Difference between revisions of "Openvpn"

From Define Wiki
Jump to navigation Jump to search
(Created page with "===Installing an OpenVPN client:=== Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution. Run ...")
 
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution.  Run one of the following commands (as root):
 
Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution.  Run one of the following commands (as root):
  
Fedora/CentOS/RedHat:
+
====Fedora/CentOS/RedHat:====
 
<syntaxhighlight>
 
<syntaxhighlight>
 
yum install openvpn
 
yum install openvpn
Line 25: Line 25:
  
 
===Hadoop System for Lyman Phun ===
 
===Hadoop System for Lyman Phun ===
1. we need the following files in directory:
+
we need the following files in directory for openvpn to use
 
====ca.crt:====
 
====ca.crt:====
 +
<syntaxhighlight>
 
-----BEGIN CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
 
MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
 
MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
Line 46: Line 47:
 
b8NliLTZ/Dq6cqihWdwdKF8=
 
b8NliLTZ/Dq6cqihWdwdKF8=
 
-----END CERTIFICATE-----
 
-----END CERTIFICATE-----
 +
</syntaxhighlight>
 
====client.conf====
 
====client.conf====
 +
<syntaxhighlight>
 
client
 
client
 
dev tun
 
dev tun
Line 68: Line 71:
 
remote-cert-tls server
 
remote-cert-tls server
 
auth-user-pass
 
auth-user-pass
 +
</syntaxhighlight>
 
====client.crt====
 
====client.crt====
 +
<syntaxhighlight>
 
Certificate:
 
Certificate:
 
     Data:
 
     Data:
Line 139: Line 144:
 
Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA==
 
Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA==
 
-----END CERTIFICATE-----
 
-----END CERTIFICATE-----
 +
</syntaxhighlight>
 
====client.key====
 
====client.key====
 +
<syntaxhighlight>
 
-----BEGIN PRIVATE KEY-----
 
-----BEGIN PRIVATE KEY-----
 
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM
 
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM
Line 156: Line 163:
 
G6WP7EPsGNnTkA==
 
G6WP7EPsGNnTkA==
 
-----END PRIVATE KEY-----
 
-----END PRIVATE KEY-----
 +
</syntaxhighlight>

Latest revision as of 16:24, 18 March 2015

Installing an OpenVPN client:

Usually, the easiest way to install an OpenVPN client is to use the package management system for your particular Linux distribution. Run one of the following commands (as root):

Fedora/CentOS/RedHat:

yum install openvpn
  • NOTE: OpenVPN Access Server is not compatible with any version below the 2.1 OpenVPN Community/Linux client!

Ubuntu/Debian:

apt-get install openvpn

Once the openvpn package is fetched from the Internet and installed, run the client with the --version argument to make sure that it is version 2.1: 

openvpn --version
OpenVPN 2.1_rc15e x86_64-unknown-linux-gnu [...]
[...]

Running the OpenVPN client with the downloaded client config file: Usually, the easiest way to install an OpenVPN client is to use the --config argument to specify the location of the downloaded client config file: 

openvpn --config client.ovpn

Hadoop System for Lyman Phun

we need the following files in directory for openvpn to use

ca.crt:

