OpenVPN: Difference between revisions
From Elch-Wiki
Jump to navigationJump to search
(Created page with "* Installation gemäss http://www.susegeek.com/security/install-configure-openvpn-ssl-vpn-in-suse-opensuse-linux/ ** OpenVPN mit Yast installiert ** copy von /usr/share/openvp...") |
No edit summary |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
* Installation gemäss http://www.susegeek.com/security/install-configure-openvpn-ssl-vpn-in-suse-opensuse-linux/ | * Installation gemäss http://www.susegeek.com/security/install-configure-openvpn-ssl-vpn-in-suse-opensuse-linux/ | ||
** OpenVPN mit Yast installiert | * Anderes Howto: https://openvpn.net/index.php/open-source/documentation/howto.html | ||
** | * OpenVPN mit Yast installiert | ||
* easy-rsa | |||
** Download von https://github.com/OpenVPN/easy-rsa geholt und nach /etc/openvpn entpackt | |||
** vars.example nach vars kopiert und editiert | |||
** ./easyrsa init-pki | |||
** ./easyrsa build-ca (passwords in password-safe) | |||
** ./easyrsa build-server-full animal_vpn | |||
** ./easyrsa build-client-full animal_vpn_c1 | |||
** ./easyrsa gen-dh | |||
** Create P12 File from client certificate: openssl pkcs12 -export -in easyrsa3/pki/issued/animal_vpn_c1.crt -inkey easyrsa3/pki/private/animal_vpn_c1.key -out animal_vpn_c1.p12 | |||
= Neues Client-Cert erstellen = | |||
* root werden | |||
* nach /etc/openvpn/easyrsa3 wechseln | |||
* ./easyrsa build-client-full animal_vpn_c2 <-- Name inkrementieren, PW aus PW-Safe | |||
* Optional: Create P12 File from client certificate: openssl pkcs12 -export -in easyrsa3/pki/issued/animal_vpn_c2.crt -inkey easyrsa3/pki/private/animal_vpn_c2.key -out animal_vpn_c2.p12 <-- export PW leer lassen | |||
= Android Installation = | |||
* "OpenVPN für Android" aus Play Store installieren | |||
* ca.crt, client.crt und client.key auf das Gerät kopieren | |||
* Grundeinstellungen: Typ = Zertifikate | |||
* Cipher=AES-256-CBC, Authentication=SHA512 | |||
* Authentifizierung/Verschlüsselung: Hostname überprüfen -> off | |||
* Compression -> on | |||
Latest revision as of 17:37, 13 October 2021
- Installation gemäss http://www.susegeek.com/security/install-configure-openvpn-ssl-vpn-in-suse-opensuse-linux/
- Anderes Howto: https://openvpn.net/index.php/open-source/documentation/howto.html
- OpenVPN mit Yast installiert
- easy-rsa
- Download von https://github.com/OpenVPN/easy-rsa geholt und nach /etc/openvpn entpackt
- vars.example nach vars kopiert und editiert
- ./easyrsa init-pki
- ./easyrsa build-ca (passwords in password-safe)
- ./easyrsa build-server-full animal_vpn
- ./easyrsa build-client-full animal_vpn_c1
- ./easyrsa gen-dh
- Create P12 File from client certificate: openssl pkcs12 -export -in easyrsa3/pki/issued/animal_vpn_c1.crt -inkey easyrsa3/pki/private/animal_vpn_c1.key -out animal_vpn_c1.p12
Neues Client-Cert erstellen
- root werden
- nach /etc/openvpn/easyrsa3 wechseln
- ./easyrsa build-client-full animal_vpn_c2 <-- Name inkrementieren, PW aus PW-Safe
- Optional: Create P12 File from client certificate: openssl pkcs12 -export -in easyrsa3/pki/issued/animal_vpn_c2.crt -inkey easyrsa3/pki/private/animal_vpn_c2.key -out animal_vpn_c2.p12 <-- export PW leer lassen
Android Installation
- "OpenVPN für Android" aus Play Store installieren
- ca.crt, client.crt und client.key auf das Gerät kopieren
- Grundeinstellungen: Typ = Zertifikate
- Cipher=AES-256-CBC, Authentication=SHA512
- Authentifizierung/Verschlüsselung: Hostname überprüfen -> off
- Compression -> on
