OpenVPN
From Whitespace (Hackerspace Gent)
(Difference between revisions)
(→Create a new key) |
|||
| Line 2: | Line 2: | ||
=== Create a new key === | === Create a new key === | ||
| − | $ openssl genrsa -aes256 -out 0x20-vpn-your_name_here.key 2048 | + | $ openssl genrsa -aes256 -out 0x20-vpn-'''your_name_here'''.key 2048 |
=== Create a Certificate signing request === | === Create a Certificate signing request === | ||
Revision as of 16:36, 5 November 2011
Contents |
Client
Create a new key
$ openssl genrsa -aes256 -out 0x20-vpn-your_name_here.key 2048
Create a Certificate signing request
$ openssl req -new -key 0x20-vpn-your_name_here.key -out 0x20-vpn-your_name_here.csr
countryName = BE
stateOrProvinceName = Ghent
organizationName = 0x20
organizationalUnitName = members
commonName = your_name_here
Get your certificate signed
You can only get your certificate signed by being physically present in the space.
Sign cert:
$ openssl ca -in ../0x20-vpn-your_name_here.csr -cert ca-0x20-cert.pem -keyfile private/ca-0x20-key.pem -out 0x20-vpn-your_name_here.cert -config ./openssl.cnf
Client config Linux
client remote members.0x20.be 1194 proto udp dev tun resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca certs/ca-0x20-cert.pem cert certs/0x20-vpn-jaroslov.cert key certs/0x20-vpn-jaroslov.key ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 3 mute 20
Server
The virtual network exist out of two parts: 1) a point-to-point vpn that connects the big pipe server at the ibbt with the the whitespace network 2) a server-client vpn that allows users to
