- instale o openvpn no seu servidor e no seu cliente
-
gere os certificados como no HOWTO oficial:
root@server:/etc/openvpn/easy-rsa# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa root@server:/etc/openvpn/easy-rsa# cd /etc/openvpn/easy-rsa
Edite / etc / openvpn / easy-rsa / vars e preencha os valores apropriados
root@server:/etc/openvpn/easy-rsa# . ./vars NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys root@server:/etc/openvpn/easy-rsa# ./clean-all root@server:/etc/openvpn/easy-rsa# ./build-ca Generating a 1024 bit RSA private key ......................++++++ ........++++++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [HK]: State or Province Name (full name) [New Territories]: Locality Name (eg, city) [Tuen Mun]: Organization Name (eg, company) [Home]: Organizational Unit Name (eg, section) [changeme]: Common Name (eg, your name or your server's hostname) [OpenVPN-CA]: Name [OpenVPN-CA]: Email Address [[email protected]]: root@server:/etc/openvpn/easy-rsa# ./build-key-server server Generating a 1024 bit RSA private key ...............++++++ ..........++++++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [HK]: State or Province Name (full name) [New Territories]: Locality Name (eg, city) [Tuen Mun]: Organization Name (eg, company) [Home]: Organizational Unit Name (eg, section) [changeme]: Common Name (eg, your name or your server's hostname) [server]: Name [OpenVPN-CA]: Email Address [[email protected]]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'HK' stateOrProvinceName :PRINTABLE:'New Territories' localityName :PRINTABLE:'Tuen Mun' organizationName :PRINTABLE:'Home' organizationalUnitName:PRINTABLE:'changeme' commonName :PRINTABLE:'server' name :PRINTABLE:'OpenVPN-CA' emailAddress :IA5STRING:'[email protected]' Certificate is to be certified until Mar 18 13:18:09 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated root@server:/etc/openvpn/easy-rsa# ./build-key client Generating a 1024 bit RSA private key ..........++++++ ...................................................++++++ writing new private key to 'client.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [HK]: State or Province Name (full name) [New Territories]: Locality Name (eg, city) [Tuen Mun]: Organization Name (eg, company) [Home]: Organizational Unit Name (eg, section) [changeme]: Common Name (eg, your name or your server's hostname) [client]: Name [OpenVPN-CA]: Email Address [[email protected]]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'HK' stateOrProvinceName :PRINTABLE:'New Territories' localityName :PRINTABLE:'Tuen Mun' organizationName :PRINTABLE:'Home' organizationalUnitName:PRINTABLE:'changeme' commonName :PRINTABLE:'client' name :PRINTABLE:'OpenVPN-CA' emailAddress :IA5STRING:'[email protected]' Certificate is to be certified until Mar 18 13:20:00 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated root@server:/etc/openvpn/easy-rsa# ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ............................................................................+..................+...........+...........................+..............+..............................................................+......................................................................................................+......................................................................................+..............................................................................+..................+.................+..................................................................+.........................................+...........+..........................................................................................+..............................................+....................................+...................+....+..+................+.+.........+..............................................................+....................................................................................................................+...........+.....................................................................................................................................+.........................................................+...........................................................+.......................................................................................................................................................................................................................................+..............+..............................................................................................................................................+............................+..........................................+....................................................................................................................................++*++*++*
-
copie os arquivos necessários de / etc / openvpn / easy-rsa / keys no servidor para / etc / openvpn
para servidor: ca.crt dh1024.pem server.crt server.key
para cliente: ca.crt client.crt client.key
-
copie os arquivos de configuração de amostra apropriados de / usr / share / doc / openvpn / examples / sample-config-files / para / etc / openvpn e descomprima-os
servidor: server.conf.gz
client: client.conf
- O arquivo de configuração do servidor deve ser viável por padrão
-
edite a entrada "remote" no cliente /etc/openvpn/client.conf
Insira o nome do servidor / endereço IP. Nenhuma outra mudança precisa ser feita
- Abra o UDP 1194 no firewall do servidor
-
O serviço está pronto para começar agora, o servidor está em 10.8.0.1
Eu suponho que você só precisa acessar o servidor, trabalho adicional precisa ser feito se você quiser acessar outras redes internas.
-
configure o samba para escutar em 10.8.0.0/24
Tudo deveria ter sido feito, deixe um comentário aqui se algo der errado.