1. generate the certificate authority
root@glowstar# cd /usr/share/doc/openvpn/examples/easy-rsa/2.0 root@glowstar# source ./vars root@glowstar# ./clean-all root@glowstar# ./build-ca
2. create the server and client keys
root@glowstar# ./build-key-server server root@glowstar# ./build-key client
3. generate the diffie-hellman parameters
root@glowstar# ./build-dh
4. create /etc/openvpn/server.conf
local 74.x.x.x port 443 proto udp dev tun ca /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt cert /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.crt key /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.key dh /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.8.0.0 255.255.255.0" push "redirect-gateway" push "dhcp-option DNS 208.68.222.222" keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3
5. start OpenVPN server
root@glowstar# openvpn /etc/openvpn/server.conf
6. copy this file to the client computer:
/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/client.crt /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/client.key
7. create client.conf
client dev tun proto udp remote 74.x.x.x 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key comp-lzo verb 3
8. load module "tun" and connect to server
root@darkstar# /sbin/modprobe tun root@darkstar# openvpn client.conf
9. if connected it will be like this:
10. try ping the server
11. now, may you can create ssh connection? ;)
No comments:
Post a Comment