cd /admin/openvpn/examples/easy-rsa . ./vars ./clean-all ./build-ca |
./build-key-server server |
./build-key usa |
./build-dh |
cd /admin/openvpn/examples/easy-rsa/keys cp ./ca.crt /etc/openvpn cp ./dh1024.pem /etc/openvpn cp ./server.crt /etc/openvpn cp ./server.key /etc/openvpn |
openvpn --genkey --secret /etc/openvpn/key.txt |
scp /admin/openvpn/examples/easy-rsa/keys/ca.crt
root@usa:/etc/openvpn scp /admin/openvpn/examples/easy-rsa/keys/usa.* root@usa:/etc/openvpn scp /etc/openvpn/key.txt root@usa:/etc/openvpn |
local x.x.x.x ##This sets the ip address the
server will listen on server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /etc/openvpn/ipp.txt keepalive 60 180 dev tap ##We will be using TAP devices proto tcp-server ##Used to specify the usage of TCP ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem tls-server tls-auth /etc/openvpn/key.txt 0 cipher BF-CBC keysize 448 ##Here we tell Blowfish to use 448 bit encryption log /var/log/openvpn.log ##Here we set the logfile status /var/log/openvpn.status 120 ##This is a status file of the current running writepid /etc/openvpn/openvpn.pid link-mtu 1575 comp-lzo verb 3 mute 10 daemon |
client ##This tells it that it is a
client remote x.x.x.x ##Here you specify the server's IP dev tap proto tcp-client ca /etc/openvpn/ca.crt cert /etc/openvpn/London.crt key /etc/openvpn/London.key tls-client ##Specifies that it is the TLS client tls-auth /etc/openvpn/key.txt 1 ns-cert-type server ##Does server verification cipher BF-CBC keysize 448 log /var/log/openvpn.log status /var/log/openvpn.status 120 writepid /etc/openvpn/openvpn.pid link-mtu 1575 comp-lzo verb 3 mute 10 daemon |
openvpn --config /etc/openvpn/config.vpn |