OpenVPN - server

Instalace

apt-get install openvpn

Generování certifikátů

cd /usr/share/doc/openvpn/examples/easy-rsa/2.0

source ./vars

./clean-all
./build-ca
./build-key-server server
./build-key user
./build-dh

cp keys/ca.crt /etc/openvpn/
cp keys/dh1024.pem /etc/openvpn/
cp keys/server.crt /etc/openvpn/
cp keys/server.key /etc/openvpn/

vi /etc/openvpn/server.conf

Konfigurace

server 192.168.5.0 255.255.255.0
client-to-client
port 1194
proto udp
dev tap0

# ukecanost
verb 5
mute 10

# komprese prenasenych dat
comp-lzo

# uzivatel pod kterym bezi server
user nobody

# skupina pod kterou bezi server
group nogroup

dh dh1024.pem

# certifikat certifikacni autority
ca ca.crt

# certifikat serveru
cert server.crt

# klíč serveru
key server.key

tls-server

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
# Try to preserve some state across restarts.
persist-key
persist-tun

# udrzuje spojeni nazivu, 10 (ping) a 60(ping-restart)
keepalive 10 60

# list of current client connections to the file openvpn.status once per minute
status /var/log/openvpn.status

# logy serveru
log-append /var/log/openvpn.log
#routovani
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.2"
push "dhcp-option WINS 192.168.2.2"

Restart OpenVNP

/etc/init.d/openvpn restart

Výjimky v iptables

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A OUTPUT -o tap0 -j ACCEPT
iptables -A FORWARD -i tap0 -j ACCEPT

Key Files

Now we will find our newly-generated keys and certificates in the keys subdirectory. Here is an explanation of the relevant files:

Filename	Needed By	Purpose	Secret
ca.crt	server + all clients	Root CA certificate	NO
ca.key	key signing machine only	Root CA key	YES
dh{n}.pem	server only	Diffie Hellman parameters	NO
server.crt	server only	Server Certificate	NO
server.key	server only	Server Key	YES
client1.crt	client1 only	Client1 Certificate	NO
client1.key	client1 only	Client1 Key	YES