Difference between revisions of "OpenVPN"

From HackerNet
Jump to: navigation, search
(Created page with "<gallery> Openvpn1.png </gallery>")
 
Tag: visualeditor
Line 1: Line 1:
<gallery>
+
== Server ==
Openvpn1.png
+
Detta är exempelkonf med säkerhet i åtanke
</gallery>
+
 
 +
== Klient ==
 +
Klientkonf som funkar till serverkonfen ovan.
 +
 
 +
client
 +
 
 +
dev tun0
 +
 
 +
proto udp
 +
 
 +
remote vpn.harsbo.se 1194
 +
 
 +
resolv-retry infinite
 +
 
 +
nobind
 +
 
 +
ca [inline]
 +
 
 +
cert Klient1.crt
 +
 
 +
key Klient1.pem
 +
 
 +
auth-user-pass auth.txt
 +
 
 +
tls-client
 +
 
 +
tls-auth [inline] 1
 +
 
 +
verify-x509-name vpn.harsbo.se name
 +
 
 +
keepalive 10 30
 +
 
 +
cipher AES-256-CBC
 +
 
 +
persist-key
 +
 
 +
persist-tun
 +
 
 +
comp-lzo
 +
 
 +
tun-mtu 1500
 +
 
 +
mssfix 1200
 +
 
 +
verb 3
 +
 
 +
 
 +
 
 +
<ca>
 +
 
 +
<nowiki>-----</nowiki>BEGIN CERTIFICATE-----
 +
 
 +
MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux
 +
 
 +
EzARBgNVBAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBB
 +
 
 +
dXRob3JpdHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMB4XDTE0
 +
 
 +
MDgyNTEwMDQwMFoXDTI0MDgyNTEwMDQwMFowaDELMAkGA1UEBhMCU0UxEzARBgNV
 +
 
 +
BAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBBdXRob3Jp
 +
 
 +
dHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMIICIjANBgkqhkiG
 +
 
 +
9w0BAQEFAAOCAg8AMIICCgKCAgEAvY+8pJ0c3240WqGo9ua7RRc10UzVvbmfMPo2
 +
 
 +
4YwzsZ7IIwBzvW8u1LOjPK9vLy4M3R+A1egipo6LY0wfFxACY6wgERI7EnpWoBRY
 +
 
 +
JLgpYM8Wl8l4xZAgpsjQh/IsBM7CuiGLD0+ieKMGQ7u24IxQztNMgP1MpBm42nz7
 +
 
 +
fDZ66d7v7m7uxmvzTbekt3gshJn1GFAzF7HABBT2MVGpV+nGaZ9vT20DP5q/eup0
 +
 
 +
7qsfue3a6oAQWkC8fI9a9sg6zHG5QV94v3Avns+7dvSKu5E4iOMkl10LW9GQw0R3
 +
 
 +
DCjtx5HuAzH/t9fH7+QsLnwrWUhJq966avenrvgnv2X6i137I41SM3FdW/w3cnoa
 +
 
 +
gyA7pBKVjR7ibLMA7aSi5Wd/CNlok0UJT7deF4w9jlb0qbXeI+WgsPZOVoRK6XVZ
 +
 
 +
glmpG96NHKWZIMSmQOVVlbuQUfTjJYaC6CakzN8XaL5Lea+VIQvAhP1G6144j2c3
 +
 
 +
IoDriRGmnhqS6sOviJ9NtCttfyxgJcbw18PvpTznQnjdm9fWYLdVgLztpYtK7EVz
 +
 
 +
9Iutt+nmByHoyiBM22ycO74CrPmVfXVzLClzAFBkP9WYmmT+OTgEwpLf+NkWvDjZ
 +
 
 +
xILX6giEAndpA0D9Grgu9Bz7QARED4VMIkGvKGsjJ/oS/TXZvry6ntv9/Mj8uQCW
 +
 
 +
Dv5G+hMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUG/ZIN0NV
 +
 
 +
VBYXy187KAoxaVKz8CIwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IC
 +
 
 +
AQBuZowF6rjK77HPIxdLAysRVtJm1P5FP50Z0Fd6EjV9lUUMzdNL96IMEiBfRC7E
 +
 
 +
8qLwqu6O5cYA6DJ1MaG3gOQ9NYVWHhQwFjpXFzFzv15/dbnVfb4dzBV7+lPYafgP
 +
 
 +
TzSQ+MUJ5tWY9P+1L+CL9QtCvUc/ulosAMRllL6k7hTGbAs7Gq7sIGAG6gklDWlt
 +
 
 +
s0KV9VUc/X243U3XxvxyoPoKCs7KZlXySRQzujzEazuk3pYsQD1pYAnVoP+TilF0
 +
 
 +
idclpX5b/xQf4AiIOuS8EcD5q8lEn9G/KLP1Mb48LZ8BRAQxHumzbnG/FWXXqC4R
 +
 
 +
V5xTn/Ji4UmMRptbVg0JxlL7ghNSrU0mo0ahNttxamXNAA4l2GQnR+Ea/zds89se
 +
 
 +
SVNNetDHxc8clXbVGMW1fI7ifKJc5JsEYRnl71Er3+bTD1TO1Al9O3CBkOl9IHcL
 +
 
 +
B9E1GlY0m9MnApO/TQ8ZK5CsQDichQO35nb71XuWqmeNicPzK9P86EkZORRPl+mc
 +
 
 +
gMvVk9FAXpbOf+nO3hUzC+tv7eyBj/To3T3j1y7NATB8sfOqzXm1H/MJuXG4gIDY
 +
 
 +
iJ8gBubi7g7mXkgFyo05K1rm00Vn94kQRZVRYj+XfVSG423B+MnFi/sxpM4K7krb
 +
 
 +
W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==
 +
 
 +
<nowiki>-----</nowiki>END CERTIFICATE-----
 +
 
 +
</ca>
 +
 
 +
<tls-auth>
 +
 
 +
<nowiki>-----</nowiki>BEGIN OpenVPN Static key V1-----
 +
 
 +
fae4feae672f9e291a40be76ee408106
 +
 
 +
5ff30defe0d24ca75bbf2c9e542cdfae
 +
 
 +
35a8cf4c9a642f2e42e94699c33daba1
 +
 
 +
4f7bf7ee5dca72bf7af51c83dbe87056
 +
 
 +
c76c7bd287143d826a9d3d140db684b3
 +
 
 +
763f3d0627fe108685d72ba0b1970ba3
 +
 
 +
623ccc5fabf652a77884ce0ea0f53765
 +
 
 +
f9f90b48221280a0ce01c830b103bcc4
 +
 
 +
c1777fdffdd7249522aac91efeead501
 +
 
 +
d30ae717734e838d15894a6ad3191851
 +
 
 +
78c673fffaa81a270de025152a3f7b8e
 +
 
 +
bd2393b0fa1444a698261f0b15789828
 +
 
 +
5f7d3e7806c50cea856a40fec6a8506b
 +
 
 +
03b593a1635d6e829265d71ded3510fb
 +
 
 +
dbeee76102c73574a7855edaee451d0f
 +
 
 +
16c46f97c66441da9bcddd2f717672d0
 +
 
 +
<nowiki>-----</nowiki>END OpenVPN Static key V1-----
 +
 
 +
</tls-auth>

Revision as of 19:40, 14 January 2015

Server

Detta är exempelkonf med säkerhet i åtanke

Klient

Klientkonf som funkar till serverkonfen ovan.

client

dev tun0

proto udp

remote vpn.harsbo.se 1194

resolv-retry infinite

nobind

ca [inline]

