Openvpn Roadwarrior zu Firewall Pfsense: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „Datei:Openvpn-Pfsense-Roadwarrior.png“) |
|||
| Zeile 1: | Zeile 1: | ||
[[Datei:Openvpn-Pfsense-Roadwarrior.png]] | [[Datei:Openvpn-Pfsense-Roadwarrior.png]] | ||
| + | <pre> | ||
| + | dev tun | ||
| + | persist-tun | ||
| + | persist-key | ||
| + | data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC | ||
| + | data-ciphers-fallback AES-128-CBC | ||
| + | auth SHA256 | ||
| + | tls-client | ||
| + | client | ||
| + | resolv-retry infinite | ||
| + | remote 10.66.252.10 1194 udp4 | ||
| + | verify-x509-name "openvpn-server-cert" name | ||
| + | remote-cert-tls server | ||
| + | explicit-exit-notify | ||
| + | |||
| + | <ca> | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIDWjCCAkKgAwIBAgIINjSon37jCnMwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UE | ||
| + | AxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRFMB4XDTIyMDIwMjExMzA1OVoXDTMy | ||
| + | MDEzMTExMzA1OVowIzEUMBIGA1UEAxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRF | ||
| + | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaK/YSVj9wBqmI1rgkKv | ||
| + | h9z/gXk7CiezwJy9hRTT7V6ZvEUjTrcu6JBsac0DeSNfgX+/Xdoy4hUUCXnaYLUQ | ||
| + | sACmERbILdr1463nF5TaolfpZDz/nLv+G/wgSLlmleQ38e0GaAgJUHSFRy7cuA6Y | ||
| + | GnB3rDGzWU84xo7aZXrdfKP6Uu+5PmEQjWnTFbaxuuM6OE4IEikxtnE5+/Ct0js5 | ||
| + | uGzKL7imK7FVsAZpC+eTa6bWssc2kUc4QbOkGt82PFbPGxq3bqB6DfA9YyqwqlwG | ||
| + | pKIvg17rYbx7i+IBcjyEsJ+6pKmR71/iem5fXSU7Xv8f6ktXPxTEzlICcDC2p/Fb | ||
| + | JwIDAQABo4GRMIGOMB0GA1UdDgQWBBRXYIcZcf83FwUIyhEx0d/1FGPK9TBSBgNV | ||
| + | HSMESzBJgBRXYIcZcf83FwUIyhEx0d/1FGPK9aEnpCUwIzEUMBIGA1UEAxMLaW50 | ||
| + | ZXJuYWwtY2ExCzAJBgNVBAYTAkRFggg2NKiffuMKczAMBgNVHRMEBTADAQH/MAsG | ||
| + | A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEANLJyx9G6v5c95LENH/8oF2kF | ||
| + | Q+NbFfH3AD7XiQOYO7JhwijjQ1tYL5GKoiaK3aNZt/CEPrh5gZiTY2ftpF0lleiU | ||
| + | NFGQRW/GYQYerWpoILEQ/suZMPDS1JSZRmSBM/P6gdAxqouulg7tgeEdEfC7kkRW | ||
