Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| tools:ovpn [2022/08/15 13:29] – [Certificate Store] darron | tools:ovpn [2022/08/28 12:59] (current) – [OpenVPN] darron | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| authentication. | authentication. | ||
| + | TBC | ||
| ===Install=== | ===Install=== | ||
| Line 96: | Line 97: | ||
| ==Create TA Certificate== | ==Create TA Certificate== | ||
| - | TODO determine if not superceded. | + | Shared secret key. |
| < | < | ||
| openvpn --genkey secret pki/ta.key | openvpn --genkey secret pki/ta.key | ||
| </ | </ | ||
| + | |||
| + | Example configuration on server. | ||
| + | |||
| + | < | ||
| + | tls-server | ||
| + | tls-auth ta.key 0 | ||
| + | </ | ||
| + | |||
| + | On the client, the shared secret may be inline in the connection profile. | ||
| ==Create Client Certificate== | ==Create Client Certificate== | ||
| < | < | ||
| - | ./easyrsa --vars=./ | + | ./easyrsa --vars=./ |
| </ | </ | ||
| - | ==Create Certificate | + | ==Bundle |
| < | < | ||
| openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass: | openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass: | ||
| </ | </ | ||
| + | |||
| + | ==Unbundle Client Certificate== | ||
| + | |||
| + | < | ||
| + | openssl pkcs12 -in vpn.p12 -nocerts -out vpn.key -nodes -passin pass: | ||
| + | openssl pkcs12 -in vpn.p12 -nokeys -clcerts -out vpn.crt -passin pass: | ||
| + | openssl pkcs12 -in vpn.p12 -nokeys -cacerts -out ca.crt -passin pass: | ||
| + | </ | ||
| + | |||
