卡普的開發手札

Quote from : https://www.server-world.info/en/note?os=Debian_11&p=openvpn&f=1 [1] Install OpenVPN. root@dlp:~#  apt  -y install openvpn easy-rsa iptables [2] Create CA and Certificates. root@dlp:~#  cd  /usr/share/easy-rsa# initialize root@dlp:/usr/share/easy-rsa# ./easyrsa init-pki init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /usr/share/easy-rsa/pki # create CA root@dlp:/usr/share/easy-rsa# ./easyrsa build-ca Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021 # set any pass-phrase Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key, 2048 bit long modulus (2 primes) …….+++++ …………………..+++++ e is 65537 (0x010001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you ...

edit your client.ovpn: #vim client.ovpn Delete these line or comment it. ca ca.crt cert client.crt key client.key tls-auth ta.key 1 Add these content to client.ovpn <ca> —–BEGIN CERTIFICATE—– ca.crt contend —–END CERTIFICATE—– </ca> <cert> —–BEGIN CERTIFICATE—– client.crt contend —–END CERTIFICATE—– </cert> <key> —–BEGIN PRIVATE KEY—– client.key contend —–END PRIVATE KEY—– </key> key-direction 1 #must have this line <tls-auth> —–BEGIN OpenVPN Static key V1—– ta.key contend —–END OpenVPN Static key V1—– </tls-auth>