OPENVPN SITE TO SITE CERT
Zur Navigation springen
Zur Suche springen
Layout
-192.168.33.1/24 -|garlic|-10.82.1.211---------------------10.82.1.195-|hubsi|-192.168.55.1/24
Interfaces
garlic
auto ens18 iface ens18 inet static address 10.82.1.211 netmask 255.255.0.0 gateway 10.82.0.1 auto dummy0 iface dummy0 inet static address 192.168.33.1 netmask 255.255.255.0 pre-up ip link add dummy0 type dummy
hubsi
auto ens18 iface ens18 inet static address 10.82.1.195 netmask 255.255.0.0 gateway 10.82.0.1 auto dummy0 iface dummy0 inet static address 192.168.55.1 netmask 255.255.255.0 pre-up ip link add dummy0 type dummy
Ipfordward on
- cat /etc/sysctl.conf
net.ipv4.ip_forward=1
- sysctl -p
Openvpn
Install
- sudo apt-get install openvpn
Generate Diffie-Hellman and place cert-stuff on garlic
- cd /etc/openvpn/
- mkdir ssl
- cd ssl
- openssl dhparam -out dh2048.pem 2048
Place also garlic.xinux.org.crt garlic.xinux.org.key xin-ca.crt in this directory
Openvpn Config on garlic
- vi /etc/openvpn/server.conf
remote 10.82.1.195 dev tun tls-server ifconfig 172.30.30.1 172.30.30.2 route 192.168.55.0 255.255.255.0 keepalive 10 120 dh /etc/openvpn/ssl/dh2048.pem ca /etc/openvpn/ssl/xin-ca.crt cert /etc/openvpn/ssl/garlic.xinux.org.crt key /etc/openvpn/ssl/garlic.xinux.org.key
Place cert-stuff on hubsi
- cd /etc/openvpn/
- mkdir ssl
Place also hubsi.xinux.org.crt hubsi.xinux.org.key xin-ca.crt in this directory
Openvpn Config on hubsi
- vi /etc/openvpn/server.conf
remote 10.82.1.211 dev tun tls-client ifconfig 172.30.30.2 172.30.30.1 route 192.168.33.0 255.255.255.0 keepalive 10 120 ca /etc/openvpn/ssl/xin-ca.crt cert /etc/openvpn/ssl/hubsi.xinux.org.crt key /etc/openvpn/ssl/hubsi.xinux.org.key
Start and Autostart on all sites
- echo 'AUTOSTART="all"' >> /etc/default/openvpn
- systemctl daemon-reload
- systemctl start openvpn
- systemctl enable openvpn