OpenVPN mit Windows und Zertifikaten
Zur Navigation springen
Zur Suche springen
CA erstellen
$ openssl dhparam -out dh1024.pem 1024 $ openssl genrsa -des3 -out openvpn-ca.key 1024 $ openssl req -new -key openvpn-ca.key -x509 -days 365 -out openvpn-ca.crt
Client-Zertifikate erstellen
$ openssl genrsa -out openvpn-something.key $ openssl req -new -key openvpn-something.key -out openvpn-something.csr $ openssl x509 -req -days 365 -in openvpn-something.csr -CA openvpn-ca.crt \ -CAkey openvpn-ca.key -CAcreateserial -out openvpn-something.crt
Konfiguration Linux-Server
- server.conf
dev tun mode server tls-server #proto tcp-server port 5000 ifconfig 172.26.251.1 172.26.251.2 ifconfig-pool 172.26.251.5 172.26.251.20 # IP range clients route 172.26.251.0 255.255.255.0 push "route 150.100.2.254 255.255.255.255" status /tmp/cool-vpn.status keepalive 10 30 client-to-client max-clients 150 verb 3 dh /etc/openvpn/cool/dh1024.pem ca /etc/openvpn/cool/openvpn-ca.crt cert /etc/openvpn/cool/openvpn-duras.crt key /etc/openvpn/cool/openvpn-duras.key comp-lzo persist-key persist-tun duplicate-cn plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login (falls Benutzerauth gewünscht)
Konfiguration Windows-Client
Den Client unter http://openvpn.net/index.php/download/community-downloads.html downloaden _NICHT_ "OpenVPN Connect"
- config.ovpn
port 5000 #udp by default dev tun0 remote openvpn.xinux.com tls-client ca c:\\openvpn-ca.crt cert c:\\openvpn.crt key c:\\openvpn.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 pull ip-win32 ipapi comp-lzo verb 3 auth-user-pass (wenn Benutzerauth gewünscht)