informatica:linux:openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
informatica:linux:openvpn [2015/02/02 13:43] – [Procedimiento generico] javi | informatica:linux:openvpn [2018/01/05 10:05] – [Migracion a openvpn >=2.3] javi | ||
---|---|---|---|
Line 22: | Line 22: | ||
< | < | ||
- | cd /usr/share/ | + | cd / |
sudo su | sudo su | ||
vim vars | vim vars | ||
Line 44: | Line 44: | ||
./clean-all | ./clean-all | ||
./build-ca | ./build-ca | ||
+ | </ | ||
+ | |||
+ | Error: | ||
+ | |||
+ | < | ||
+ | grep: / | ||
+ | pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong | ||
+ | version of openssl.cnf: | ||
+ | The correct version should have a comment that says: easy-rsa version 2.x | ||
+ | </ | ||
+ | |||
+ | Solución: | ||
+ | |||
+ | ln -s openssl-1.0.0.cnf openssl.cnf | ||
+ | |||
+ | Y volver a intentar: | ||
+ | |||
+ | ./build-ca | ||
+ | | ||
+ | Error: | ||
+ | |||
+ | < | ||
+ | unable to find ' | ||
+ | problems making Certificate Request | ||
+ | 1995425184: | ||
+ | </ | ||
+ | |||
+ | Desconozco el motivo, pero se resuleve editando las lineas en las que se le asigna un valor a la variable " | ||
+ | |||
+ | vim openssl.cnf | ||
+ | | ||
+ | Y cambio los valores: | ||
+ | |||
+ | < | ||
+ | # anyadido | ||
+ | # | ||
+ | subjectAltName=email: | ||
+ | </ | ||
+ | |||
+ | Y volver a intentar: | ||
+ | |||
+ | ./build-ca | ||
+ | |||
+ | Ahora a contestar las preguntas y pulsar " | ||
+ | |||
+ | < | ||
+ | Country Name (2 letter code) [US]:ES | ||
+ | State or Province Name (full name) [BC]: | ||
+ | Locality Name (eg, city) [Barcelona]: | ||
+ | Organization Name (eg, company) [Contrabanda FM]: | ||
+ | Organizational Unit Name (eg, section) [Tècnica]: | ||
+ | Common Name (eg, your name or your server' | ||
+ | Name [EasyRSA]: | ||
+ | Email Address [admin@example.com]: | ||
</ | </ | ||
Line 51: | Line 105: | ||
./ | ./ | ||
+ | |||
+ | Ahora a contestar las preguntas y pulsar " | ||
+ | |||
+ | < | ||
+ | Country Name (2 letter code) [US]:ES | ||
+ | State or Province Name (full name) [BC]: | ||
+ | Locality Name (eg, city) [Barcelona]: | ||
+ | Organization Name (eg, company) [Contrabanda FM]: | ||
+ | Organizational Unit Name (eg, section) [Tècnica]: | ||
+ | Common Name (eg, your name or your server' | ||
+ | Name [EasyRSA]: | ||
+ | Email Address [admin@example.com]: | ||
+ | </ | ||
+ | |||
+ | Las contraseñas las dejo en blanco: | ||
+ | |||
+ | A challenge password []: | ||
+ | An optional company name []: | ||
+ | |||
+ | Y aquí hay que pulsar " | ||
+ | |||
+ | Sign the certificate? | ||
+ | 1 out of 1 certificate requests certified, commit? [y/n] | ||
4.2. Generate Diffie Hellman parameters | 4.2. Generate Diffie Hellman parameters | ||
+ | **OJO**: puede llevar mucho tiempo, unos 15 minutos: | ||
+ | |||
./build-dh | ./build-dh | ||
- | 4.3. Mover llaves | + | 4.3. Mover llaves |
mkdir -p / | mkdir -p / | ||
Line 79: | Line 158: | ||
cert / | cert / | ||
key / | key / | ||
- | dh / | + | dh / |
server 172.16.0.0 255.255.255.0 | server 172.16.0.0 255.255.255.0 | ||
ifconfig-pool-persist ipp.txt | ifconfig-pool-persist ipp.txt | ||
Line 104: | Line 183: | ||
===== Generar claves de los clientes ===== | ===== Generar claves de los clientes ===== | ||
- | ==== Migracion a openvpn >=2.3 ==== | ||
- | |||
- | **IMPORTANTE**: | ||
- | |||
- | 0. Instalar paquete, ahora ya NO es parte de openvpn | ||
- | |||
- | sudo aptitude install easy-rsa | ||
- | | ||
- | 1. **IMPORTANTE**: | ||
- | cd / | ||
- | mv keys keys.old | ||
- | sudo mv / | ||
==== Procedimiento generico ==== | ==== Procedimiento generico ==== | ||
Line 770: | Line 837: | ||
Please enter the following ' | Please enter the following ' | ||
to be sent with your certificate request | to be sent with your certificate request | ||
- | A challenge password []:fermin99 | + | A challenge password []:mysecretpassword |
An optional company name []: | An optional company name []: | ||
Using configuration from / | Using configuration from / |
informatica/linux/openvpn.txt · Last modified: 2018/01/05 14:20 by javi