Comments on OpenVPN - Secure you server administration with multiplatform VPN connection

OpenVPN is a full-featured SSL VPN which implements the OSI layer 2 or 3 secure network extension by using the industry standard SSL/TLS protocol. For this tutorial, we are going to use a Debian or Ubuntu server. You can use any server you already have in production.

3 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: sjau
Reply  

you could include the certs directly inthe configs. So you'd have to copy only one file.

 

key-direction 1


<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>


<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: xxx
        Validity
            Not Before: Jan  5 09:10:19 2015 GMT
            Not After : Dec 12 09:10:19 2114 GMT
        Subject: xxx
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    [...]
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                xxx
            X509v3 Authority Key Identifier: 
                keyid:xxx
                DirName:xxx
                serial:xxx

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
    Signature Algorithm: sha1WithRSAEncryption
         [...]
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>


<key>
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
</key>


<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[...]
-----END OpenVPN Static key V1-----
</tls-auth>

 

Also I use this little bash script that I created to quickly create a new client config file (.conf for linux and .ovpn for windows):

 

https://paste.simplylinux.ch/view/444d5562

 

Of course you need to adjust the server info and template stuff to your needs. But it will include the keys and certs directly.

By: Sachin
Reply  

The inline certs are a great thing! I also created a script that does the end-to-end work - also calling easy_rsa for the cerificate creation. However, I kept the template file outside - your single file method is neater.

Any idea how to bundle the created file with an OpenVPN Windows installer? That is, is there a way I can build a service(?) that will allow peopel to download an OpenVPN installer which already bundles the configuration file? Service should run on Linux.

 

By: P.Habdak
Reply  

Very nice sjau :)