-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIJALMM++RcQqxCMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEQMA4GA1UEBxMHU2FuSm9zZTEPMA0GA1UEChMG
U01DU1JWMQ8wDQYDVQQDEwZzbWNzcnYxEzARBgNVBCkTClNNQyBTZXJ2ZXIwHhcN
MTMwNzI3MDMzNTEzWhcNMjMwNzI1MDMzNTEzWjBjMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExEDAOBgNVBAcTB1Nhbkpvc2UxDzANBgNVBAoTBlNNQ1NSVjEPMA0G
A1UEAxMGc21jc3J2MRMwEQYDVQQpEwpTTUMgU2VydmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCzjGoEor65xqZi+zXZIZ6gQ+D4HcXVOHvPCFInb7CQVaZ+
M6u0Hs2+Vw6qwAJGljOcjmjCcBt3ZHMEj5G3uwhb9XjOCkpD0CkxqsObCrJraNif
sKNezYy35+U87oy7afBRYfOKl7rv5DHb4J2DXfpQ1e2VWqa4VjopZypZKWQgfwID
AQABo4HIMIHFMB0GA1UdDgQWBBSquXtTeNE73YJjvrF9CbVdXuSpdjCBlQYDVR0j
BIGNMIGKgBSquXtTeNE73YJjvrF9CbVdXuSpdqFnpGUwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcoIJALMM++RcQqxC
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAdqgEIsCNi4uWeKtvFFxS
zMN3+OEqYOco3/lU0U90S6YL+aZ1la9holWKu5o/37jUbKYFU66ju99ej0SUSOro
l34bFJIqm3Z6F9d/N2Plrs2SvpMrv44iUYD3A7hnvhq19f7wA/szMqeDPBf49LIj
b8NliLTZ/Dq6cqihWdwdKF8=
-----END CERTIFICATE-----

client.conf

client
dev tun
proto udp

remote 64.169.30.57 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key
ns-cert-type server

comp-lzo
verb 3

remote-cert-tls server
auth-user-pass

client.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 129 (0x81)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=CA, L=SanJose, O=SMCSRV, CN=smcsrv/name=SMC Server
        Validity
            Not Before: Mar  6 17:48:16 2015 GMT
            Not After : Apr  5 17:48:16 2015 GMT
        Subject: C=US, ST=CA, L=SanJose, O=SMCSRV, CN=smuk1/name=one supermicrouk/emailAddress=edwinb@supermico.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:a6:86:06:b7:a1:30:19:1a:5b:26:8c:5b:9c:e2:
                    15:59:b7:38:93:8e:60:9e:1d:e5:bc:30:2e:10:06:
                    91:7d:6c:9c:78:2a:dc:7a:18:4f:ca:48:6f:5c:bf:
                    a7:69:67:1d:9d:94:a3:75:39:f8:14:1e:c3:9a:33:
                    90:8a:f7:de:91:59:f9:3b:67:aa:05:f8:0d:80:fe:
                    0e:43:1f:fd:a1:f9:f1:57:01:72:36:bc:40:29:2c:
                    07:52:e8:bd:1c:42:d6:89:67:44:85:f7:0d:af:8f:
                    b8:44:c4:f5:b5:30:99:1c:2a:90:c2:75:76:70:96:
                    ca:23:c8:12:ed:59:e3:2e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                F3:EC:B5:7B:A4:B2:6D:57:4E:D0:A4:F9:54:B4:9A:92:2F:60:A7:44
            X509v3 Authority Key Identifier: 
                keyid:AA:B9:7B:53:78:D1:3B:DD:82:63:BE:B1:7D:09:B5:5D:5E:E4:A9:76
                DirName:/C=US/ST=CA/L=SanJose/O=SMCSRV/CN=smcsrv/name=SMC Server
                serial:B3:0C:FB:E4:5C:42:AC:42

