + | sV9LgqPNBUemCOdpxXMezaav4cbRBYv8U62nVyU98M8zB17bjcn/s1ibS68AJlhn | ||
| + | reaNOIMBBmEwbZXBhvreqfod8Fkb3L76E4jhfkmAzytIw9ck7kSnw16h7Abc3ZUC | ||
| + | AwEAAaNTMFEwHQYDVR0OBBYEFM2PF5hMG93YmLOY0PMQ92XXKSh2MB8GA1UdIwQY | ||
| + | MBaAFM2PF5hMG93YmLOY0PMQ92XXKSh2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI | ||
| + | hvcNAQELBQADggIBAB4l8RXg41E4ycp3OMOpBruQSPrJMwUN7JdlRFqFLBx+7UBL | ||
| + | N/YVAq3V0au70vcyPNZ+sYjsJQZTz3NQf/A2PwGY7wHZXNWwvB5w/gyUJ37+zaPd | ||
| + | TLiSCabdmgUIAzyQqHNurMccrHQvsxdOHjJu70BMs+5k/iu/niynTMXN5S6XPrzy | ||
| + | 5Jj8IrCZJBg4HvqcpCdU0bKAj76iqliUAwfZG8V+C/AcnyMuwJO6n5mnlQ6gRA67 | ||
| + | q1ilZhBkZ6SDK3goThDrk7BI05ckA5WfwZ1dtDpAyJybauEvBfNHjPqQkc5SbcTQ | ||
| + | oNOK35KJuT0PF2+Jicl1afMH4UYTPZTirBuri1OWwG0cJm9CAVxIJZQv/yJ5Qzhu | ||
| + | xV/NsEnso6FIXy393gUUVqZWyAXY7i1PMlNfjrMu+6cms14jWKjDdEisXNQiq2Xw | ||
| + | +sS+g8T+dgdN39y/bP2RW8WC2wqCQXIE8qkYqDwgNCLtu7Q6DqKGtzAYVvThiA5a | ||
| + | 3NaAR0PMEqx3R+4Alvqm405Wn+BdT7vandWO/ZIN8EKlpNKIZvjiMRm/Mcvcclmy | ||
| + | p4hqnodcO28Ovn58NoM9iV9n/mVyEUu4w7lXitY4z6+x2YRUo852EifeXcv1PjMW | ||
| + | 0H9rMp2U5Kz0K+dijQppgAFf3uw/Rz6dPztwHP4gvqjUhhBW4isaEDNWBseu | ||
| + | -----END CERTIFICATE----- | ||
| + | </ca> | ||
| + | |||
| + | </pre> | ||
Version vom 8. Februar 2022, 10:09 Uhr
OpenVPN Host
- COMMONNAME=openvpn-linux
- openssl genrsa -aes256 -out ca.key 4096
- openssl req -new -key ca.key -x509 -days 3650 -out ca.crt
- openssl genrsa -out $COMMONNAME.key 4096
- openssl req -new -key $COMMONNAME.key -out $COMMONNAME.csr
- openssl x509 -req -days 730 -in $COMMONNAME.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $COMMONNAME.crt
- cp ca.crt openvpn-linux.crt openvpn-linux.key /etc/openvpn/
OpenVPN Client
- config
