Difference between revisions of "Openvpn"
Jump to navigation
Jump to search
(Created page with "===Installing an OpenVPN client:=== Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution. Run ...") |
|||
| Line 27: | Line 27: | ||
1. we need the following files in directory: | 1. we need the following files in directory: | ||
====ca.crt:==== | ====ca.crt:==== | ||
| + | <syntaxhighlight> | ||
-----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | ||
MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV | MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV | ||
| Line 46: | Line 47: | ||
b8NliLTZ/Dq6cqihWdwdKF8= | b8NliLTZ/Dq6cqihWdwdKF8= | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
| + | </syntaxhighlight> | ||
====client.conf==== | ====client.conf==== | ||
| + | <syntaxhighlight> | ||
client | client | ||
dev tun | dev tun | ||
| Line 68: | Line 71: | ||
remote-cert-tls server | remote-cert-tls server | ||
auth-user-pass | auth-user-pass | ||
| + | </syntaxhighlight> | ||
====client.crt==== | ====client.crt==== | ||
| + | <syntaxhighlight> | ||
Certificate: | Certificate: | ||
Data: | Data: | ||
| Line 139: | Line 144: | ||
Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA== | Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA== | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
| + | </syntaxhighlight> | ||
====client.key==== | ====client.key==== | ||
| + | <syntaxhighlight> | ||
-----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | ||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM | ||
| Line 156: | Line 163: | ||
G6WP7EPsGNnTkA== | G6WP7EPsGNnTkA== | ||
-----END PRIVATE KEY----- | -----END PRIVATE KEY----- | ||
| + | </syntaxhighlight> | ||
Revision as of 16:23, 18 March 2015
Installing an OpenVPN client:
Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution. Run one of the following commands (as root):
Fedora/CentOS/RedHat:
yum install openvpn- NOTE: OpenVPN Access Server is not compatible with any version below the 2.1 OpenVPN Community/Linux client!
Ubuntu/Debian:
apt-get install openvpnOnce the openvpn package is fetched from the Internet and installed, run the client with the --version argument to make sure that it is version 2.1:
openvpn --version
OpenVPN 2.1_rc15e x86_64-unknown-linux-gnu [...]
[...]Running the OpenVPN client with the downloaded client config file: Usually, the easiest way to install an OpenVPN client is to use the --config argument to specify the location of the downloaded client config file:
openvpn --config client.ovpnHadoop System for Lyman Phun
1. we need the following files in directory:
ca.crt:
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHU2FuSm9zZTEPMA0GA1UEChMG
U01DU1JWMQ8wDQYDVQQDEwZzbWNzcnYxEzARBgNVBCkTClNNQyBTZXJ2ZXIwHhcN
MTMwNzI3MDMzNTEzWhcNMjMwNzI1MDMzNTEzWjBjMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExEDAOBgNVBAcTB1Nhbkpvc2UxDzANBgNVBAoTBlNNQ1NSVjEPMA0G
A1UEAxMGc21jc3J2MRMwEQYDVQQpEwpTTUMgU2VydmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCzjGoEor65xqZi+zXZIZ6gQ+D4HcXVOHvPCFInb7CQVaZ+
M6u0Hs2+Vw6qwAJGljOcjmjCcBt3ZHMEj5G3uwhb9XjOCkpD0CkxqsObCrJraNif
sKNezYy35+U87oy7afBRYfOKl7rv5DHb4J2DXfpQ1e2VWqa4VjopZypZKWQgfwID
AQABo4HIMIHFMB0GA1UdDgQWBBSquXtTeNE73YJjvrF9CbVdXuSpdjCBlQYDVR0j
BIGNMIGKgBSquXtTeNE73YJjvrF9CbVdXuSpdqFnpGUwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcoIJALMM++RcQqxC
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAdqgEIsCNi4uWeKtvFFxS
zMN3+OEqYOco3/lU0U90S6YL+aZ1la9holWKu5o/37jUbKYFU66ju99ej0SUSOro
l34bFJIqm3Z6F9d/N2Plrs2SvpMrv44iUYD3A7hnvhq19f7wA/szMqeDPBf49LIj
b8NliLTZ/Dq6cqihWdwdKF8=
-----END CERTIFICATE-----client.conf
client
dev tun
proto udp
remote 64.169.30.57 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
remote-cert-tls server
auth-user-passclient.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 129 (0x81)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=CA, L=SanJose, O=SMCSRV, CN=smcsrv/name=SMC Server
Validity
Not Before: Mar 6 17:48:16 2015 GMT
Not After : Apr 5 17:48:16 2015 GMT
Subject: C=US, ST=CA, L=SanJose, O=SMCSRV, CN=smuk1/name=one supermicrouk/emailAddress=edwinb@supermico.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:a6:86:06:b7:a1:30:19:1a:5b:26:8c:5b:9c:e2:
15:59:b7:38:93:8e:60:9e:1d:e5:bc:30:2e:10:06:
91:7d:6c:9c:78:2a:dc:7a:18:4f:ca:48:6f:5c:bf:
a7:69:67:1d:9d:94:a3:75:39:f8:14:1e:c3:9a:33:
90:8a:f7:de:91:59:f9:3b:67:aa:05:f8:0d:80:fe:
0e:43:1f:fd:a1:f9:f1:57:01:72:36:bc:40:29:2c:
07:52:e8:bd:1c:42:d6:89:67:44:85:f7:0d:af:8f:
b8:44:c4:f5:b5:30:99:1c:2a:90:c2:75:76:70:96:
ca:23:c8:12:ed:59:e3:2e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
F3:EC:B5:7B:A4:B2:6D:57:4E:D0:A4:F9:54:B4:9A:92:2F:60:A7:44
X509v3 Authority Key Identifier:
keyid:AA:B9:7B:53:78:D1:3B:DD:82:63:BE:B1:7D:09:B5:5D:5E:E4:A9:76
DirName:/C=US/ST=CA/L=SanJose/O=SMCSRV/CN=smcsrv/name=SMC Server
serial:B3:0C:FB:E4:5C:42:AC:42
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
43:28:ff:c6:02:05:ed:02:3e:d8:13:6b:98:9d:7b:4d:3d:dd:
40:10:2e:78:86:c4:46:a6:d0:42:b4:ce:c6:ed:47:e3:66:c2:
af:23:3e:8f:c6:51:b6:99:c0:18:69:5b:f1:06:1f:92:3a:e4:
76:c0:36:bb:21:38:85:a2:fb:74:7b:16:56:24:ad:c0:fa:78:
6a:04:ba:ee:4c:b0:33:15:e9:24:49:e1:91:61:90:ad:9d:bc:
d4:02:3b:f0:bf:73:e6:aa:4f:4c:6a:64:99:77:ff:04:5b:4a:
de:e1:df:c2:3c:fa:39:b1:6a:ad:50:e8:41:3b:4d:d1:34:83:
4e:4c
-----BEGIN CERTIFICATE-----
MIIDgTCCAuqgAwIBAgICAIEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcjAeFw0xNTAzMDYx
NzQ4MTZaFw0xNTA0MDUxNzQ4MTZaMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
Q0ExEDAOBgNVBAcTB1Nhbkpvc2UxDzANBgNVBAoTBlNNQ1NSVjEOMAwGA1UEAxMF
c211azExGTAXBgNVBCkTEG9uZSBzdXBlcm1pY3JvdWsxIzAhBgkqhkiG9w0BCQEW
FGVkd2luYkBzdXBlcm1pY28uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCmhga3oTAZGlsmjFuc4hVZtziTjmCeHeW8MC4QBpF9bJx4Ktx6GE/KSG9cv6dp
Zx2dlKN1OfgUHsOaM5CK996RWfk7Z6oF+A2A/g5DH/2h+fFXAXI2vEApLAdS6L0c
QtaJZ0SF9w2vj7hExPW1MJkcKpDCdXZwlsojyBLtWeMutQIDAQABo4IBFzCCARMw
CQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBTz7LV7pLJtV07QpPlUtJqSL2CnRDCBlQYDVR0j
BIGNMIGKgBSquXtTeNE73YJjvrF9CbVdXuSpdqFnpGUwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcoIJALMM++RcQqxC
MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
AAOBgQBDKP/GAgXtAj7YE2uYnXtNPd1AEC54hsRGptBCtM7G7UfjZsKvIz6PxlG2
mcAYaVvxBh+SOuR2wDa7ITiFovt0exZWJK3A+nhqBLruTLAzFekkSeGRYZCtnbzU
Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA==
-----END CERTIFICATE-----client.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM
W5ziFVm3OJOOYJ4d5bwwLhAGkX1snHgq3HoYT8pIb1y/p2lnHZ2Uo3U5+BQew5oz
kIr33pFZ+TtnqgX4DYD+DkMf/aH58VcBcja8QCksB1LovRxC1olnRIX3Da+PuETE
9bUwmRwqkMJ1dnCWyiPIEu1Z4y61AgMBAAECgYBYCuCeUfC2NQMgXHFLfxU+u+qD
yXE36CLA3tBb1L0zjSslNbQgMZ5uGuIWLZZ72fMEj8PkhOOu750HeF/hua/IW0Ip
aGq9zvUr3KGvt3JtbYyk30Zes23lltFm8GL0aMPgLMaizLjAgTDV5Wf2zdfcPtP7
t578iZcNnyPap0Et+QJBANb1RHMYrOYIa8c0HUx4Z5wcurwt1epVFGCuuUOP+7n6
bSObl/OMtpqUTzqAPDmpAeQOOz9Uupt5o0PEsu6FPj8CQQDGUV96lohi7YX5U6pv
e8tSkgZwa2rej/pD+QdU3iB+CprGQwzP89WsD8RCjupywjix338w2fDnzEZAluod
2f4LAkBIYcZuyzxNKUDBjzbebRzWYIYwn26MvaFi/PK9YVpuQXlGqDn+dL94RcB3
/n5JHDPay0AAD1PWzpq/Uxi9YHiZAkEAvrXb+nguOewubQC/IqxKb2ILnSo/QD32
rk0ZdsyRNIQgKM6r0IKslOUol9T1slwBx1Ok7aZ324D+gfhetUw/1wJAYpj47opx
1oTZB79tbLn9jrRCHd9N/A420NQ9nLsD6BP7Z1sFDA1Slgh+/U+VGoBzRRKMumqi
G6WP7EPsGNnTkA==
-----END PRIVATE KEY-----