Difference between revisions of "OpenVPN"
From HackerNet
Helikopter (talk | contribs) Tag: visualeditor |
Helikopter (talk | contribs) |
||
| Line 5: | Line 5: | ||
Klientkonf som funkar till serverkonfen ovan. | Klientkonf som funkar till serverkonfen ovan. | ||
| − | client | + | client |
| − | + | dev tun0 | |
| − | dev tun0 | + | proto udp |
| − | + | remote vpn.harsbo.se 1194 | |
| − | proto udp | + | resolv-retry infinite |
| − | + | nobind | |
| − | remote vpn.harsbo.se 1194 | + | ca [inline] |
| − | + | cert Klient1.crt | |
| − | resolv-retry infinite | + | key Klient1.pem |
| − | + | auth-user-pass auth.txt | |
| − | nobind | + | tls-client |
| − | + | tls-auth [inline] 1 | |
| − | ca [inline] | + | verify-x509-name vpn.harsbo.se name |
| − | + | keepalive 10 30 | |
| − | cert Klient1.crt | + | cipher AES-256-CBC |
| − | + | persist-key | |
| − | key Klient1.pem | + | persist-tun |
| − | + | comp-lzo | |
| − | auth-user-pass auth.txt | + | tun-mtu 1500 |
| − | + | mssfix 1200 | |
| − | tls-client | + | verb 3 |
| − | + | ||
| − | tls-auth [inline] 1 | + | <ca> |
| − | + | <nowiki>-----</nowiki>BEGIN CERTIFICATE----- | |
| − | verify-x509-name vpn.harsbo.se name | + | MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux |
| − | + | EzARBgNVBAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBB | |
| − | keepalive 10 30 | + | dXRob3JpdHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMB4XDTE0 |
| − | + | MDgyNTEwMDQwMFoXDTI0MDgyNTEwMDQwMFowaDELMAkGA1UEBhMCU0UxEzARBgNV | |
| − | cipher AES-256-CBC | + | BAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBBdXRob3Jp |
| − | + | dHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMIICIjANBgkqhkiG | |
| − | persist-key | + | 9w0BAQEFAAOCAg8AMIICCgKCAgEAvY+8pJ0c3240WqGo9ua7RRc10UzVvbmfMPo2 |
| − | + | 4YwzsZ7IIwBzvW8u1LOjPK9vLy4M3R+A1egipo6LY0wfFxACY6wgERI7EnpWoBRY | |
| − | persist-tun | + | JLgpYM8Wl8l4xZAgpsjQh/IsBM7CuiGLD0+ieKMGQ7u24IxQztNMgP1MpBm42nz7 |
| − | + | fDZ66d7v7m7uxmvzTbekt3gshJn1GFAzF7HABBT2MVGpV+nGaZ9vT20DP5q/eup0 | |
| − | comp-lzo | + | 7qsfue3a6oAQWkC8fI9a9sg6zHG5QV94v3Avns+7dvSKu5E4iOMkl10LW9GQw0R3 |
| − | + | DCjtx5HuAzH/t9fH7+QsLnwrWUhJq966avenrvgnv2X6i137I41SM3FdW/w3cnoa | |
| − | tun-mtu 1500 | + | gyA7pBKVjR7ibLMA7aSi5Wd/CNlok0UJT7deF4w9jlb0qbXeI+WgsPZOVoRK6XVZ |
| − | + | glmpG96NHKWZIMSmQOVVlbuQUfTjJYaC6CakzN8XaL5Lea+VIQvAhP1G6144j2c3 | |
| − | mssfix 1200 | + | IoDriRGmnhqS6sOviJ9NtCttfyxgJcbw18PvpTznQnjdm9fWYLdVgLztpYtK7EVz |
| − | + | 9Iutt+nmByHoyiBM22ycO74CrPmVfXVzLClzAFBkP9WYmmT+OTgEwpLf+NkWvDjZ | |
| − | verb 3 | + | xILX6giEAndpA0D9Grgu9Bz7QARED4VMIkGvKGsjJ/oS/TXZvry6ntv9/Mj8uQCW |
| − | + | Dv5G+hMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUG/ZIN0NV | |
| − | + | VBYXy187KAoxaVKz8CIwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IC | |
| − | + | AQBuZowF6rjK77HPIxdLAysRVtJm1P5FP50Z0Fd6EjV9lUUMzdNL96IMEiBfRC7E | |
| − | <ca> | + | 8qLwqu6O5cYA6DJ1MaG3gOQ9NYVWHhQwFjpXFzFzv15/dbnVfb4dzBV7+lPYafgP |
| − | + | TzSQ+MUJ5tWY9P+1L+CL9QtCvUc/ulosAMRllL6k7hTGbAs7Gq7sIGAG6gklDWlt | |
| − | <nowiki>-----</nowiki>BEGIN CERTIFICATE----- | + | s0KV9VUc/X243U3XxvxyoPoKCs7KZlXySRQzujzEazuk3pYsQD1pYAnVoP+TilF0 |
| − | + | idclpX5b/xQf4AiIOuS8EcD5q8lEn9G/KLP1Mb48LZ8BRAQxHumzbnG/FWXXqC4R | |
| − | MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux | + | V5xTn/Ji4UmMRptbVg0JxlL7ghNSrU0mo0ahNttxamXNAA4l2GQnR+Ea/zds89se |
| − | + | SVNNetDHxc8clXbVGMW1fI7ifKJc5JsEYRnl71Er3+bTD1TO1Al9O3CBkOl9IHcL | |
| − | EzARBgNVBAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBB | + | B9E1GlY0m9MnApO/TQ8ZK5CsQDichQO35nb71XuWqmeNicPzK9P86EkZORRPl+mc |
| − | + | gMvVk9FAXpbOf+nO3hUzC+tv7eyBj/To3T3j1y7NATB8sfOqzXm1H/MJuXG4gIDY | |
| − | dXRob3JpdHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMB4XDTE0 | + | iJ8gBubi7g7mXkgFyo05K1rm00Vn94kQRZVRYj+XfVSG423B+MnFi/sxpM4K7krb |
| − | + | W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== | |
| − | MDgyNTEwMDQwMFoXDTI0MDgyNTEwMDQwMFowaDELMAkGA1UEBhMCU0UxEzARBgNV | + | <nowiki>-----</nowiki>END CERTIFICATE----- |
| − | + | </ca> | |
| − | BAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBBdXRob3Jp | + | |
| − | + | <tls-auth> | |
| − | dHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMIICIjANBgkqhkiG | + | <nowiki>-----</nowiki>BEGIN OpenVPN Static key V1----- |
| − | + | fae4feae672f9e291a40be76ee408106 | |
| − | 9w0BAQEFAAOCAg8AMIICCgKCAgEAvY+8pJ0c3240WqGo9ua7RRc10UzVvbmfMPo2 | + | 5ff30defe0d24ca75bbf2c9e542cdfae |
| − | + | 35a8cf4c9a642f2e42e94699c33daba1 | |
| − | 4YwzsZ7IIwBzvW8u1LOjPK9vLy4M3R+A1egipo6LY0wfFxACY6wgERI7EnpWoBRY | + | 4f7bf7ee5dca72bf7af51c83dbe87056 |
| − | + | c76c7bd287143d826a9d3d140db684b3 | |
| − | JLgpYM8Wl8l4xZAgpsjQh/IsBM7CuiGLD0+ieKMGQ7u24IxQztNMgP1MpBm42nz7 | + | 763f3d0627fe108685d72ba0b1970ba3 |
| − | + | 623ccc5fabf652a77884ce0ea0f53765 | |
| − | fDZ66d7v7m7uxmvzTbekt3gshJn1GFAzF7HABBT2MVGpV+nGaZ9vT20DP5q/eup0 | + | f9f90b48221280a0ce01c830b103bcc4 |
| − | + | c1777fdffdd7249522aac91efeead501 | |
| − | 7qsfue3a6oAQWkC8fI9a9sg6zHG5QV94v3Avns+7dvSKu5E4iOMkl10LW9GQw0R3 | + | d30ae717734e838d15894a6ad3191851 |
| − | + | 78c673fffaa81a270de025152a3f7b8e | |
| − | DCjtx5HuAzH/t9fH7+QsLnwrWUhJq966avenrvgnv2X6i137I41SM3FdW/w3cnoa | + | bd2393b0fa1444a698261f0b15789828 |
| − | + | 5f7d3e7806c50cea856a40fec6a8506b | |
| − | gyA7pBKVjR7ibLMA7aSi5Wd/CNlok0UJT7deF4w9jlb0qbXeI+WgsPZOVoRK6XVZ | + | 03b593a1635d6e829265d71ded3510fb |
| − | + | dbeee76102c73574a7855edaee451d0f | |
| − | glmpG96NHKWZIMSmQOVVlbuQUfTjJYaC6CakzN8XaL5Lea+VIQvAhP1G6144j2c3 | + | 16c46f97c66441da9bcddd2f717672d0 |
| − | + | <nowiki>-----</nowiki>END OpenVPN Static key V1----- | |
| − | IoDriRGmnhqS6sOviJ9NtCttfyxgJcbw18PvpTznQnjdm9fWYLdVgLztpYtK7EVz | + | </tls-auth> |
| − | |||
| − | 9Iutt+nmByHoyiBM22ycO74CrPmVfXVzLClzAFBkP9WYmmT+OTgEwpLf+NkWvDjZ | ||
| − | |||
| − | xILX6giEAndpA0D9Grgu9Bz7QARED4VMIkGvKGsjJ/oS/TXZvry6ntv9/Mj8uQCW | ||
| − | |||
| − | Dv5G+hMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUG/ZIN0NV | ||
| − | |||
| − | VBYXy187KAoxaVKz8CIwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IC | ||
| − | |||
| − | AQBuZowF6rjK77HPIxdLAysRVtJm1P5FP50Z0Fd6EjV9lUUMzdNL96IMEiBfRC7E | ||
| − | |||
| − | 8qLwqu6O5cYA6DJ1MaG3gOQ9NYVWHhQwFjpXFzFzv15/dbnVfb4dzBV7+lPYafgP | ||
| − | |||
| − | TzSQ+MUJ5tWY9P+1L+CL9QtCvUc/ulosAMRllL6k7hTGbAs7Gq7sIGAG6gklDWlt | ||
| − | |||
| − | s0KV9VUc/X243U3XxvxyoPoKCs7KZlXySRQzujzEazuk3pYsQD1pYAnVoP+TilF0 | ||
| − | |||
| − | idclpX5b/xQf4AiIOuS8EcD5q8lEn9G/KLP1Mb48LZ8BRAQxHumzbnG/FWXXqC4R | ||
| − | |||
| − | V5xTn/Ji4UmMRptbVg0JxlL7ghNSrU0mo0ahNttxamXNAA4l2GQnR+Ea/zds89se | ||
| − | |||
| − | SVNNetDHxc8clXbVGMW1fI7ifKJc5JsEYRnl71Er3+bTD1TO1Al9O3CBkOl9IHcL | ||
| − | |||
| − | B9E1GlY0m9MnApO/TQ8ZK5CsQDichQO35nb71XuWqmeNicPzK9P86EkZORRPl+mc | ||
| − | |||
| − | gMvVk9FAXpbOf+nO3hUzC+tv7eyBj/To3T3j1y7NATB8sfOqzXm1H/MJuXG4gIDY | ||
| − | |||
| − | iJ8gBubi7g7mXkgFyo05K1rm00Vn94kQRZVRYj+XfVSG423B+MnFi/sxpM4K7krb | ||
| − | |||
| − | W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== | ||
| − | |||
| − | <nowiki>-----</nowiki>END CERTIFICATE----- | ||
| − | |||
| − | </ca> | ||
| − | |||
| − | <tls-auth> | ||
| − | |||
| − | <nowiki>-----</nowiki>BEGIN OpenVPN Static key V1----- | ||
| − | |||
| − | fae4feae672f9e291a40be76ee408106 | ||
| − | |||
| − | 5ff30defe0d24ca75bbf2c9e542cdfae | ||
| − | |||
| − | 35a8cf4c9a642f2e42e94699c33daba1 | ||
| − | |||
| − | 4f7bf7ee5dca72bf7af51c83dbe87056 | ||
| − | |||
| − | c76c7bd287143d826a9d3d140db684b3 | ||
| − | |||
| − | 763f3d0627fe108685d72ba0b1970ba3 | ||
| − | |||
| − | 623ccc5fabf652a77884ce0ea0f53765 | ||
| − | |||
| − | f9f90b48221280a0ce01c830b103bcc4 | ||
| − | |||
| − | c1777fdffdd7249522aac91efeead501 | ||
| − | |||
| − | d30ae717734e838d15894a6ad3191851 | ||
| − | |||
| − | 78c673fffaa81a270de025152a3f7b8e | ||
| − | |||
| − | bd2393b0fa1444a698261f0b15789828 | ||
| − | |||
| − | 5f7d3e7806c50cea856a40fec6a8506b | ||
| − | |||
| − | 03b593a1635d6e829265d71ded3510fb | ||
| − | |||
| − | dbeee76102c73574a7855edaee451d0f | ||
| − | |||
| − | 16c46f97c66441da9bcddd2f717672d0 | ||
| − | |||
| − | <nowiki>-----</nowiki>END OpenVPN Static key V1----- | ||
| − | |||
| − | </tls-auth> | ||
Revision as of 19:42, 14 January 2015
Server
Detta är exempelkonf med säkerhet i åtanke
Klient
Klientkonf som funkar till serverkonfen ovan.