| + | jFWYm6Az7AlC7X0HHSCF2Q2nH43PuRH/uP2nN6eK+UqTITRr/mCkfsdnLQQJN8Gb | ||
| + | WV1CNwJg+NpbEskj+xGYrBcsTs2G+X1AVPYB2GUI3P5JH/fu1e/3A40Ig51yWVJ1 | ||
| + | pj0Tlgff9ofq0JESapaAONsNYeGXWgh0K1/ybkKxZV1KbbahSy1ffVVRrEUUow== | ||
| + | -----END CERTIFICATE----- | ||
| + | </ca> | ||
| + | <cert> | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIDoDCCAoigAwIBAgIBAzANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDEwtpbnRl | ||
| + | cm5hbC1jYTELMAkGA1UEBhMCREUwHhcNMjIwMjEwMTEyNjM4WhcNMzIwMjA4MTEy | ||
| + | NjM4WjAbMQswCQYDVQQGEwJERTEMMAoGA1UEAxMDdnBuMIIBIjANBgkqhkiG9w0B | ||
| + | AQEFAAOCAQ8AMIIBCgKCAQEAooWRuL89duLxVdOc5SY1+g2h5YI88PAC9L7pF5P6 | ||
| + | PnNkaaexRMlSWXg1az/6f8bl1WFJz+gozWj3VEhYTvhRCvg8/8iW+mz6qjel6ASL | ||
| + | AZdCpxsAjVFsCwW1ziguR82s3+cYNeawdeNQhTCi+vIGMkYLukJiqLECIrldrITN | ||
| + | 42iNNDq8noyKc33D99T/zJ69LyL75blN2aYnPwoM1iaJGg7T20Cc9bgjj9FB9oVY | ||
| + | Uxp0a4NaVdWIj1Ews54kify+WnHK+YNEcKidVPRvo/KENrH1impCAjy5eIVnAgXh | ||
| + | gjovzWFA/ghT32r+Fzf5GGTlu2arxEt+AVXEcADHPMqrHwIDAQABo4HmMIHjMAkG | ||
| + | A1UdEwQCMAAwCwYDVR0PBAQDAgXgMDEGCWCGSAGG+EIBDQQkFiJPcGVuU1NMIEdl | ||
| + | bmVyYXRlZCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTz72LCOfCuzUe2EISa | ||
| + | QMChFunNETBSBgNVHSMESzBJgBRXYIcZcf83FwUIyhEx0d/1FGPK9aEnpCUwIzEU | ||
| + | MBIGA1UEAxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRFggg2NKiffuMKczATBgNV | ||
| + | HSUEDDAKBggrBgEFBQcDAjAOBgNVHREEBzAFggN2cG4wDQYJKoZIhvcNAQELBQAD | ||
| + | ggEBAKosycYdzKON2tt9OhlHcPSVWwMVpSaYr+6sKLIUMV8kMOcVvehVasmAHvN3 | ||
| + | bX5vNRHb2mZsKHUVxXASB1hODUEOExZlG/ZG/njf18uaOQ0HHZPDzxzBtMZ5lLCd | ||
| + | kMLOJCzKyjdZ3eVjvCJ1lsJwBYJsbWlzb/2ljtuJcHWtTmSIg4XNqt1I4502U4D+ | ||
| + | 2MOouVm6qgzci1Tgcp+1Okm97vDlgLiVHAf1iDRKg3r/mAjWsG9AIC6ANwhTHOKP | ||
| + | xBs/q5Vx2fyBTzAXDE6ssIE8gRaDx1wu2ksFnMKJyC3A3pB4PV5DzyO7FT6AZ1/d | ||
| + | BVgrqyxxN0zJYrBRBxR1SyfsyLI= | ||
| + | -----END CERTIFICATE----- | ||
| + | </cert> | ||
| + | <key> | ||
| + | -----BEGIN PRIVATE KEY----- | ||
| + | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCihZG4vz124vFV | ||
