HomeWiki

User Tools

Site Tools

Trace: bluetooth
networking:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:openvpn [2024/08/14 17:25] oscarnetworking:openvpn [2024/08/14 17:45] (current) – [7. Deploy Certificates & Keys] oscar
Line 78: Line 78:
      
      
-===== Copy certificates keys =====+===== 7. Deploy Certificates Keys ===== 
 +With that, all the certificate and key files needed by your server have been generated. You’re ready to deploy the corresponding certificates and keys to both OpenVPN Server and Client systems.
  
-When the command finishes, copy the two new files to your /etc/openvpn/ directory:+Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files: 
 +^Filename ^Needed By ^Purpose ^Secret^ 
 +|ca.crt |server + all clients |Root CA certificate |NO| 
 +|ca.key |key signing machine only |Root CA key |YES| 
 +|dh2048.pem |server only |Diffie Hellman parameters |NO| 
 +|MyServerName.crt |server only |Server Certificate |NO| 
 +|MyServerName.key |server only |Server Key |YES| 
 +|MyClientName.crt |client1 only |Client1 Certificate |NO| 
 +|MyClientName.key |client1 only |Client1 Key |YES|
  
-    sudo cp ~/easy-rsa/ta.key /etc/openvpn+=== Server Deployment === 
-    sudo cp ~/easy-rsa/pki/dh.pem /etc/openvpn/+Insert the following options in the openvpn configuration file: 
 +  vi /etc/config/openvpn 
 +  ---------------------- 
 +  option ca '/etc/easy-rsa/keys/ca.crt' 
 +  option key '/etc/easy-rsa/keys/myvpnserver.key' 
 +  option cert '/etc/easy-rsa/keys/myvpnserver.crt'  
 +  option dh '/etc/easy-rsa/keys/dh2048.pem'
  
-With that, all the certificate and key files needed by your server have been generated. You’re ready to create the corresponding certificates and keys that your client machine will use to access your OpenVPN server. 
  
-===== Key Files ===== +=== Client Deployment === 
-Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files+Insert the various certificates and keys in the following sections of the client.ovpn configuration file
-^Filename ^Needed By ^Purpose ^Secret + 
-|ca.crt |server + all clients |Root CA certificate |NO +  - **ca.cert** --> insert contents --> between the <ca></ca>. Including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. 
-|ca.key  |key signing machine only |Root CA key  |YES +  - **MyClientName.key** --> insert contents --> between the <key></key>. Including the "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" lines
-|dh{n}.pem |server only |Diffie Hellman parameters |NO +  - **MyClientName.crt** --> insert contents --> between the <cert></cert>Including everything
-|server.crt  |server only |Server Certificate |NO +  - **ta.key** --> insert contents --> between the <tls-auth></tls-auth>. Including everything.
-|server.key |server only |Server Key |YES +
-|client1.crt |client1 only |Client1 Certificate |NO +
-|client1.key  |client1 only |Client1 Key |YES+
  
 ===== Links ===== ===== Links =====
networking/openvpn.1723656352.txt.gz · Last modified: by oscar