Difference between revisions of "OpenVPN"

From HackerNet
Jump to: navigation, search
m
Tag: visualeditor
m
Line 28: Line 28:
 
  <nowiki>-----</nowiki>BEGIN CERTIFICATE-----
 
  <nowiki>-----</nowiki>BEGIN CERTIFICATE-----
 
  MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux
 
  MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux
 
 
  ...
 
  ...
 
 
  W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==
 
  W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==
 
  <nowiki>-----</nowiki>END CERTIFICATE-----
 
  <nowiki>-----</nowiki>END CERTIFICATE-----
Line 38: Line 36:
 
  <nowiki>-----</nowiki>BEGIN OpenVPN Static key V1-----
 
  <nowiki>-----</nowiki>BEGIN OpenVPN Static key V1-----
 
  fae4feae672f9e291a40be76ee408106
 
  fae4feae672f9e291a40be76ee408106
 
 
  ...
 
  ...
 
  16c46f97c66441da9bcddd2f717672d0
 
  16c46f97c66441da9bcddd2f717672d0

Revision as of 19:58, 14 January 2015

OpenVPN är öppen källkod.

Server

Detta är exempelkonf för remote access med säkerhet i åtanke. Två-faktors-autentisering för inlogg samt TLS-autentisering av paketen. CA-certifikatet och TLS-nyckeln körs inline i konfigfilen för att det ska bli färre filer att hålla reda på.

server
dev tun
proto tcp
nobind

ca [inline]
cert Server.crt
key Server.pem
auth-

tls-server
tls-auth [inline] 1

keepalive 10 30
cipher AES-256-CBC
persist-key
persist-tun
comp-lzo
tun-mtu 1500
mssfix 1200
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux
...
W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
fae4feae672f9e291a40be76ee408106
...
16c46f97c66441da9bcddd2f717672d0
-----END OpenVPN Static key V1-----
</tls-auth>

Klient

Klientkonf som funkar till serverkonfen ovan.

client
dev tun0
proto udp
remote vpn.harsbo.se 1194
resolv-retry infinite
nobind

ca [inline]
cert Klient1.crt
key Klient1.pem
auth-user-pass auth.txt

tls-client
tls-auth [inline] 1
verify-x509-name vpn.harsbo.se name

keepalive 10 30
cipher AES-256-CBC
persist-key
persist-tun
comp-lzo
tun-mtu 1500
mssfix 1200
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIFjjCCA3agAwIBAgICAQAwDQYJKoZIhvcNAQENBQAwaDELMAkGA1UEBhMCU0Ux
...
W45x0oueEpRKlORpP00dSaeAEj9yJCd/0pltmmR92cGVYg==
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
fae4feae672f9e291a40be76ee408106
...
16c46f97c66441da9bcddd2f717672d0
-----END OpenVPN Static key V1-----
</tls-auth>