Orga, Bürokraten, Administratoren
770
Bearbeitungen
Potsdam-VPN: Unterschied zwischen den Versionen
→Keys generieren
Seth0r (Diskussion | Beiträge) (drophna plugin muss auch kompiliert werden) |
Seth0r (Diskussion | Beiträge) |
||
| Zeile 6: | Zeile 6: | ||
== Server aufsetzen == | == Server aufsetzen == | ||
=== Keys generieren === | === Keys generieren === | ||
==== Easy-RSA config ==== | |||
* vim vars | |||
export EASY_RSA="`pwd`" | |||
export OPENSSL="openssl" | |||
export PKCS11TOOL="pkcs11-tool" | |||
export GREP="grep" | |||
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` | |||
export KEY_DIR="$EASY_RSA/keys" | |||
# Issue rm -rf warning | |||
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR | |||
export PKCS11_MODULE_PATH="dummy" | |||
export PKCS11_PIN="dummy" | |||
export KEY_SIZE=2048 | |||
export CA_EXPIRE=10950 | |||
export KEY_EXPIRE=3660 | |||
export KEY_COUNTRY="DE" | |||
export KEY_PROVINCE="BRB" | |||
export KEY_CITY="Potsdam" | |||
export KEY_ORG="Freifunk Potsdam e.V." | |||
export KEY_EMAIL="info@freifunk-potsdam.de" | |||
export KEY_CN= | |||
export KEY_NAME= | |||
==== CA Zertifikat, CA Key und DH Parameter erzeugen ==== | |||
. vars | |||
./build-ca | |||
./build-dh | |||
==== Server Zertifikat und Server Key erzeugen ==== | |||
. vars | |||
./build-key-server <span style="color:red">$server name$</span> | |||
==== client Zertifikat und Client Key erzeugen ==== | |||
. vars | |||
./build-key <span style="color:red">$client name$</span> | |||
=== OpenVPN einrichten === | === OpenVPN einrichten === | ||
* apt-get install openvpn | * apt-get install openvpn | ||