[главная] | [каталоги]
0 
создан: 2020-12-23 20:46:33
пользователь: cloud раздел: mikrotik
[1253]
OpenVPN Server linux (debian 10) + Client Mikrotik (usb modem, LTE)
1. подготавливаем сервер
1. $ nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
2. $ sysctl -p
2. устанавливаем OpenVPN Server
1. $ apt-get install openvpn
2. $ cp -r /usr/share/easy-rsa /etc/openvpn/
3. $ cd /etc/openvpn/easy-rsa
4. $ nano vars
set_var EASYRSA "$PWD"
set_var EASYRSA_PKI "$EASYRSA/pki"
set_var EASYRSA_DN "org"
set_var EASYRSA_REQ_COUNTRY "RU"
set_var EASYRSA_REQ_PROVINCE "02"
set_var EASYRSA_REQ_CITY "Ufa"
set_var EASYRSA_REQ_ORG "FIZORD CERTIFICATE AUTHORITY"
set_var EASYRSA_REQ_EMAIL "admin@fizord.ru"
set_var EASYRSA_REQ_OU "FIZORD EASY CA"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 7500
set_var EASYRSA_CERT_EXPIRE 7500
set_var EASYRSA_CRL_DAYS 7500
set_var EASYRSA_NS_SUPPORT "no"
set_var EASYRSA_NS_COMMENT "FIZORD CERTIFICATE AUTHORITY"
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"
set_var EASYRSA_CA_EXPIRE 7500 - количество дней (10 лет)
36500 - 100 лет
5. $ ./easyrsa init-pki
Note: using Easy-RSA configuration from: ./vars
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki
6. $ ./easyrsa build-ca
при формирования сертификата ca.crt, попросят ввести пароль
Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:
7. $ ./easyrsa gen-req fizord-server nopass
8. $ ./easyrsa sign-req server fizord-server
Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes
попросит опять таки ввести пароль для ca.crt
[i]Enter pass phrase for ...
загрузить
ещё
ещё