Difference between revisions of "OpenVPN"
From HackerNet
Helikopter (talk | contribs) m Tag: visualeditor |
Helikopter (talk | contribs) m |
||
Line 28: | Line 28: | ||
<nowiki>-----</nowiki>BEGIN CERTIFICATE----- | <nowiki>-----</nowiki>BEGIN CERTIFICATE----- | ||
MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux | MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux | ||
− | |||
... | ... | ||
− | |||
W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== | W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== | ||
<nowiki>-----</nowiki>END CERTIFICATE----- | <nowiki>-----</nowiki>END CERTIFICATE----- | ||
Line 38: | Line 36: | ||
<nowiki>-----</nowiki>BEGIN OpenVPN Static key V1----- | <nowiki>-----</nowiki>BEGIN OpenVPN Static key V1----- | ||
fae4feae672f9e291a40be76ee408106 | fae4feae672f9e291a40be76ee408106 | ||
− | |||
... | ... | ||
16c46f97c66441da9bcddd2f717672d0 | 16c46f97c66441da9bcddd2f717672d0 |
Revision as of 19:58, 14 January 2015
OpenVPN är öppen källkod.
Server
Detta är exempelkonf för remote access med säkerhet i åtanke. Två-faktors-autentisering för inlogg samt TLS-autentisering av paketen. CA-certifikatet och TLS-nyckeln körs inline i konfigfilen för att det ska bli färre filer att hålla reda på.
server dev tun proto tcp nobind ca [inline] cert Server.crt key Server.pem auth- tls-server tls-auth [inline] 1 keepalive 10 30 cipher AES-256-CBC persist-key persist-tun comp-lzo tun-mtu 1500 mssfix 1200 verb 3 <ca> -----BEGIN CERTIFICATE----- MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux ... W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== -----END CERTIFICATE----- </ca> <tls-auth> -----BEGIN OpenVPN Static key V1----- fae4feae672f9e291a40be76ee408106 ... 16c46f97c66441da9bcddd2f717672d0 -----END OpenVPN Static key V1----- </tls-auth>
Klient
Klientkonf som funkar till serverkonfen ovan.
client dev tun0 proto udp remote vpn.harsbo.se 1194 resolv-retry infinite nobind ca [inline] cert Klient1.crt key Klient1.pem auth-user-pass auth.txt tls-client tls-auth [inline] 1 verify-x509-name vpn.harsbo.se name keepalive 10 30 cipher AES-256-CBC persist-key persist-tun comp-lzo tun-mtu 1500 mssfix 1200 verb 3 <ca> -----BEGIN CERTIFICATE----- MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux ... W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg== -----END CERTIFICATE----- </ca> <tls-auth> -----BEGIN OpenVPN Static key V1----- fae4feae672f9e291a40be76ee408106 ... 16c46f97c66441da9bcddd2f717672d0 -----END OpenVPN Static key V1----- </tls-auth>