| + | 05zlJjX6DaHlgjzw8AL0vukXk/o+c2Rpp7FEyVJZeDVrP/p/xuXVYUnP6CjNaPdU | ||
| + | SFhO+FEK+Dz/yJb6bPqqN6XoBIsBl0KnGwCNUWwLBbXOKC5Hzazf5xg15rB141CF | ||
| + | MKL68gYyRgu6QmKosQIiuV2shM3jaI00OryejIpzfcP31P/Mnr0vIvvluU3Zpic/ | ||
| + | CgzWJokaDtPbQJz1uCOP0UH2hVhTGnRrg1pV1YiPUTCzniSJ/L5accr5g0RwqJ1U | ||
| + | 9G+j8oQ2sfWKakICPLl4hWcCBeGCOi/NYUD+CFPfav4XN/kYZOW7ZqvES34BVcRw | ||
| + | AMc8yqsfAgMBAAECggEAKJXOdCJdyQiXV+WGcrr+E7m/yj6h1VE6i7/5GYg8n8fV | ||
| + | NYVJAXJ8/BbG0Eej2LDkyEqJUkAZoGIsEYIXe3ELW//ty7pd6Z+5YTSQW8Z2qCkL | ||
| + | 3gsiMig5IO+GHTtvg0LbfvaI1z0KqAXiH8CrkptJ7NgNKbBWTuYVMHK179UiTT1y | ||
| + | ymSgO12TuTxbzjEKhgL2wjYhpEJfhuw3SU/WioShsPnVVRq+7VxDk8YT+ruIJ/qY | ||
| + | OVH01QVLF3aDPfL1lj/mtyo71YhGv2tBLWbEAzHVyaxIdrAWsu4BzhnHGCmOzuXg | ||
| + | e0mlRMUm+SWfFb0a/07yj4zA05yzotwhcvX1nSSmcQKBgQDSDXeD8a1J2qi0i6Ai | ||
| + | MEIOY5lhqLK3pu+2E3pQFGYZo1+/z9U8V2eFy/FTk04spTwemaRx/dq+BYwPeYvY | ||
| + | i2G706UXU6vBH2nzoXOfB/hpd1MaTg5UuNgYl+84joTf6A736/KWCgurftIMRWmM | ||
| + | n83viDG5n/E2GLddOyrOD/7V5QKBgQDGEnfY+f20zkPCZFdEbRFujMRjXAc/PRJi | ||
| + | MTzWB29X0ZqNCbKUhHyWYaWu/iSy7d1UuedyItNW/j940NvmjT0sRkbB+s73yzj1 | ||
| + | tkHRPE/O7AMg5BDiolLQ7auHrNaFxYSrhUw/C/m4k/UCySM5YJBs4pkEyCI7JsjR | ||
| + | 5npNF/zsswKBgEUFldMuc/HDvxHsm4cAcoRF6B22EFvWqAgdaGCuA0rDa3Ac/AWi | ||
| + | 9up5NGhxDAwRk6q+c9HdR6aPLhHbr79NNaVBi4sZvGNuTiN3VwXX2aHWSuFm6sCe | ||
| + | KKwUKNBdzH3CxEBlMMZqsKD+wEi1+lPyIvplt2k2jE1pW79v9MXXbbadAoGBALMa | ||
| + | rg6gd16QCUt1Kkgwi8u4NDlYVSFE2yO5PDaZAICbgzI3a6jKaFIfOA+VtZ+qYTIk | ||
| + | 7HkTrqECRGi+C6pdWsx3O7JaVd5RgE8HIFrQO6ZzWZzbPb2BZHuR/kIv8seBxKbI | ||
| + | YRq9fHEAMVP0hwpyHAapnA5r3jA4sOzEiSC/KTDrAoGBALAarrqYUCEeX0S3WfS6 | ||
| + | HdrdDMQnxJSLPMMujqai/nsFieVIpBZgw+jd/RlkmMV/1DJn1atgF65Y1C/iNhuO | ||
| + | vMfcvGvKfd5/PykwWCHk7ZD1OBiiL92bK4HT6bf61GtU0Bk5ov7WL2O1QPjrp6rs | ||
| + | l2rK9W8U4t9EorF5QlwyEe8g | ||
| + | -----END PRIVATE KEY----- | ||
| + | </key> | ||
| + | key-direction 1 | ||
| + | <tls-auth> | ||
| + | # | ||
| + | # 2048 bit OpenVPN static key | ||
