Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
tools:ovpn [2022/08/12 11:18] – [Setup] darron | tools:ovpn [2022/08/28 12:59] (current) – [OpenVPN] darron | ||
---|---|---|---|
Line 4: | Line 4: | ||
authentication. | authentication. | ||
+ | TBC | ||
===Install=== | ===Install=== | ||
Line 22: | Line 23: | ||
==Init== | ==Init== | ||
- | Create the certificate | + | Create the certificate |
< | < | ||
Line 96: | Line 97: | ||
==Create TA Certificate== | ==Create TA Certificate== | ||
- | TODO determine if not superceded. | + | Shared secret key. |
< | < | ||
openvpn --genkey secret pki/ta.key | openvpn --genkey secret pki/ta.key | ||
</ | </ | ||
+ | |||
+ | Example configuration on server. | ||
+ | |||
+ | < | ||
+ | tls-server | ||
+ | tls-auth ta.key 0 | ||
+ | </ | ||
+ | |||
+ | On the client, the shared secret may be inline in the connection profile. | ||
==Create Client Certificate== | ==Create Client Certificate== | ||
< | < | ||
- | ./easyrsa --vars=./ | + | ./easyrsa --vars=./ |
+ | </ | ||
+ | |||
+ | ==Bundle Client Certificate== | ||
+ | |||
+ | < | ||
+ | openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass: | ||
+ | </ | ||
+ | |||
+ | ==Unbundle Client Certificate== | ||
+ | |||
+ | < | ||
+ | openssl pkcs12 -in vpn.p12 -nocerts -out vpn.key -nodes -passin pass: | ||
+ | openssl pkcs12 -in vpn.p12 -nokeys -clcerts -out vpn.crt -passin pass: | ||
+ | openssl pkcs12 -in vpn.p12 -nokeys -cacerts -out ca.crt -passin pass: | ||
</ | </ | ||