![]() Server 192.168.10.0 255.255.255.128 # This will be the virtual IP address and subnet of the server’s OpenVPN connection. Key "C:Program FilesOpenVPNeasy-rsakeysserver.key" #change this location to /etc/openvpn for Linux/BSD/Unix systemsĭh "C:Program FilesOpenVPNeasy-rsakeysdh1024.pem" #change this location to /etc/openvpn for Linux/BSD/Unix systems Push "dhcp-option DNS " # Replace the Xs with the IP address of the secondary DNS server for your networkĬa "C:Program FilesOpenVPNeasy-rsakeysca.crt" #change this location to /etc/openvpn (without quotation marks) for Linux/BSD/Unix systemsĬert "C:Program FilesOpenVPNeasy-rsakeysserver.crt" #change this location to /etc/openvpn for Linux/BSD/Unix systems Push "dhcp-option DNS " # Replace the Xs with the IP address of the DNS server for your network Change it to a different port if you prefer Port 1194 # This is the port OpenVPN will run on. To ensure this does not change you need either to have a static local IP address, or to configure your router to always assign this local IP address to your server. Local 192.168.1.15 # Change this address to the IP address of the network card attached to your router. Server configuration file: #server config file start The easiest way to get OpenVPN working in the way we want is to edit the highlighted lines in the following config files to match your network setup, save them as a text file and copy them to the appropriate location. This text file contains all the information OpenVPN needs to know to make or receive a connection, so it’s crucial that these files are correct. When OpenVPN runs it reads a configuration file at c:Program FilesOpenVPNconfig (Windows) or in /etc/openvpn (Linux/BSD/Unix). Your public key infrastructure is now set up. Linux/BSD/Unix: place the files in /etc/openvpn/.Windows: place the files in C:WindowsProgram FilesOpenVPNeasy-rsakeys.The final step is to generate Diffie-Hellman parameters for key exchange: If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name. Then generate the certificate and key for your client machine. Answer “y” to this question and to the following one to finish. For Common Name enter “server”, then continue entering the default values until prompted to sign the certificate. In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. Then next step is to generate a server certificate and key, again using the Easy-RSA suite. Generating the Server and Client Certificates and Keys Then type the following commands, followed by return: (assuming you have moved the easy-rsa directory to this location) Linux/BSD/UNIX: Open a terminal window and type Windows: From the Start button select cmd, and in the command window type: Generating the Master Certificate Authority (CA) Certificate & Key On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it’s a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates. On Windows machines you’ll find it at: C:Program FilesOpenVPNeasy-rsa To get started, you’ll need to use the Easy-RSA PKI suite. If you don’t know what this means, don’t worry: just follow the instructions. Once you’ve got OpenVPN successfully installed, it’s time to build the public key infrastructure needed for certificate-based authentication. Source code: Download source code from, compile and install it. Mac OS X: Download and install Tunnelblick OpenVPN GUI client installation package from Ubuntu: Download and install OpenVPN using Synaptic Package Manager Red Hat, Fedora, CentOS: Download RPM packages from Windows: Download the OpenVPN GUI installation package from Downloading and Installing OpenVPNīefore you can get OpenVPN running on any computer you need to download and install it: In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server. OpenVPN is famously difficult to get up and running, but the truth is that it needn’t be.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |