---

0 0

---

создан: 2020-12-23 20:46:33
пользователь: cloud раздел: настройки
[666]

---

1. подготавливаем сервер

1. $ nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

2. $ sysctl -p

2. устанавливаем OpenVPN Server

1. $ apt-get install openvpn

2. $ cp -r /usr/share/easy-rsa /etc/openvpn/

3. $ cd /etc/openvpn/easy-rsa

4. $ nano vars

set_var EASYRSA "$PWD"
set_var EASYRSA_PKI "$EASYRSA/pki"
set_var EASYRSA_DN "org"
set_var EASYRSA_REQ_COUNTRY "RU"
set_var EASYRSA_REQ_PROVINCE "02"
set_var EASYRSA_REQ_CITY "Ufa"
set_var EASYRSA_REQ_ORG "FIZORD CERTIFICATE AUTHORITY"
set_var EASYRSA_REQ_EMAIL     "admin@fizord.ru"
set_var EASYRSA_REQ_OU "FIZORD EASY CA"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE     7500
set_var EASYRSA_CERT_EXPIRE 7500
set_var EASYRSA_CRL_DAYS 7500
set_var EASYRSA_NS_SUPPORT     "no"
set_var EASYRSA_NS_COMMENT     "FIZORD CERTIFICATE AUTHORITY"
set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha256"

set_var EASYRSA_CA_EXPIRE 7500 - количество дней (10 лет)
36500 - 100 лет

5. $ ./easyrsa init-pki

Note: using Easy-RSA configuration from: ./vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/easy-rsa/pki

6. $ ./easyrsa build-ca

при формирования сертификата ca.crt, попросят ввести пароль

Enter New CA Key Passphrase:
Re-Enter New CA Key Passphrase:

7. $ ./easyrsa gen-req fizord-server nopass

8. $ ./easyrsa sign-req server fizord-server

Type the word 'yes' to continue, or any other input to abort.
Confirm request details: yes

попросит опять таки ввести пароль для ca.crt
[i]Enter pass phrase for ...

---