VPN 🔗
VPN 🔗
On the server 🔗
Generate a new key 🔗
On the VPN server:
sudo su ca
easyrsa build-client-full CLIENT_NAME nopass
Send the client the files it needs 🔗
The client will need:
- CA certificate:
/home/ca/pki/ca.crt - Client certificate:
/home/ca/pki/issued/CLIENT_NAME.crt - Client key:
/home/ca/pki/private/CLIENT_NAME.key
On the client 🔗
Set up openvpn 🔗
sudo pacman -S openvpn
Client conf 🔗
Create a directory /etc/openvpn/client/peori, we'll store there all the stuff for the client.
Create /etc/openvpn/client/peori.conf:
remote vpn.peori.space
# Auth
#auth-user-pass
ca peori/ca.crt
cert peori/client.crt
key peori/client.key
# Net
dev tun1
client
# Sending all the traffic through this interface
#redirect-gateway
#route-method exe
# Technical details
proto udp
port 1194
explicit-exit-notify
comp-lzo
auth SHA1 # Only for HMAC
ns-cert-type server
log-append /var/log/openvpn.peori
verb 3
#verb 4 # Verbose logging
Next copy the keys the client needs to /etc/openvpn/client/peori and run:
sudo systemctl start openvpn-client@peori
peoro's shortcut 🔗
create-client-certificate.sh CLIENT_NAME
All the needed files will be in ~/tmp/openvpn-key.CLIENT_NAME