Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » openvpn
Trace:
linux:ubuntu:openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
linux:ubuntu:openvpn [2018/02/20 18:17] lunetikklinux:ubuntu:openvpn [2018/02/21 13:49] lunetikk
Line 44: Line 44:
 export KEY_OU="YOUR OU eg. lunetikk" export KEY_OU="YOUR OU eg. lunetikk"
  
-export KEY_NAME="ANY IDENTIFIER eg. openvpnsrv"+export KEY_NAME="ANY IDENTIFIER eg. openvpn"
 </code> </code>
  
-<code></code>+Execute the following and if asked say "y" and enter 
 +<code> 
 +openssl dhparam -out /etc/openvpn/dh2048.pem 2048
  
-<code></code>+cd /etc/openvpn/easy-rsa 
 +. ./vars 
 +./clean-all 
 +./build-ca 
 +</code>
  
-<code></code>+Build the cert, if asked say "y" and enter 
 +<code>./build-key-server openvpn</code> 
 + 
 +Copy your cert and keys 
 +<code>cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn</code> 
 + 
 +and start the service 
 +<code>service openvpn start</code> 
 + 
 +==== Create client certificate ==== 
 + 
 +execute the following, if asked say "y" and enter 
 +<code>./build-key qnap</code> 
 + 
 +copy the client sampleconfig 
 +<code>cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/qnap.ovpn</code> 
 + 
 +edit "/etc/openvpn/easy-rsa/keys/qnap.ovpn" and change the following 
 +<code> 
 +remote YOUROPENVPNSERVER 1194 
 + 
 +#use these on qnap, make sure they exist 
 +user nobody 
 +group everyone 
 + 
 +#comment the 3 lines 
 +#ca ca.crt 
 +#cert client.crt 
 +#key client.key 
 + 
 +#at the end of the file, add your ca, client-cert and client-key 
 +<ca> 
 +-----BEGIN CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</ca> 
 + 
 +<cert> 
 +Certificate: 
 +... 
 +-----END CERTIFICATE----- 
 +... 
 +-----END CERTIFICATE----- 
 +</cert> 
 + 
 +<key> 
 +-----BEGIN PRIVATE KEY----- 
 +... 
 +-----END PRIVATE KEY----- 
 +</key> 
 +</code> 
 + 
 +===== Connecting the QNAP via OpenVPN ===== 
 + 
 +Edit the file "/etc/config/vpn.conf" and add the following 
 +<code> 
 +[OPENVPN_CLIENT1] 
 +Enable = TRUE 
 +Status = 1 
 +Index = 1 
 +Gateway = 0 
 +Allow Connect = 0 
 +Reconnect = 1 
 +Server Address = lunetikk.de 
 +Profile File = OpenVPN4 
 +VPN Proto Type = udp 
 +VPN Port = 1194 
 +Compress = 1 
 +Re-direct gateway = 1 
 +Encryption = 1 
 +AccessCode = AAA 
 +Time Stamp = 0 
 +</code> 
 + 
 +Start your client (parameter 1 is the index in your config) 
 +<code>/etc/init.d/vpn_openvpn_client.sh start 1 &</code> 
 + 
 +Check if your connection is up with ifconfig and ping your gateway (openvpn server) 
 +<code> 
 +# ifconfig 
 +tun0      Link encap:UNSPEC  Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
 +          inet Adresse:10.8.0.6  P-z-P:10.8.0.2  Maske:255.255.255.255 
 + 
 +# ping 10.8.0.1 
 +PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 
 +64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=38.6 ms 
 +64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=37.9 ms 
 +</code>
  
-<code></code> 
  
-<code></code> 
linux/ubuntu/openvpn.txt · Last modified: 2021/05/14 17:14 by lunetikk

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki