OpenVPN with FreeBSD 5.4
Wednesday, 1. March 2006, 14:53:36
First we need to start the bash because some scripts use the "export" command which is not available under freebsd default shell:
We now compile OpenVPN from the ports:
Let's create a cleaner environment by copying the openvpn dir to /etc:
Change into the directory where we have useful scripts:
Now we need give some of the scripts execution rights:
Create the directory where all keys are stored for now:
We now need to define an environment variable that points to the just created "keys"-dir:
Now we are able to execute the following script:
We need to define some things again (please adjust):
We can now build the certificate:
This script will ask for "Common Name" and please enter sth. like "OpenVPN-CA".
Now build the server key:
Again you are asked for "Common Name" and this time you can enter "server".
Next thing is to create a key for your "client":
Guess...you are asked for "Common Name"
. You can enter "client1" here.
We now need to build diffie Hallman parameters. I have no idea for what we need it, but it _is_ needed by the server:
Now edit the server config file:
Be sure to adust at least "ca", "cert", "key" and "dh".
At the end these part must look like this:
And now we copy the server config to our dedicated location:
Let's test our OpenVPN Server:
No errors ? Ok, .... Your server is now running.
Now you need to distribute the keys and you will ask what keys to distribute:
Here a list:
ca.crt -> needed by server and clients
your client1 also needs the file "client1.crt". Go on!
bash
We now compile OpenVPN from the ports:
cd /usr/ports/security/openvpn make install clean
Let's create a cleaner environment by copying the openvpn dir to /etc:
cp -R /usr/local/share/doc/openvpn /etc/
Change into the directory where we have useful scripts:
cd /etc/openvpn/easy-rsa
Now we need give some of the scripts execution rights:
chmod 744 clean-all chmod 744 build-ca
Create the directory where all keys are stored for now:
mkdir keys
We now need to define an environment variable that points to the just created "keys"-dir:
export KEY_DIR=/etc/openvpn/easy-rsa/keys
Now we are able to execute the following script:
./clean-all
We need to define some things again (please adjust):
export KEY_CONFIG=/etc/openvpn/easy-rsa/openssl.cnf export KEY_SIZE=1024 export KEY_COUNTRY=DE export KEY_PROVINCE=NRW export KEY_CITY=BOTTROP export KEY_ORG="OpenVPN-TEST" export KEY_EMAIL="avaurus@gmail.com"
We can now build the certificate:
./build-ca
This script will ask for "Common Name" and please enter sth. like "OpenVPN-CA".
Now build the server key:
./build-key-server server
Again you are asked for "Common Name" and this time you can enter "server".
Next thing is to create a key for your "client":
./build-key client1
Guess...you are asked for "Common Name"
. You can enter "client1" here.We now need to build diffie Hallman parameters. I have no idea for what we need it, but it _is_ needed by the server:
./build-dh
Now edit the server config file:
ee /usr/local/share/doc/openvpn/sample-config-files/server.conf
Be sure to adust at least "ca", "cert", "key" and "dh".
At the end these part must look like this:
# Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh /etc/openvpn/easy-rsa/keys/dh1024.pem
And now we copy the server config to our dedicated location:
cp /usr/local/share/doc/openvpn/sample-config-files/server.conf /etc/openvpn/
Let's test our OpenVPN Server:
openvpn /etc/openvpn/server.conf
No errors ? Ok, ...
. Your server is now running.Now you need to distribute the keys and you will ask what keys to distribute:
Here a list:
ca.crt -> needed by server and clients
your client1 also needs the file "client1.crt". Go on!
(30%)
WIDGETIZE
How to use Quote function: