Openvpn
Arch Linux, CA infrastructure
This section will be added after updating / verifying the info about of working with certificates in OS Arch Linux. »
CentOS 7, CA infrastructure
Install Easy-RSA scripts We will use auxiliary scripts for creating of encryption keys for OpenVPN server and clients. Enable epel repo: yum -y install epel-release yum -y install easy-rsa CA preparation Copy the easy-rsa scripts to OpenVPN config directory: cd /etc/openvpn cp -r /usr/share/easy-rsa/2.0/ ./CA cd CA Set default parameters for certificates in vars file: export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="Hermosa Beach" export KEY_ORG="Adventurer" export KEY_EMAIL="big_boss@adventurer.us" export KEY_OU="Core" Define the version of used openssl: »
OpenVPN
Install OpenVPN packet opkg install openvpn-easy-rsa openvpn-openssl To support configuration OpenVPN in luci you should install the corresponding luci-app opkg install luci-app-openvpn Create CA and keys The actions are similar to actions described in CA preparation for CentOS 7, except the location of CA is hardcoded in the “vars” script as /etc/easy-rsa/. There are configuration files openssl-1.0.0.cnf and vars. Set default parameters for certificates in vars file: »
Configure of clients
First of all, these keys and certificates should be copied to client device: ca.crt CLIENT_NAME.crt CLIENT_NAME.key ta.key Linux Install OpenVPN (Arch Linux): pacman -S openvpn Install OpenVPN (CentOS 7): yum -y install openvpn There are several ways to connect to VPN. OpenVPN client as service Create directory to store of client keys cd <path to directory with client's keys> mkdir /etc/openvpn/client cp ca.crt CLIENT_NAME.crt CLIENT_NAME.key ta. »
OpenVPN
What is it? VPN - Virtual Private Network You may use VPN for: creating of one virtual network from several local networks located in different places; forwarding of internet traffic over VPN server for prevention of interception of data in a non-trusted network or/and to change external IP; creationg of secure connection to corporate or home local network; … VPN can be created using by different protocols: »
Server on CentOS 7
Install OpenVPN yum -y install openvpn Configure OpenVPN server Copy the example of openvpn config file to /etc/openvpn. cd /etc/openvpn cp /usr/share/doc/openvpn-2.4.4/sample/sample-config-files/server.conf ./ Copy keys and certificates to /etc/openvpn/server. cd /etc/openvpn/CA/keys cp ca.crt VPN_SRV_KEY.crt VPN_SRV_KEY.key dh2048.pem ta.key /etc/openvpn/server Edit config file to set parameters for OpenVPN server # Use UDP protocol proto udp dev tun0 # Set server keys and certificates ca /etc/openvpn/server/ca.crt cert /etc/openvpn/server/VPN_SRV_KEY.crt key /etc/openvpn/server/VPN_SRV_KEY. »