OpenVPN: Difference between revisions

From Bitpost wiki
No edit summary
No edit summary
Line 17: Line 17:
  wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
  wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
  tar xvf EasyRSA-3.0.8.tgz
  tar xvf EasyRSA-3.0.8.tgz
  cd EasyRSA-3.0.8 && cp vars.example vars && emacs vars # uncomment && update as desired
# uncomment && update vars as desired
  cd EasyRSA-3.0.8 && cp vars.example vars && emacs vars
./easyrsa init-pki
./easyrsa build-ca nopass


==== Debian ====
==== Debian OpenVPN ====
OpenVPN (OSS) is available with most distros' package managers.
OpenVPN (OSS) is available with most distros' package managers.
  sudo apt install openvpn
  sudo apt install openvpn


==== Docker ====
Also install EasyRSA via [https://github.com/OpenVPN/easy-rsa/releases tarball] similar to instructions above, but we will be running different commands:
mkdir -p ~/apps && cd ~/apps
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
tar xvf EasyRSA-3.0.8.tgz
cd EasyRSA-3.0.8
./easyrsa init-pki
./easyrsa gen-req server nopass
sudo cp pki/private/server.key /etc/openvpn/
 
==== Docker OpenVPN ====
[https://github.com/kylemanna/docker-openvpn This] seems to be a good starting point [https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04?utm_source=githubreadme here] and [https://medium.com/@gurayy/set-up-a-vpn-server-with-docker-in-5-minutes-a66184882c45 here] are some instructions.  Not going there, Keith "you don't want to mix security concerns", Tom "KISS".
[https://github.com/kylemanna/docker-openvpn This] seems to be a good starting point [https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-in-a-docker-container-on-ubuntu-14-04?utm_source=githubreadme here] and [https://medium.com/@gurayy/set-up-a-vpn-server-with-docker-in-5-minutes-a66184882c45 here] are some instructions.  Not going there, Keith "you don't want to mix security concerns", Tom "KISS".
==== Finish install by pushing configs ====
After installing, push things around between EasyRSA and OpenVPN...
# FROM OPENVPN
# push server.req to EasyRSA CA machine
# you can just copy/paste it
emacs pki/reqs/server.req # copy
# FROM EASYRSA
emacs /tmp/server.req # paste
./easyrsa import-req /tmp/server.req server
./easyrsa sign-req server server
emacs pki/issued/server.crt # copy
emacs pki/ca.crt # copy
# FROM OPENVPN
sudo emacs /etc/openvpn/server.crt # paste
sudo emacs /etc/openvpn/ca.crt # paste
./easyrsa gen-dh
sudo openvpn --genkey secret ta.key
sudo cp ta.key /etc/openvpn/
sudo cp pki/dh.pem /etc/openvpn/
==== Step 4 ... ====
TBD

Revision as of 22:44, 2 February 2022

Configure

Install

Watch out, OpenVPN has tried to monetize with their "Access Server" product. What you want is OpenVPN "Open Source" aka "OSS".

You will need two machines to follow suggested installation: one for OpenVPN and a separate isolated machine to run EasyRSA to manage certificates.

EasyRSA

Get the tarball link from the releases site, and install it:

mkdir -p ~/apps && cd ~/apps 
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
tar xvf EasyRSA-3.0.8.tgz
# uncomment && update vars as desired
cd EasyRSA-3.0.8 && cp vars.example vars && emacs vars
./easyrsa init-pki
./easyrsa build-ca nopass

Debian OpenVPN

OpenVPN (OSS) is available with most distros' package managers.

sudo apt install openvpn

Also install EasyRSA via tarball similar to instructions above, but we will be running different commands:

mkdir -p ~/apps && cd ~/apps
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
tar xvf EasyRSA-3.0.8.tgz
cd EasyRSA-3.0.8
./easyrsa init-pki
./easyrsa gen-req server nopass
sudo cp pki/private/server.key /etc/openvpn/

Docker OpenVPN

This seems to be a good starting point here and here are some instructions. Not going there, Keith "you don't want to mix security concerns", Tom "KISS".

Finish install by pushing configs

After installing, push things around between EasyRSA and OpenVPN...

# FROM OPENVPN
# push server.req to EasyRSA CA machine
# you can just copy/paste it
emacs pki/reqs/server.req # copy

# FROM EASYRSA
emacs /tmp/server.req # paste
./easyrsa import-req /tmp/server.req server
./easyrsa sign-req server server
emacs pki/issued/server.crt # copy
emacs pki/ca.crt # copy

# FROM OPENVPN
sudo emacs /etc/openvpn/server.crt # paste
sudo emacs /etc/openvpn/ca.crt # paste
./easyrsa gen-dh
sudo openvpn --genkey secret ta.key
sudo cp ta.key /etc/openvpn/
sudo cp pki/dh.pem /etc/openvpn/

Step 4 ...

TBD