HomeWiki

User Tools

Site Tools

Trace: packages-query sidebar
networking:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:openvpn [2024/08/14 17:28] – [Copy certificates & keys] oscarnetworking:openvpn [2024/08/14 17:45] (current) – [7. Deploy Certificates & Keys] oscar
Line 81: Line 81:
 With that, all the certificate and key files needed by your server have been generated. You’re ready to deploy the corresponding certificates and keys to both OpenVPN Server and Client systems. With that, all the certificate and key files needed by your server have been generated. You’re ready to deploy the corresponding certificates and keys to both OpenVPN Server and Client systems.
  
-===== Key Files ===== 
 Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files: Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
-^Filename ^Needed By ^Purpose ^Secret +^Filename ^Needed By ^Purpose ^Secret^ 
-|ca.crt |server + all clients |Root CA certificate |NO +|ca.crt |server + all clients |Root CA certificate |NO| 
-|ca.key |key signing machine only |Root CA key |YES +|ca.key |key signing machine only |Root CA key |YES| 
-|dh{n}.pem |server only |Diffie Hellman parameters |NO +|dh2048.pem |server only |Diffie Hellman parameters |NO| 
-|server.crt |server only |Server Certificate |NO +|MyServerName.crt |server only |Server Certificate |NO| 
-|server.key |server only |Server Key |YES +|MyServerName.key |server only |Server Key |YES| 
-|client1.crt |client1 only |Client1 Certificate |NO +|MyClientName.crt |client1 only |Client1 Certificate |NO| 
-|client1.key |client1 only |Client1 Key |YES+|MyClientName.key |client1 only |Client1 Key |YES
 + 
 +=== Server Deployment === 
 +Insert the following options in the openvpn configuration file: 
 +  vi /etc/config/openvpn 
 +  ---------------------- 
 +  option ca '/etc/easy-rsa/keys/ca.crt' 
 +  option key '/etc/easy-rsa/keys/myvpnserver.key' 
 +  option cert '/etc/easy-rsa/keys/myvpnserver.crt'  
 +  option dh '/etc/easy-rsa/keys/dh2048.pem' 
 + 
 + 
 +=== Client Deployment === 
 +Insert the various certificates and keys in the following sections of the client.ovpn configuration file: 
 + 
 +  - **ca.cert** --> insert contents --> between the <ca></ca>. Including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. 
 +  - **MyClientName.key** --> insert contents --> between the <key></key>. Including the "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" lines. 
 +  - **MyClientName.crt** --> insert contents --> between the <cert></cert>. Including everything. 
 +  - **ta.key** --> insert contents --> between the <tls-auth></tls-auth>. Including everything.
  
 ===== Links ===== ===== Links =====
networking/openvpn.1723656517.txt.gz · Last modified: by oscar