OpenVPN
From Whitespace (Hackerspace Gent)
(Difference between revisions)
(→Create a Certificate signing request) |
(→Get your certificate signed) |
||
| Line 13: | Line 13: | ||
=== Get your certificate signed === | === Get your certificate signed === | ||
| − | + | Mail your CSR(certificate signing request) to someone who has access to the 0x20 CA. Best is being physically present in the space. | |
Sign cert: | Sign cert: | ||
Revision as of 16:38, 5 November 2011
Contents |
Client
Create a new key
$ openssl genrsa -aes256 -out 0x20-vpn-your_name_here.key 2048
Create a Certificate signing request
$ openssl req -new -key 0x20-vpn-your_name_here.key -out 0x20-vpn-your_name_here.csr
countryName = BE
stateOrProvinceName = Ghent
organizationName = 0x20
organizationalUnitName = members
commonName = your_name_here
Get your certificate signed
Mail your CSR(certificate signing request) to someone who has access to the 0x20 CA. Best is being physically present in the space.
Sign cert:
$ openssl ca -in ../0x20-vpn-your_name_here.csr -cert ca-0x20-cert.pem -keyfile private/ca-0x20-key.pem -out 0x20-vpn-your_name_here.cert -config ./openssl.cnf
Client config Linux
client remote members.0x20.be 1194 proto udp dev tun resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca certs/ca-0x20-cert.pem cert certs/0x20-vpn-jaroslov.cert key certs/0x20-vpn-jaroslov.key ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 3 mute 20
Server
The virtual network exist out of two parts: 1) a point-to-point vpn that connects the big pipe server at the ibbt with the the whitespace network 2) a server-client vpn that allows users to