port 5000 dev tun0 remote openvpn-linux tls-client cipher AES-256-CBC link-mtu 1542 mssfix 1450 pull compress verb 3 auth-user-pass <ca> -----BEGIN CERTIFICATE----- MIIFmTCCA4GgAwIBAgIUNZjZ5vd2+5PANqxpc8HILqbs8wYwDQYJKoZIhvcNAQEL BQAwXDELMAkGA1UEBhMCZGUxDDAKBgNVBAgMA3JscDELMAkGA1UEBwwCencxDjAM BgNVBAoMBXhpbnV4MQswCQYDVQQLDAJpdDEVMBMGA1UEAwwMc2NodWx1bmdzLWNh MB4XDTIyMDIwNzE1MzU0MVoXDTMyMDIwNTE1MzU0MVowXDELMAkGA1UEBhMCZGUx DDAKBgNVBAgMA3JscDELMAkGA1UEBwwCencxDjAMBgNVBAoMBXhpbnV4MQswCQYD VQQLDAJpdDEVMBMGA1UEAwwMc2NodWx1bmdzLWNhMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEAnjjwgUH/fg9eqzOqivuG9DrsYV/d19Kcuu+al/n4UErZ W2JoFterwq0mbwDK6xmQ5GusCyUS4ENNsqAI1tiVNzTa2A7JBMlxB+QGqtuWc+6b sOLmjEdIjWxpKpD2GxXaSp/PbBeKp6KDyXCaO5F8+OEO4+Q4D6Bgju4Tpy7dENI7 17lZl5Ohp6WOpVpL95m+bD6ZmD3rpte1uL0tQun57Y+w3ovBdPG7gZVOgtfKHCCQ yRy89bfSNnx8hiIr1fYjg3TLR29Ki9EEdsxl6c4Fhendo4v3FPh9kDGFgHTsLieO cpw/atLSiTm1me1CZwauEvaPbxO1LJDEOlfHQLiPNtZ55crmJELWLxANmjOK5fJn 8pVMicCxSuYVIorhyGy7J37P0fOxoAQsYVupCUgogVSC5qUkhvbvU1C56/Y59dkT mubUshcCqZkpr3B03as1pJ7wzMYHKrte9IIXhS8j0ljsPx5H5iwmXWwTkX+zah8M KAyVK2hGGbwdc2Zi+zErlVFp1clggDWMfDzZxjgv6R/oclhXcMXaWlnSFBI7+hVC sV9LgqPNBUemCOdpxXMezaav4cbRBYv8U62nVyU98M8zB17bjcn/s1ibS68AJlhn reaNOIMBBmEwbZXBhvreqfod8Fkb3L76E4jhfkmAzytIw9ck7kSnw16h7Abc3ZUC AwEAAaNTMFEwHQYDVR0OBBYEFM2PF5hMG93YmLOY0PMQ92XXKSh2MB8GA1UdIwQY MBaAFM2PF5hMG93YmLOY0PMQ92XXKSh2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI hvcNAQELBQADggIBAB4l8RXg41E4ycp3OMOpBruQSPrJMwUN7JdlRFqFLBx+7UBL N/YVAq3V0au70vcyPNZ+sYjsJQZTz3NQf/A2PwGY7wHZXNWwvB5w/gyUJ37+zaPd TLiSCabdmgUIAzyQqHNurMccrHQvsxdOHjJu70BMs+5k/iu/niynTMXN5S6XPrzy 5Jj8IrCZJBg4HvqcpCdU0bKAj76iqliUAwfZG8V+C/AcnyMuwJO6n5mnlQ6gRA67 q1ilZhBkZ6SDK3goThDrk7BI05ckA5WfwZ1dtDpAyJybauEvBfNHjPqQkc5SbcTQ oNOK35KJuT0PF2+Jicl1afMH4UYTPZTirBuri1OWwG0cJm9CAVxIJZQv/yJ5Qzhu xV/NsEnso6FIXy393gUUVqZWyAXY7i1PMlNfjrMu+6cms14jWKjDdEisXNQiq2Xw +sS+g8T+dgdN39y/bP2RW8WC2wqCQXIE8qkYqDwgNCLtu7Q6DqKGtzAYVvThiA5a 3NaAR0PMEqx3R+4Alvqm405Wn+BdT7vandWO/ZIN8EKlpNKIZvjiMRm/Mcvcclmy p4hqnodcO28Ovn58NoM9iV9n/mVyEUu4w7lXitY4z6+x2YRUo852EifeXcv1PjMW 0H9rMp2U5Kz0K+dijQppgAFf3uw/Rz6dPztwHP4gvqjUhhBW4isaEDNWBseu -----END CERTIFICATE----- </ca>