| + | # | ||
| + | -----BEGIN OpenVPN Static key V1----- | ||
| + | 2a2d98055970642452e2e4db218af7d0 | ||
| + | 661180af8b53654a9f960b42ad9cfcf4 | ||
| + | 0dd512783e3568abfd6ac52c57dea3a1 | ||
| + | 5b320ca185cd1bddad1b66a172ee4569 | ||
| + | 0239660879c054f941e37bbbb7c7b38c | ||
| + | b3d9dd0e896f141e1cd498e00c10860f | ||
| + | 94212efe0d0f759a2a3d72bb6e4d8dcb | ||
| + | 46aa146b38079d0028fd77262f5902a9 | ||
| + | a462dc6a38c9d725ee558842ef05b2e2 | ||
| + | 35bf13e40db7b1aae90c5715c0399700 | ||
| + | 23140c98cf0eefb6c4160bea8f8b17b5 | ||
| + | 915baa57dc01659cc3ac660cae5ffa90 | ||
| + | a500c00f64302b681d8fce698472a700 | ||
| + | b2bdf76744f80bb1f982aa6dc7d40722 | ||
| + | b03c521324021a7d7c0be53d4643f8d8 | ||
| + | 821a9bb00485f812676f85d01f81f1bd | ||
| + | -----END OpenVPN Static key V1----- | ||
| + | </tls-auth> | ||
| + | </pre> | ||
Version vom 10. Februar 2022, 11:51 Uhr
dev tun persist-tun persist-key data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC data-ciphers-fallback AES-128-CBC auth SHA256 tls-client client resolv-retry infinite remote 10.66.252.10 1194 udp4 verify-x509-name "openvpn-server-cert" name remote-cert-tls server explicit-exit-notify <ca> -----BEGIN CERTIFICATE----- MIIDWjCCAkKgAwIBAgIINjSon37jCnMwDQYJKoZIhvcNAQELBQAwIzEUMBIGA1UE AxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRFMB4XDTIyMDIwMjExMzA1OVoXDTMy MDEzMTExMzA1OVowIzEUMBIGA1UEAxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRF MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzaK/YSVj9wBqmI1rgkKv h9z/gXk7CiezwJy9hRTT7V6ZvEUjTrcu6JBsac0DeSNfgX+/Xdoy4hUUCXnaYLUQ sACmERbILdr1463nF5TaolfpZDz/nLv+G/wgSLlmleQ38e0GaAgJUHSFRy7cuA6Y GnB3rDGzWU84xo7aZXrdfKP6Uu+5PmEQjWnTFbaxuuM6OE4IEikxtnE5+/Ct0js5 uGzKL7imK7FVsAZpC+eTa6bWssc2kUc4QbOkGt82PFbPGxq3bqB6DfA9YyqwqlwG pKIvg17rYbx7i+IBcjyEsJ+6pKmR71/iem5fXSU7Xv8f6ktXPxTEzlICcDC2p/Fb JwIDAQABo4GRMIGOMB0GA1UdDgQWBBRXYIcZcf83FwUIyhEx0d/1FGPK9TBSBgNV HSMESzBJgBRXYIcZcf83FwUIyhEx0d/1FGPK9aEnpCUwIzEUMBIGA1UEAxMLaW50 