Linux/OpenVPN/EasyRSA: Difference between revisions
(Die Seite wurde neu angelegt: „= Required key files = Server: * ca.crt * dh.pem * server.crt * server.key * ta.key Clients: * ca.crt * client1.crt * client1.key * ta.key = EasyRSA 3.x =…“) |
m (→EasyRSA 3.x) |
||
Line 15: | Line 15: | ||
= EasyRSA 3.x = | = EasyRSA 3.x = | ||
== Initial setup == | |||
* Create new dir and add EasyRSA symlinks | |||
<pre> | |||
make-cadir certificates | |||
cd certificates | |||
</pre> | |||
* Initialize CA (Certificate Authority) | |||
<pre> | |||
./easyrsa init-pki | |||
./easyrsa build-ca | |||
</pre> | |||
* Create DH-key | |||
<pre> | |||
./easyrsa gen-dh | |||
</pre> | |||
== Create server keys == | |||
<pre> | |||
./easyrsa build-server-full <SERVER_NAME> nopass | |||
</pre> | |||
== Create/Add client keys == | |||
<pre> | |||
./easyrsa build-client-full <CLIENT_NAME> | |||
</pre> | |||
= EasyRSA 2.x = | = EasyRSA 2.x = |
Latest revision as of 19:15, 10 April 2022
Required key files
Server:
- ca.crt
- dh.pem
- server.crt
- server.key
- ta.key
Clients:
- ca.crt
- client1.crt
- client1.key
- ta.key
EasyRSA 3.x
Initial setup
- Create new dir and add EasyRSA symlinks
make-cadir certificates cd certificates
- Initialize CA (Certificate Authority)
./easyrsa init-pki ./easyrsa build-ca
- Create DH-key
./easyrsa gen-dh
Create server keys
./easyrsa build-server-full <SERVER_NAME> nopass
Create/Add client keys
./easyrsa build-client-full <CLIENT_NAME>
EasyRSA 2.x
Initial setup
make-cadir certificates && cd certificates
- edit "vars":
export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="SanFrancisco" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain" export KEY_OU="MyOrganizationalUnit"
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
openvpn --genkey --secret keys/ta.key
Create client keys
source vars
./build-key client1
./build-key --batch client1
Auto generate user config packages
- create $vpnname-client.ovpn template with:
- %usercrt
- %userkey
- %cacrt
- %tlskey
- /etc/openvpn/certificates/create_user.sh
#!/bin/bash user="$1" vpnname="myvpn" source vars ./build-key --batch $user mkdir -p temp/$vpnname cp keys/$user.crt temp/$vpnname cp keys/$user.key temp/$vpnname cp keys/ca.crt temp/$vpnname cp keys/ta.key temp/$vpnname cp client.ovpn temp/$vpnname-client.ovpn sed -i -e "s:%usercrt:$vpnname/$user.crt:g" temp/$vpnname-client.ovpn sed -i -e "s:%userkey:$vpnname/$user.key:g" temp/$vpnname-client.ovpn sed -i -e "s:%cacrt:$vpnname/ca.crt:g" temp/$vpnname-client.ovpn sed -i -e "s:%tlskey:$vpnname/ta.key:g" temp/$vpnname-client.ovpn cd temp zip -r $vpnname-$user.zip * cd .. cp temp/$vpnname-$user.zip /srv/openvpn/userconfigs rm -r temp