OPENVPN with User-Authentication: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 17: | Zeile 17: | ||
*vi /etc/openvpn/server.conf | *vi /etc/openvpn/server.conf | ||
<pre> | <pre> | ||
| + | dev tun | ||
dev tun | dev tun | ||
mode server | mode server | ||
| Zeile 23: | Zeile 24: | ||
topology subnet | topology subnet | ||
server 172.31.2.0 255.255.255.0 | server 172.31.2.0 255.255.255.0 | ||
| − | push "route | + | push "route 10.82.228.0 255.255.255.0" |
| − | push "dhcp-option DOMAIN | + | push "dhcp-option DOMAIN xx.de" |
| − | push "dhcp-option DNS | + | push "dhcp-option DNS 8.8.8.8" |
cipher AES-256-CBC | cipher AES-256-CBC | ||
link-mtu 1542 | link-mtu 1542 | ||
| Zeile 34: | Zeile 35: | ||
verb 3 | verb 3 | ||
dh /etc/openvpn/dh2048.pem | dh /etc/openvpn/dh2048.pem | ||
| − | ca /etc/openvpn/ | + | ca /etc/openvpn/ca.crt |
| − | cert /etc/openvpn/ | + | cert /etc/openvpn/frieda.xx.de.crt |
| − | key /etc/openvpn/ | + | key /etc/openvpn/frieda.xx.de.key |
verify-client-cert none | verify-client-cert none | ||
compress | compress | ||
Version vom 7. September 2022, 09:04 Uhr
Install
- sudo apt install openvpn
Server
Create DH Key
- cd /etc/openvpn
- openssl dhparam -out dh2048.pem 2048
Selbstsigniertes Zertifikat
- Selbstsigniertes Zertifikat
- Zertifikat der Zertifizierungsstelle
/etc/openvpn/ca.crt
- Zertifikat des Servers
/etc/openvpn/frieda.xx.de.crt
- Privater Schlüssel des Servers
/etc/openvpn/frieda.xx.de.key
Server Config
- vi /etc/openvpn/server.conf
dev tun dev tun mode server tls-server port 5000 topology subnet server 172.31.2.0 255.255.255.0 push "route 10.82.228.0 255.255.255.0" push "dhcp-option DOMAIN xx.de" push "dhcp-option DNS 8.8.8.8" cipher AES-256-CBC link-mtu 1542 status /tmp/cool-vpn.status keepalive 10 30 client-to-client max-clients 150 verb 3 dh /etc/openvpn/dh2048.pem ca /etc/openvpn/ca.crt cert /etc/openvpn/frieda.xx.de.crt key /etc/openvpn/frieda.xx.de.key verify-client-cert none compress persist-key persist-tun client-config-dir client username-as-common-name plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login
Client
Client Config
port 5000 dev tun0 remote neo.harirbo.net tls-client cipher AES-256-CBC link-mtu 1542 mssfix 1450 pull compress verb 3 auth-user-pass <ca> -----BEGIN CERTIFICATE----- place your cacert here -----END CERTIFICATE----- </ca>