Professional Documents
Culture Documents
Tài liệu Open VPN
Tài liệu Open VPN
+ a public key and private key for the server and each client
+ a master Certificate Authority (CA) certificate and key which is used to sign
each of the server and client certificates.
Before you can proceed, copy the easy-rsa configuration directory to a different
location to ensure that that future OpenVPN package upgrades won’t overwrite
your modifications.
# cp -r /usr/share/easy-rsa /etc/
Next, initialize the PKI.
# cd /etc/easy-rsa/
1
# ./easyrsa init-pki
Once the PKI is initialized, /etc/easy-rsa/pki is created.
- Generate the Certificate Authority (CA) Certificate and Key
Next, generate the CA certificate and key for signing OpenVPN server and client
certificates.
#cd /etc/easy-rsa/
#./easyrsa build-ca
This will prompt you for the CA key passphrase and the server common name.
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/easy-rsa/pki/ca.crt
2
# ./easyrsa gen-dh
DH parameters of size 2048 created at /etc/easy-rsa/pki/dh.pem.
Generate OpenVPN Server Certificate and Key
To generate a certificate and private key for the OpenVPN server, run the command
below;
# cd /etc/easy-rsa
# ./easyrsa build-server-full server nopass
Enter the CA key passphrase create above to generate the certificates and keys.
Generate Hash-based Message Authentication Code (HMAC) key
TLS/SSL pre-shared authentication key is used as an additional HMAC signature on all
SSL/TLS handshake packets to avoid DoS attack and UDP port flooding. This can be
generated using the command;
3
# ./easyrsa build-client-full manpack3 nopass
File OpenVPN Server
4
3. Configure Open VPN on ACKSYS
Server Open VPN
5
Client Network Remote
Tab Basic Settings>>Client Network
Set network :
Netmask :
State at startup : Up
Protocol : TCP
Listener port :1194
Authentication digest :AHA512
Data channel encryption algorithm : AES-256
6
TLS channel HMAC protection : ta.key
Revoked certificates list : ca.key
7
OpenVPN instance description : vpn1
Root CA certificate : manpack2.crt
Remote openVPN server addess : 123.24.142.244
8
Client certificate :crl.pem
Client private key :dh.pem
State at startup : Up
Protocol : TCP
Listener port :1198
Authentication digest :AHA512
Data channel encryption algorithm : AES-256
9
TLS channel HMAC protection : ta.key
Revoked certificates list : manpack2.key
10
11