client dev tun0 proto udp remote vpn.harsbo.se 1194 resolv-retry infinite nobind ca [inline] cert Klient1.crt key Klient1.pem auth-user-pass auth.txt tls-client tls-auth [inline] 1 verify-x509-name vpn.harsbo.se name keepalive 10 30 cipher AES-256-CBC persist-key persist-tun comp-lzo tun-mtu 1500 mssfix 1200 verb 3 <ca> -----BEGIN CERTIFICATE----- MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux EzARBgNVBAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBB dXRob3JpdHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMB4XDTE0 MDgyNTEwMDQwMFoXDTI0MDgyNTEwMDQwMFowaDELMAkGA1UEBhMCU0UxEzARBgNV BAoTCkhhcnNibyBJbmMxJTAjBgNVBAMTHEhhcnNibyBJbnRlcm5ldCBBdXRob3Jp dHkgRzIxHTAbBgkqhkiG9w0BCQEWDmFsZXhAaGFyc2JvLnNlMIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAvY+8pJ0c3240WqGo9ua7RRc10UzVvbmfMPo2 4YwzsZ7IIwBzvW8u1LOjPK9vLy4M3R+A1egipo6LY0wfFxACY6wgERI7EnpWoBRY JLgpYM8Wl8l4xZAgpsjQh/IsBM7CuiGLD0+ieKMGQ7u24IxQztNMgP1MpBm42nz7 fDZ66d7v7m7uxmvzTbekt3gshJn1GFAzF7HABBT2MVGpV+nGaZ9vT20DP5q/eup0 7qsfue3a6oAQWkC8fI9a9sg6zHG5QV94v3Avns+7dvSKu5E4iOMkl10LW9GQw0R3 DCjtx5HuAzH/t9fH7+QsLnwrWUhJq966avenrvgnv2X6i137I41SM3FdW/w3cnoa gyA7pBKVjR7ibLMA7aSi5Wd/CNlok0UJT7deF4w9jlb0qbXeI+WgsPZOVoRK6XVZ glmpG96NHKWZIMSmQOVVlbuQUfTjJYaC6CakzN8XaL5Lea+VIQvAhP1G6144j2c3 IoDriRGmnhqS6sOviJ9NtCttfyxgJcbw18PvpTznQnjdm9fWYLdVgLztpYtK7EVz 9Iutt+nmByHoyiBM22ycO74CrPmVfXVzLClzAFBkP9WYmmT+OTgEwpLf+NkWvDjZ xILX6giEAndpA0D9Grgu9Bz7QARED4VMIkGvKGsjJ/oS/TXZvry6ntv9/Mj8uQCW Dv5G+hMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUG/ZIN0NV VBYXy187KAoxaVKz8CIwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDQUAA4IC AQBuZowF6rjK77HPIxdLAysRVtJm1P5FP50Z0Fd6EjV9lUUMzdNL96IMEiBfRC7E 8qLwqu6O5cYA6DJ1MaG3gOQ9NYVWHhQwFjpXFzFzv15/dbnVfb4dzBV7+lPYafgP TzSQ+MUJ5tWY9P+1L+CL9QtCvUc/ulosAMRllL6k7hTGbAs7Gq7sIGAG6gklDWlt s0KV9VUc/X243U3XxvxyoPoKCs7KZlXySRQzujzEazuk3pYsQD1pYAnVoP+TilF0 idclpX5b/xQf4AiIOuS8EcD5q8lEn9G/KLP1Mb48LZ8BRAQxHumzbnG/FWXXqC4R V5xTn/Ji4UmMRptbVg0JxlL7ghNSrU0mo0ahNttxamXNAA4l2GQnR+Ea/zds89se SVNNetDHxc8clXbVGMW1fI7ifKJc5JsEYRnl71Er3+bTD1TO1Al9O3CBkOl9IHcL B9E1GlY0m9MnApO/TQ8ZK5CsQDichQO35nb71XuWqmeNicPzK9P86EkZORRPl+mc gMvVk9FAXpbOf+nO3hUzC+tv7eyBj/To3T3j1y7NATB8sfOqzXm1H/MJuXG4gIDY iJ8gBubi7g7mXkgFyo05K1rm00Vn94kQRZVRYj+XfVSG423B+MnFi/sxpM4K7krb W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== -----END CERTIFICATE----- </ca> <tls-auth> -----BEGIN OpenVPN Static key V1----- fae4feae672f9e291a40be76ee408106 5ff30defe0d24ca75bbf2c9e542cdfae 35a8cf4c9a642f2e42e94699c33daba1 4f7bf7ee5dca72bf7af51c83dbe87056 c76c7bd287143d826a9d3d140db684b3 763f3d0627fe108685d72ba0b1970ba3 623ccc5fabf652a77884ce0ea0f53765 f9f90b48221280a0ce01c830b103bcc4 c1777fdffdd7249522aac91efeead501 d30ae717734e838d15894a6ad3191851 78c673fffaa81a270de025152a3f7b8e bd2393b0fa1444a698261f0b15789828 5f7d3e7806c50cea856a40fec6a8506b 03b593a1635d6e829265d71ded3510fb dbeee76102c73574a7855edaee451d0f 16c46f97c66441da9bcddd2f717672d0 -----END OpenVPN Static key V1----- </tls-auth>