ZXJuYWwtY2ExCzAJBgNVBAYTAkRFggg2NKiffuMKczAMBgNVHRMEBTADAQH/MAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEANLJyx9G6v5c95LENH/8oF2kF Q+NbFfH3AD7XiQOYO7JhwijjQ1tYL5GKoiaK3aNZt/CEPrh5gZiTY2ftpF0lleiU NFGQRW/GYQYerWpoILEQ/suZMPDS1JSZRmSBM/P6gdAxqouulg7tgeEdEfC7kkRW jFWYm6Az7AlC7X0HHSCF2Q2nH43PuRH/uP2nN6eK+UqTITRr/mCkfsdnLQQJN8Gb WV1CNwJg+NpbEskj+xGYrBcsTs2G+X1AVPYB2GUI3P5JH/fu1e/3A40Ig51yWVJ1 pj0Tlgff9ofq0JESapaAONsNYeGXWgh0K1/ybkKxZV1KbbahSy1ffVVRrEUUow== -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBAzANBgkqhkiG9w0BAQsFADAjMRQwEgYDVQQDEwtpbnRl cm5hbC1jYTELMAkGA1UEBhMCREUwHhcNMjIwMjEwMTEyNjM4WhcNMzIwMjA4MTEy NjM4WjAbMQswCQYDVQQGEwJERTEMMAoGA1UEAxMDdnBuMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAooWRuL89duLxVdOc5SY1+g2h5YI88PAC9L7pF5P6 PnNkaaexRMlSWXg1az/6f8bl1WFJz+gozWj3VEhYTvhRCvg8/8iW+mz6qjel6ASL AZdCpxsAjVFsCwW1ziguR82s3+cYNeawdeNQhTCi+vIGMkYLukJiqLECIrldrITN 42iNNDq8noyKc33D99T/zJ69LyL75blN2aYnPwoM1iaJGg7T20Cc9bgjj9FB9oVY Uxp0a4NaVdWIj1Ews54kify+WnHK+YNEcKidVPRvo/KENrH1impCAjy5eIVnAgXh gjovzWFA/ghT32r+Fzf5GGTlu2arxEt+AVXEcADHPMqrHwIDAQABo4HmMIHjMAkG A1UdEwQCMAAwCwYDVR0PBAQDAgXgMDEGCWCGSAGG+EIBDQQkFiJPcGVuU1NMIEdl bmVyYXRlZCBVc2VyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTz72LCOfCuzUe2EISa QMChFunNETBSBgNVHSMESzBJgBRXYIcZcf83FwUIyhEx0d/1FGPK9aEnpCUwIzEU MBIGA1UEAxMLaW50ZXJuYWwtY2ExCzAJBgNVBAYTAkRFggg2NKiffuMKczATBgNV HSUEDDAKBggrBgEFBQcDAjAOBgNVHREEBzAFggN2cG4wDQYJKoZIhvcNAQELBQAD ggEBAKosycYdzKON2tt9OhlHcPSVWwMVpSaYr+6sKLIUMV8kMOcVvehVasmAHvN3 bX5vNRHb2mZsKHUVxXASB1hODUEOExZlG/ZG/njf18uaOQ0HHZPDzxzBtMZ5lLCd kMLOJCzKyjdZ3eVjvCJ1lsJwBYJsbWlzb/2ljtuJcHWtTmSIg4XNqt1I4502U4D+ 2MOouVm6qgzci1Tgcp+1Okm97vDlgLiVHAf1iDRKg3r/mAjWsG9AIC6ANwhTHOKP xBs/q5Vx2fyBTzAXDE6ssIE8gRaDx1wu2ksFnMKJyC3A3pB4PV5DzyO7FT6AZ1/d BVgrqyxxN0zJYrBRBxR1SyfsyLI= -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCihZG4vz124vFV 05zlJjX6DaHlgjzw8AL0vukXk/o+c2Rpp7FEyVJZeDVrP/p/xuXVYUnP6CjNaPdU SFhO+FEK+Dz/yJb6bPqqN6XoBIsBl0KnGwCNUWwLBbXOKC5Hzazf5xg15rB141CF MKL68gYyRgu6QmKosQIiuV2shM3jaI00OryejIpzfcP31P/Mnr0vIvvluU3Zpic/ CgzWJokaDtPbQJz1uCOP0UH2hVhTGnRrg1pV1YiPUTCzniSJ/L5accr5g0RwqJ1U 9G+j8oQ2sfWKakICPLl4hWcCBeGCOi/NYUD+CFPfav4XN/kYZOW7ZqvES34BVcRw AMc8yqsfAgMBAAECggEAKJXOdCJdyQiXV+WGcrr+E7m/yj6h1VE6i7/5GYg8n8fV NYVJAXJ8/BbG0Eej2LDkyEqJUkAZoGIsEYIXe3ELW//ty7pd6Z+5YTSQW8Z2qCkL 3gsiMig5IO+GHTtvg0LbfvaI1z0KqAXiH8CrkptJ7NgNKbBWTuYVMHK179UiTT1y ymSgO12TuTxbzjEKhgL2wjYhpEJfhuw3SU/WioShsPnVVRq+7VxDk8YT+ruIJ/qY OVH01QVLF3aDPfL1lj/mtyo71YhGv2tBLWbEAzHVyaxIdrAWsu4BzhnHGCmOzuXg e0mlRMUm+SWfFb0a/07yj4zA05yzotwhcvX1nSSmcQKBgQDSDXeD8a1J2qi0i6Ai MEIOY5lhqLK3pu+2E3pQFGYZo1+/z9U8V2eFy/FTk04spTwemaRx/dq+BYwPeYvY i2G706UXU6vBH2nzoXOfB/hpd1MaTg5UuNgYl+84joTf6A736/KWCgurftIMRWmM n83viDG5n/E2GLddOyrOD/7V5QKBgQDGEnfY+f20zkPCZFdEbRFujMRjXAc/PRJi MTzWB29X0ZqNCbKUhHyWYaWu/iSy7d1UuedyItNW/j940NvmjT0sRkbB+s73yzj1 tkHRPE/O7AMg5BDiolLQ7auHrNaFxYSrhUw/C/m4k/UCySM5YJBs4pkEyCI7JsjR 5npNF/zsswKBgEUFldMuc/HDvxHsm4cAcoRF6B22EFvWqAgdaGCuA0rDa3Ac/AWi 9up5NGhxDAwRk6q+c9HdR6aPLhHbr79NNaVBi4sZvGNuTiN3VwXX2aHWSuFm6sCe KKwUKNBdzH3CxEBlMMZqsKD+wEi1+lPyIvplt2k2jE1pW79v9MXXbbadAoGBALMa rg6gd16QCUt1Kkgwi8u4NDlYVSFE2yO5PDaZAICbgzI3a6jKaFIfOA+VtZ+qYTIk 7HkTrqECRGi+C6pdWsx3O7JaVd5RgE8HIFrQO6ZzWZzbPb2BZHuR/kIv8seBxKbI YRq9fHEAMVP0hwpyHAapnA5r3jA4sOzEiSC/KTDrAoGBALAarrqYUCEeX0S3WfS6 HdrdDMQnxJSLPMMujqai/nsFieVIpBZgw+jd/RlkmMV/1DJn1atgF65Y1C/iNhuO vMfcvGvKfd5/PykwWCHk7ZD1OBiiL92bK4HT6bf61GtU0Bk5ov7WL2O1QPjrp6rs l2rK9W8U4t9EorF5QlwyEe8g -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- 2a2d98055970642452e2e4db218af7d0 661180af8b53654a9f960b42ad9cfcf4 0dd512783e3568abfd6ac52c57dea3a1 5b320ca185cd1bddad1b66a172ee4569 0239660879c054f941e37bbbb7c7b38c b3d9dd0e896f141e1cd498e00c10860f 94212efe0d0f759a2a3d72bb6e4d8dcb 46aa146b38079d0028fd77262f5902a9 a462dc6a38c9d725ee558842ef05b2e2 35bf13e40db7b1aae90c5715c0399700 23140c98cf0eefb6c4160bea8f8b17b5 915baa57dc01659cc3ac660cae5ffa90 a500c00f64302b681d8fce698472a700 b2bdf76744f80bb1f982aa6dc7d40722 b03c521324021a7d7c0be53d4643f8d8 821a9bb00485f812676f85d01f81f1bd -----END OpenVPN Static key V1----- </tls-auth>