cert Klient1.crt

key Klient1.pem

auth-user-pass auth.txt

tls-client

tls-auth [inline] 1

verify-x509-name vpn.harsbo.se name

keepalive 10 30

cipher AES-256-CBC

persist-key

persist-tun

comp-lzo

tun-mtu 1500

mssfix 1200

verb 3


<ca>

-----BEGIN CERTIFICATE-----

MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux

EzARBgNVBAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBB

dXRob3JpdHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMB4XDTE0

MDgyNTEwMDQwMFoXDTI0MDgyNTEwMDQwMFowaDELMAkGA1UEBhMCU0UxEzARBgNV

BAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBBdXRob3Jp

dHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMIICIjANBgkqhkiG

9w0BAQEFAAOCAg8AMIICCgKCAgEAvY+8pJ0c3240WqGo9ua7RRc10UzVvbmfMPo2

4YwzsZ7IIwBzvW8u1LOjPK9vLy4M3R+A1egipo6LY0wfFxACY6wgERI7EnpWoBRY

JLgpYM8Wl8l4xZAgpsjQh/IsBM7CuiGLD0+ieKMGQ7u24IxQztNMgP1MpBm42nz7

fDZ66d7v7m7uxmvzTbekt3gshJn1GFAzF7HABBT2MVGpV+nGaZ9vT20DP5q/eup0

7qsfue3a6oAQWkC8fI9a9sg6zHG5QV94v3Avns+7dvSKu5E4iOMkl10LW9GQw0R3

DCjtx5HuAzH/t9fH7+QsLnwrWUhJq966avenrvgnv2X6i137I41SM3FdW/w3cnoa

gyA7pBKVjR7ibLMA7aSi5Wd/CNlok0UJT7deF4w9jlb0qbXeI+WgsPZOVoRK6XVZ

glmpG96NHKWZIMSmQOVVlbuQUfTjJYaC6CakzN8XaL5Lea+VIQvAhP1G6144j2c3

IoDriRGmnhqS6sOviJ9NtCttfyxgJcbw18PvpTznQnjdm9fWYLdVgLztpYtK7EVz

9Iutt+nmByHoyiBM22ycO74CrPmVfXVzLClzAFBkP9WYmmT+OTgEwpLf+NkWvDjZ

xILX6giEAndpA0D9Grgu9Bz7QARED4VMIkGvKGsjJ/oS/TXZvry6ntv9/Mj8uQCW

Dv5G+hMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUG/ZIN0NV

VBYXy187KAoxaVKz8CIwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IC

AQBuZowF6rjK77HPIxdLAysRVtJm1P5FP50Z0Fd6EjV9lUUMzdNL96IMEiBfRC7E

8qLwqu6O5cYA6DJ1MaG3gOQ9NYVWHhQwFjpXFzFzv15/dbnVfb4dzBV7+lPYafgP

TzSQ+MUJ5tWY9P+1L+CL9QtCvUc/ulosAMRllL6k7hTGbAs7Gq7sIGAG6gklDWlt

s0KV9VUc/X243U3XxvxyoPoKCs7KZlXySRQzujzEazuk3pYsQD1pYAnVoP+TilF0

idclpX5b/xQf4AiIOuS8EcD5q8lEn9G/KLP1Mb48LZ8BRAQxHumzbnG/FWXXqC4R

V5xTn/Ji4UmMRptbVg0JxlL7ghNSrU0mo0ahNttxamXNAA4l2GQnR+Ea/zds89se

SVNNetDHxc8clXbVGMW1fI7ifKJc5JsEYRnl71Er3+bTD1TO1Al9O3CBkOl9IHcL

B9E1GlY0m9MnApO/TQ8ZK5CsQDichQO35nb71XuWqmeNicPzK9P86EkZORRPl+mc

gMvVk9FAXpbOf+nO3hUzC+tv7eyBj/To3T3j1y7NATB8sfOqzXm1H/MJuXG4gIDY

iJ8gBubi7g7mXkgFyo05K1rm00Vn94kQRZVRYj+XfVSG423B+MnFi/sxpM4K7krb

W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==

-----END CERTIFICATE-----

</ca>

<tls-auth>

-----BEGIN OpenVPN Static key V1-----

fae4feae672f9e291a40be76ee408106

5ff30defe0d24ca75bbf2c9e542cdfae

35a8cf4c9a642f2e42e94699c33daba1

4f7bf7ee5dca72bf7af51c83dbe87056

c76c7bd287143d826a9d3d140db684b3

763f3d0627fe108685d72ba0b1970ba3

623ccc5fabf652a77884ce0ea0f53765

f9f90b48221280a0ce01c830b103bcc4

c1777fdffdd7249522aac91efeead501

d30ae717734e838d15894a6ad3191851

78c673fffaa81a270de025152a3f7b8e

bd2393b0fa1444a698261f0b15789828

5f7d3e7806c50cea856a40fec6a8506b

03b593a1635d6e829265d71ded3510fb

dbeee76102c73574a7855edaee451d0f

16c46f97c66441da9bcddd2f717672d0

-----END OpenVPN Static key V1-----

</tls-auth>