[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
| howtos:misc:setting_up_openvpn [2013/02/02 21:20 (UTC)] – chrisabela | howtos:misc:setting_up_openvpn [2013/02/03 19:55 (UTC)] – chrisabela | ||
|---|---|---|---|
| Line 15: | Line 15: | ||
| The emphasis of this tutorial is to provide you with a reliable method that you can easily follow to setup OpenVPN on Slackware Servers and Clients. Nevertheless the process is still not free from pitfalls and require some attention and determination to set up. | The emphasis of this tutorial is to provide you with a reliable method that you can easily follow to setup OpenVPN on Slackware Servers and Clients. Nevertheless the process is still not free from pitfalls and require some attention and determination to set up. | ||
| - | This document comprises of a selection of other similar tutorials found on Internet. In particular the methods described here were extracted from References (2) and (3). However these were cutomised to satisfy the objective. | + | This document comprises of a selection of other similar tutorials found on the Internet. In particular the methods described here were extracted from References (2) and (3). However these were cutomised to satisfy the objective. |
| ===== 3. Installation ===== | ===== 3. Installation ===== | ||
| Line 67: | Line 67: | ||
| ===== 5. Creating a Public Key Infrastructure (PKI) using the easy-rsa Scripts ===== | ===== 5. Creating a Public Key Infrastructure (PKI) using the easy-rsa Scripts ===== | ||
| - | The PKI may be created on any computer with a VPN installation, | + | The PKI may be created on any computer with an Openvpn |
| - | The easy-rsa scripts referred to in this chapter reside in the /usr/doc/ directory. In contrast to most other distributions (that normally use / | + | The easy-rsa scripts referred to in this chapter reside in the /usr/doc/ directory. |
| It is not recommended to use this directory to create the PKI. This directory may be overwritten by an Openvpn package upgrade, and some files that will be created, should kept secret as otherwise the security of the created VPN would be compromised. | It is not recommended to use this directory to create the PKI. This directory may be overwritten by an Openvpn package upgrade, and some files that will be created, should kept secret as otherwise the security of the created VPN would be compromised. | ||
| Line 91: | Line 91: | ||
| The purpose of this recommendation is to assure consistency in the default values of some following steps that need to be followed. You should not be really worried about the exact meaning or the correctness of the chosen entries as the actual values will have no bearing on the success or failure of this exercise. | The purpose of this recommendation is to assure consistency in the default values of some following steps that need to be followed. You should not be really worried about the exact meaning or the correctness of the chosen entries as the actual values will have no bearing on the success or failure of this exercise. | ||
| - | The following is my complete vars file. The text in bold indicates the parts that I amended from the original. You may note some additional entries that were entered. Most of these are meant to to enhance the range of default values that will be immediately available, thus increasing the chances of a successful creation of the PKI. | + | The following is my complete vars file. You may note some additional entries that were entered. Most of these are meant to enhance the range of default values that will be immediately available, thus increasing the chances of a successful creation of the PKI. |
| < | < | ||
| Line 146: | Line 146: | ||
| # as well as the one-time DH parms | # as well as the one-time DH parms | ||
| # generation process. | # generation process. | ||
| - | **export KEY_SIZE=2048** | + | export KEY_SIZE=2048 |
| # In how many days should the root CA key expire? | # In how many days should the root CA key expire? | ||
| Line 157: | Line 157: | ||
| # which will be placed in the certificate. | # which will be placed in the certificate. | ||
| # Don't leave any of these fields blank. | # Don't leave any of these fields blank. | ||
| - | **export KEY_COUNTRY=" | + | export KEY_COUNTRY=" |
| export KEY_PROVINCE=" | export KEY_PROVINCE=" | ||
| export KEY_CITY=" | export KEY_CITY=" | ||
| Line 165: | Line 165: | ||
| export KEY_CN=server1 | export KEY_CN=server1 | ||
| export KEY_NAME=server1 | export KEY_NAME=server1 | ||
| - | export KEY_OU="" | + | export KEY_OU="" |
| export PKCS11_MODULE_PATH=changeme | export PKCS11_MODULE_PATH=changeme | ||
| export PKCS11_PIN=1234 | export PKCS11_PIN=1234 | ||
| Line 756: | Line 756: | ||
| ===== 11. Firewalls ===== | ===== 11. Firewalls ===== | ||
| - | In the previous chapter we referred to a firewall you may include to protect your Openvpn Server. | + | In the previous chapter we referred to a firewall you may include to protect your Openvpn Server. |
| In order to poke through the Client firewall your may want to try changing the port to 443 - normally reserved for https. Using TCP instead of UDP will also help. To make these change you will need to amend / | In order to poke through the Client firewall your may want to try changing the port to 443 - normally reserved for https. Using TCP instead of UDP will also help. To make these change you will need to amend / | ||
| Line 802: | Line 802: | ||
| </ | </ | ||
| - | ===== 12. References: ===== | + | ===== 12. References ===== |
| (1) http:// | (1) http:// | ||
| Line 812: | Line 812: | ||
| (4) http:// | (4) http:// | ||
| + | * Originally written by [[wiki: | ||
