OpenVPN
From Whitespace (Hackerspace Gent)
Contents |
[edit] Client
[edit] Create a new key
$ openssl genrsa -aes256 -out 0x20-vpn-your_name_here.key 2048
[edit] Create a Certificate signing request
$ openssl req -new -key 0x20-vpn-your_name_here.key -out 0x20-vpn-your_name_here.csr
countryName = BE
stateOrProvinceName = Ghent
organizationName = 0x20
organizationalUnitName = members
commonName = your_name_here
[edit] Get your certificate signed
Mail your CSR(certificate signing request) to someone who has access to the 0x20 CA. Best is being physically present in the space.
Sign cert:
$ openssl ca -in ../0x20-vpn-your_name_here.csr -cert ca-0x20-cert.pem -keyfile private/ca-0x20-key.pem -out 0x20-vpn-your_name_here.cert -config ./openssl.cnf
[edit] Client config Linux
client remote members.0x20.be 1194 proto udp dev tun resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun '''ca certs/ca-0x20-cert.pem cert certs/0x20-vpn-<name>.cert key certs/0x20-vpn-<name>.key ''' ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 cipher AES-256-CBC comp-lzo verb 3 mute 20
[edit] Server
The virtual network exist out of two parts: 1) a point-to-point vpn that connects the big pipe server at the ibbt with the the whitespace network 2) a server-client vpn that allows users to
