LINUX

cert vezeichnis erstellen

mkdir /root/openvpn-certs

CA erstellen

cd /root/openvpn-certs
openssl dhparam -out dh1024.pem 1024
openssl genrsa -des3 -out openvpn-ca.key 1024
openssl req -new -key openvpn-ca.key -x509 -days 365 -out openvpn-ca.crt

Windows Client-Zertifikate erstellen

cd /root/openvpn-certs
openssl genrsa -out openvpn-windows.key
openssl req -new -key openvpn-windows.key -out openvpn-windows.csr
openssl x509 -req -days 365 -in openvpn-windows.csr -CA openvpn-ca.crt \
 -CAkey openvpn-ca.key -CAcreateserial -out openvpn-windows.crt

Linux Client-Zertifikate erstellen

cd /root/openvpn-certs
openssl genrsa -out openvpn-linux.key
openssl req -new -key openvpn-linux.key -out openvpn-linux.csr
openssl x509 -req -days 365 -in openvpn-linux.csr -CA openvpn-ca.crt \
 -CAkey openvpn-ca.key -CAcreateserial -out openvpn-linux.crt

Installation Openvpn

apt-get install openvpn

Kopieren der cert-datein

cd /root/openvpn-certs
cp openvpn-ca.crt dh1024.pem openvpn-linux.crt openvpn-linux.key /etc/openvpn/

openvpn config datei anlegen

 cat /etc/openvpn/server.conf 
dev tun
mode server
tls-server
#proto tcp-server
port 5000
ifconfig 172.26.251.1 172.26.251.2
ifconfig-pool 172.26.251.5 172.26.251.20 # IP range clients
route 172.26.251.0 255.255.255.0
push "route 10.255.10.0 255.255.255.0"
status /tmp/cool-vpn.status
keepalive 10 30
client-to-client
max-clients 150
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/openvpn-ca.crt
cert /etc/openvpn/openvpn-linux.crt
key /etc/openvpn/openvpn-linux.key
comp-lzo
persist-key
persist-tun
duplicate-cn
#plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login (falls Benutzerauth gewünscht)