by bouleetbil
11. novembre 2010 18:51
Hi,
Mini howto for install/configure openvpn :
Installation :
# pacman-g2 -Sy openvpn
Configuration :
Create keys
# cp /usr/share/doc/openvpn-2.1.3/easy-rsa/2.0/ /etc/openvpn/easy-rsa/ -R
# cd /etc/openvpn/easy-rsa/
# nano vars
Change value of :
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
# source ./vars
# ./clean-all
# ./build-ca
# ./build-dh
Generate server key :
# ./build-key-server server
Generate user key :
# ./build-key-pass bouleetbil
Generate the latest keys ("for man in the middle attaque"):
# openvpn --genkey --secret keys/ta.key
Install the keys :
# cd keys/
# cp ca.crt dh1024.pem server.key ta.key server.crt ../../
Now edit server configuration :
# nano /etc/openvpn/server.conf
here a sample configuration :
port 1194
proto udp
dev tun
topology subnet
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0 #virtual adress
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth ta.key
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Start the server :
# openvpn server.conf
You should have :
.......
Thu Nov 11 18:46:56 2010 UDPv4 link local (bound): [undef]:1194
Thu Nov 11 18:46:56 2010 UDPv4 link remote: [undef]
Thu Nov 11 18:46:56 2010 MULTI: multi_init called, r=256 v=256
Thu Nov 11 18:46:56 2010 IFCONFIG POOL: base=10.8.0.2 size=252
Thu Nov 11 18:46:56 2010 IFCONFIG POOL LIST
Thu Nov 11 18:46:56 2010 Initialization Sequence Completed
Yeah that works \o/
I will write an other post for explain howto configure the client.
Souscrire