Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tools:ovpn [2022/08/15 13:29] – [Certificate Store] darrontools:ovpn [2022/08/28 12:59] (current) – [OpenVPN] darron
Line 4: Line 4:
 authentication. authentication.
  
 +TBC
  
 ===Install=== ===Install===
Line 96: Line 97:
 ==Create TA Certificate== ==Create TA Certificate==
  
-TODO determine if not superceded.+Shared secret key.
  
 <code> <code>
 openvpn --genkey secret pki/ta.key openvpn --genkey secret pki/ta.key
 </code> </code>
 +
 +Example configuration on server.
 +
 +<code>
 +tls-server
 +tls-auth ta.key 0
 +</code>
 +
 +On the client, the shared secret may be inline in the connection profile.
  
 ==Create Client Certificate== ==Create Client Certificate==
  
 <code> <code>
-./easyrsa --vars=./vars build-client-full vpn1 nopass+./easyrsa --vars=./vars build-client-full vpn nopass
 </code> </code>
  
-==Create Certificate Bundle==+==Bundle Client Certificate==
  
 <code> <code>
 openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass: openssl pkcs12 -export -inkey vpn.key -in vpn.crt -certfile ca.crt -out vpn.p12 -passout pass:
 </code> </code>
 +
 +==Unbundle Client Certificate==
 +
 +<code>
 +openssl pkcs12 -in vpn.p12 -nocerts -out vpn.key -nodes -passin pass:
 +openssl pkcs12 -in vpn.p12 -nokeys -clcerts -out vpn.crt -passin pass:
 +openssl pkcs12 -in vpn.p12 -nokeys -cacerts -out ca.crt -passin pass:
 +</code>
 +