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
        43:28:ff:c6:02:05:ed:02:3e:d8:13:6b:98:9d:7b:4d:3d:dd:
        40:10:2e:78:86:c4:46:a6:d0:42:b4:ce:c6:ed:47:e3:66:c2:
        af:23:3e:8f:c6:51:b6:99:c0:18:69:5b:f1:06:1f:92:3a:e4:
        76:c0:36:bb:21:38:85:a2:fb:74:7b:16:56:24:ad:c0:fa:78:
        6a:04:ba:ee:4c:b0:33:15:e9:24:49:e1:91:61:90:ad:9d:bc:
        d4:02:3b:f0:bf:73:e6:aa:4f:4c:6a:64:99:77:ff:04:5b:4a:
        de:e1:df:c2:3c:fa:39:b1:6a:ad:50:e8:41:3b:4d:d1:34:83:
        4e:4c
-----BEGIN CERTIFICATE-----
MIIDgTCCAuqgAwIBAgICAIEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcjAeFw0xNTAzMDYx
NzQ4MTZaFw0xNTA0MDUxNzQ4MTZaMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
Q0ExEDAOBgNVBAcTB1Nhbkpvc2UxDzANBgNVBAoTBlNNQ1NSVjEOMAwGA1UEAxMF
c211azExGTAXBgNVBCkTEG9uZSBzdXBlcm1pY3JvdWsxIzAhBgkqhkiG9w0BCQEW
FGVkd2luYkBzdXBlcm1pY28uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCmhga3oTAZGlsmjFuc4hVZtziTjmCeHeW8MC4QBpF9bJx4Ktx6GE/KSG9cv6dp
Zx2dlKN1OfgUHsOaM5CK996RWfk7Z6oF+A2A/g5DH/2h+fFXAXI2vEApLAdS6L0c
QtaJZ0SF9w2vj7hExPW1MJkcKpDCdXZwlsojyBLtWeMutQIDAQABo4IBFzCCARMw
CQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBTz7LV7pLJtV07QpPlUtJqSL2CnRDCBlQYDVR0j
BIGNMIGKgBSquXtTeNE73YJjvrF9CbVdXuSpdqFnpGUwYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRAwDgYDVQQHEwdTYW5Kb3NlMQ8wDQYDVQQKEwZTTUNTUlYx
DzANBgNVBAMTBnNtY3NydjETMBEGA1UEKRMKU01DIFNlcnZlcoIJALMM++RcQqxC
MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
AAOBgQBDKP/GAgXtAj7YE2uYnXtNPd1AEC54hsRGptBCtM7G7UfjZsKvIz6PxlG2
mcAYaVvxBh+SOuR2wDa7ITiFovt0exZWJK3A+nhqBLruTLAzFekkSeGRYZCtnbzU
Ajvwv3Pmqk9MamSZd/8EW0re4d/CPPo5sWqtUOhBO03RNINOTA==
-----END CERTIFICATE-----

client.key

-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaGBrehMBkaWyaM
W5ziFVm3OJOOYJ4d5bwwLhAGkX1snHgq3HoYT8pIb1y/p2lnHZ2Uo3U5+BQew5oz
kIr33pFZ+TtnqgX4DYD+DkMf/aH58VcBcja8QCksB1LovRxC1olnRIX3Da+PuETE
9bUwmRwqkMJ1dnCWyiPIEu1Z4y61AgMBAAECgYBYCuCeUfC2NQMgXHFLfxU+u+qD
yXE36CLA3tBb1L0zjSslNbQgMZ5uGuIWLZZ72fMEj8PkhOOu750HeF/hua/IW0Ip
aGq9zvUr3KGvt3JtbYyk30Zes23lltFm8GL0aMPgLMaizLjAgTDV5Wf2zdfcPtP7
t578iZcNnyPap0Et+QJBANb1RHMYrOYIa8c0HUx4Z5wcurwt1epVFGCuuUOP+7n6
bSObl/OMtpqUTzqAPDmpAeQOOz9Uupt5o0PEsu6FPj8CQQDGUV96lohi7YX5U6pv
e8tSkgZwa2rej/pD+QdU3iB+CprGQwzP89WsD8RCjupywjix338w2fDnzEZAluod
2f4LAkBIYcZuyzxNKUDBjzbebRzWYIYwn26MvaFi/PK9YVpuQXlGqDn+dL94RcB3
/n5JHDPay0AAD1PWzpq/Uxi9YHiZAkEAvrXb+nguOewubQC/IqxKb2ILnSo/QD32
rk0ZdsyRNIQgKM6r0IKslOUol9T1slwBx1Ok7aZ324D+gfhetUw/1wJAYpj47opx
1oTZB79tbLn9jrRCHd9N/A420NQ9nLsD6BP7Z1sFDA1Slgh+/U+VGoBzRRKMumqi
G6WP7EPsGNnTkA==
-----END PRIVATE KEY-----
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Openvpn&oldid=6094"