Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tools:ovpn [2022/08/12 11:13] – [Setup] darrontools:ovpn [2022/08/28 12:59] (current) – [OpenVPN] darron
Line 4: Line 4:
 authentication. authentication.
  
-Work-in-progress :- Documentation based on working system built with easyrsa from 2014. Current version (2022) is completely different.+TBC
  
-TODO: Use this guide instead of trying to work it out: 
-https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto 
 ===Install=== ===Install===
  
Line 21: Line 19:
 </code> </code>
  
-===Setup===+===Certificate Store===
  
 ==Init== ==Init==
  
-Create the certificate store and intialise it.+Create the certificate folder and intialise it.
  
 <code> <code>
Line 98: Line 96:
  
 ==Create TA Certificate== ==Create TA Certificate==
 +
 +Shared secret key.
  
 <code> <code>
 openvpn --genkey secret pki/ta.key openvpn --genkey secret pki/ta.key
 </code> </code>
 +
 +Example configuration on server.
 +
 +<code>
 +tls-server
 +tls-auth ta.key 0
 +</code>
 +
 +On the client, the shared secret may be inline in the connection profile.
  
 ==Create Client Certificate== ==Create Client Certificate==
  
 <code> <code>
-./easyrsa build-client-full vpn1 nopass+./easyrsa --vars=./vars build-client-full vpn nopass 
 +</code> 
 + 
 +==Bundle Client Certificate== 
 + 
 +<code> 
 +openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass: 
 +</code> 
 + 
 +==Unbundle Client Certificate== 
 + 
 +<code> 
 +openssl pkcs12 -in vpn.p12 -nocerts -out vpn.key -nodes -passin pass: 
 +openssl pkcs12 -in vpn.p12 -nokeys -clcerts -out vpn.crt -passin pass: 
 +openssl pkcs12 -in vpn.p12 -nokeys -cacerts -out ca.crt -passin pass:
 </code> </code>