Differences

This shows you the differences between two versions of the page.

--- informatica:linux:openvpn [2015/02/02 13:41] – [Procedimiento generico] javi
+++ informatica:linux:openvpn [2018/01/05 09:36] – [Instalacion y configuracion] javi
@@ Line 22: / Line 22: @@
 <code>
-cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
+cd /usr/share/easy-rsa
 sudo su
 vim vars
@@ Line 44: / Line 44: @@
 ./clean-all
 ./build-ca
+</code>
+Error:
+<code>
+grep: /usr/share/easy-rsa/openssl.cnf: No such file or directory
+pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong
+version of openssl.cnf: /usr/share/easy-rsa/openssl.cnf
+The correct version should have a comment that says: easy-rsa version 2.x
+</code>
+Solución:
+  ln -s openssl-1.0.0.cnf openssl.cnf
+Y volver a intentar:
+  ./build-ca
+Error:
+<code>
+unable to find 'distinguished_name' in config
+problems making Certificate Request
+1995425184:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:../crypto/conf/conf_lib.c:272:
+</code>
+Desconozco el motivo, pero se resuleve editando las lineas en las que se le asigna un valor a la variable "subjectAltName", en mi caso 2 veces:
+  vim openssl.cnf
+Y cambio los valores:
+<code>
+# anyadido
+#subjectAltName=$ENV::KEY_ALTNAMES
+subjectAltName=email:copy
+</code>
+Y volver a intentar:
+  ./build-ca
+Ahora a contestar las preguntas y pulsar "enter" al final de cada una:
+<code>
+Country Name (2 letter code) [US]:ES
+State or Province Name (full name) [BC]:
+Locality Name (eg, city) [Barcelona]:
+Organization Name (eg, company) [Contrabanda FM]:
+Organizational Unit Name (eg, section) [Tècnica]:
+Common Name (eg, your name or your server's hostname) [ContrabandaFM]:
+Name [EasyRSA]:
+Email Address [admin@example.com]:
 </code>
@@ Line 51: / Line 105: @@
   ./build-key-server server
+Ahora a contestar las preguntas y pulsar "enter" al final de cada una:
+<code>
+Country Name (2 letter code) [US]:ES
+State or Province Name (full name) [BC]:
+Locality Name (eg, city) [Barcelona]:
+Organization Name (eg, company) [Contrabanda FM]:
+Organizational Unit Name (eg, section) [Tècnica]:
+Common Name (eg, your name or your server's hostname) [ContrabandaFM]:
+Name [EasyRSA]:
+Email Address [admin@example.com]:
+</code>
+Las contraseñas las dejo en blanco:
+  A challenge password []:
+  An optional company name []:
+Y aquí hay que pulsar "y" más "enter":
+  Sign the certificate? [y/n]:
+out of 1 certificate requests certified, commit? [y/n]
 .2. Generate Diffie Hellman parameters
+**OJO**: puede llevar mucho tiempo, unos 15 minutos:
   ./build-dh
-.3. Mover llaves
+.3. Mover llaves (revisar, no estoy seguro de que haya que mover en lugar de copiar nada):
   mkdir -p /etc/openvpn/keys/server
@@ Line 71: / Line 150: @@
 Yo lo he dejado asi:
+**TODO**: seguir desde aquí
 <code>
@@ Line 143: / Line 224: @@
   mkdir -p ~/openvpn/client1
-  user="client1"; cp keys/ca.crt ~/openvpn/$user; cp keys/ca.crt ~/openvpn/$user; mv keys/$user.crt keys/$user.key ~/openvpn/$user
+  user="client1"; cp keys/ca.crt ~/openvpn/$user; cp keys/ta.key ~/openvpn/$user; mv keys/$user.crt keys/$user.key ~/openvpn/$user
   rm -fr keys/client1.csr
@@ Line 770: / Line 851: @@
   Please enter the following 'extra' attributes
   to be sent with your certificate request
-  A challenge password []:fermin99
+  A challenge password []:mysecretpassword
   An optional company name []:
   Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf