HomeWiki

User Tools

Site Tools

Trace: rectifier-circuit routing nftables dell-optiplex-3070 links tips
networking:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:openvpn [2024/08/14 17:29] – [Key Files] oscarnetworking:openvpn [2024/08/14 17:45] (current) – [7. Deploy Certificates & Keys] oscar
Line 82: Line 82:
  
 Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files: Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:
-^Filename ^Needed By ^Purpose ^Secret +^Filename ^Needed By ^Purpose ^Secret^ 
-|ca.crt |server + all clients |Root CA certificate |NO +|ca.crt |server + all clients |Root CA certificate |NO| 
-|ca.key |key signing machine only |Root CA key |YES +|ca.key |key signing machine only |Root CA key |YES| 
-|dh2048.pem |server only |Diffie Hellman parameters |NO +|dh2048.pem |server only |Diffie Hellman parameters |NO| 
-|MyServerName.crt |server only |Server Certificate |NO +|MyServerName.crt |server only |Server Certificate |NO| 
-|MyServerName.key |server only |Server Key |YES +|MyServerName.key |server only |Server Key |YES| 
-|MyClientName.crt |client1 only |Client1 Certificate |NO +|MyClientName.crt |client1 only |Client1 Certificate |NO| 
-|MyClientName.key |client1 only |Client1 Key |YES+|MyClientName.key |client1 only |Client1 Key |YES
 + 
 +=== Server Deployment === 
 +Insert the following options in the openvpn configuration file: 
 +  vi /etc/config/openvpn 
 +  ---------------------- 
 +  option ca '/etc/easy-rsa/keys/ca.crt' 
 +  option key '/etc/easy-rsa/keys/myvpnserver.key' 
 +  option cert '/etc/easy-rsa/keys/myvpnserver.crt'  
 +  option dh '/etc/easy-rsa/keys/dh2048.pem' 
 + 
 + 
 +=== Client Deployment === 
 +Insert the various certificates and keys in the following sections of the client.ovpn configuration file: 
 + 
 +  - **ca.cert** --> insert contents --> between the <ca></ca>. Including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. 
 +  - **MyClientName.key** --> insert contents --> between the <key></key>. Including the "-----BEGIN PRIVATE KEY-----" and "-----END PRIVATE KEY-----" lines. 
 +  - **MyClientName.crt** --> insert contents --> between the <cert></cert>. Including everything. 
 +  - **ta.key** --> insert contents --> between the <tls-auth></tls-auth>. Including everything.
  
 ===== Links ===== ===== Links =====
networking/openvpn.1723656582.txt.gz · Last modified: by oscar