Mainos / Advertisement:
Ero sivun ”Openvpn/en” versioiden välillä
Siirry navigaatioon
Siirry hakuun
(Ak: Uusi sivu: Openvpn) |
(Päivitetty vastaamaan uutta versiota lähdesivusta) |
||
| (2 välissä olevaa versiota toisen käyttäjän tekemänä ei näytetä) | |||
| Rivi 1: | Rivi 1: | ||
<languages/> | <languages/> | ||
| + | OpenVPN is an open source software application for VPN tunneling. It's one of the safest in the world. OpenVPN differs from other VPN protocols in the way that it requires a separate client program to connect to the server. | ||
| + | |||
OpenVPN on avoimella lähdekoodilla toimiva VPN. Tämä on yksi maailman turvallisimmista VPN protokollista. OpenVPN eroaa muista VPN protokollista, että vaatii erillisen asiakasohjelman muodostaakseen yhteyden palvelimeen. | OpenVPN on avoimella lähdekoodilla toimiva VPN. Tämä on yksi maailman turvallisimmista VPN protokollista. OpenVPN eroaa muista VPN protokollista, että vaatii erillisen asiakasohjelman muodostaakseen yhteyden palvelimeen. | ||
| − | |||
| − | + | == Asennus == | |
| + | |||
| + | Asenna OpenVPN paketti pakettihallinnasta palvelin ja asiakaslaitteille. Windowssille löytyy erillinen paketti [https://openvpn.net/index.php/open-source/downloads.html täältä]. | ||
| + | |||
| + | aptitude install openvpn | ||
| + | |||
| + | == Konfigurointi == | ||
| + | |||
| + | === Sertifikaatit === | ||
| + | |||
| + | Asennuksen jälkeen sinun tulee kopioida oletushakemistosta tiedostoja jotta palvelin voi lukea niitä | ||
| + | |||
| + | cp -r /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn | ||
| + | |||
| + | Tämän jälkeen siirrytään generoimaan RSA avaimet VPN palvelua varten. | ||
| + | |||
| + | cd /etc/openvpn/easy-rsa/2.0/ | ||
| + | |||
| + | Muokkaa tämän jälkeen vars tiedostoa | ||
| + | |||
| + | nano /etc/openvpn/easy-rsa/2.0/vars | ||
| + | |||
| + | vars - tiedostossa muuta export KEY_SIZE 1024 -> 2048 | ||
| + | |||
| + | <pre> | ||
| + | # Increase this to 2048 if you | ||
| + | # are paranoid. This will slow | ||
| + | # down TLS negotiation performance | ||
| + | # as well as the one-time DH parms | ||
| + | # generation process. | ||
| + | export KEY_SIZE=2048 | ||
| + | </pre> | ||
| + | |||
| + | Voit halutessasi kirjoittaa valmiiksi konfiguroinnit tähän tiedostoon. | ||
| + | |||
| + | Tallenna ja sulje tiedosto sekä käynnistä openvpn palvelu uudelleen | ||
| + | |||
| + | service openvpn restart | ||
| + | |||
| + | Määritetään konfigurointitiedosto ./vars ja tyhjennetään vanhat avaimet | ||
| + | |||
| + | source ./vars | ||
| + | |||
| + | ./clean-all | ||
| + | |||
| + | ==== Root sertifikaatti ==== | ||
| + | |||
| + | Luodaan root sertifikaatti | ||
| + | |||
| + | ./build-ca | ||
| + | |||
| + | Tämän jälkeen vastaa ohjattuun velhoon: | ||
| + | |||
| + | <pre> | ||
| + | Generating a 2048 bit RSA private key | ||
| + | ..+++ | ||
| + | ..................................................+++ | ||
| + | writing new private key to 'ca.key' | ||
| + | ----- | ||
| + | You are about to be asked to enter information that will be incorporated | ||
| + | into your certificate request. | ||
| + | What you are about to enter is what is called a Distinguished Name or a DN. | ||
| + | There are quite a few fields but you can leave some blank | ||
| + | For some fields there will be a default value, | ||
| + | If you enter '.', the field will be left blank. | ||
| + | ----- | ||
| + | Country Name (2 letter code) [US]:FI | ||
| + | State or Province Name (full name) [CA]:Lounais-Suomi | ||
| + | Locality Name (eg, city) [SanFrancisco]:Turku | ||
| + | Organization Name (eg, company) [Fort-Funston]:Taistowiki | ||
| + | Organizational Unit Name (eg, section) [changeme]:Labs | ||
| + | Common Name (eg, your name or your server's hostname) [changeme]:vpn.taisto.org | ||
| + | Name [changeme]:Taistowiki VPN | ||
| + | Email Address [[email protected]]:[email protected] | ||
| + | </pre> | ||
| + | |||
| + | ==== Palvelin sertifikaatti ==== | ||
| + | |||
| + | Sertifikaatin genroimisen jälkeen luodaan privaattiavain palvelimelle. Muuta vpn.taisto.org vastaamaan palvelimesi nimeä. | ||
| + | |||
| + | ../build-key-server vpn.taisto.org | ||
| − | + | Tämän jälkeen vastaa jälleen seuraa velhoa | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | <pre> | |
| + | Generating a 2048 bit RSA private key | ||
| + | .................................................+++ | ||
| + | .............................................................+++ | ||
| + | writing new private key to 'vpn.taisto.org.key' | ||
| + | ----- | ||
| + | You are about to be asked to enter information that will be incorporated | ||
| + | into your certificate request. | ||
| + | What you are about to enter is what is called a Distinguished Name or a DN. | ||
| + | There are quite a few fields but you can leave some blank | ||
| + | For some fields there will be a default value, | ||
| + | If you enter '.', the field will be left blank. | ||
| + | ----- | ||
| + | Country Name (2 letter code) [US]:FI | ||
| + | State or Province Name (full name) [CA]:Lounais-Suomi | ||
| + | Locality Name (eg, city) [SanFrancisco]:Turku | ||
| + | Organization Name (eg, company) [Fort-Funston]:Taistowiki | ||
| + | Organizational Unit Name (eg, section) [changeme]:Labs | ||
| + | Common Name (eg, your name or your server's hostname) [vpn.taisto.org]: | ||
| + | Name [changeme]:Taistowiki | ||
| + | Email Address [[email protected]]:[email protected] | ||
| − | + | Please enter the following 'extra' attributes | |
| + | to be sent with your certificate request | ||
| + | A challenge password []: | ||
| + | An optional company name []: | ||
| + | Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf | ||
| + | Check that the request matches the signature | ||
| + | Signature ok | ||
| + | The Subject's Distinguished Name is as follows | ||
| + | countryName :PRINTABLE:'FI' | ||
| + | stateOrProvinceName :PRINTABLE:'Lounais-Suomi' | ||
| + | localityName :PRINTABLE:'Turku' | ||
| + | organizationName :PRINTABLE:'Taistowiki' | ||
| + | organizationalUnitName:PRINTABLE:'Labs' | ||
| + | commonName :PRINTABLE:'vpn.taisto.org' | ||
| + | name :PRINTABLE:'Taistowiki' | ||
| + | emailAddress :IA5STRING:'[email protected]' | ||
| + | Certificate is to be certified until Aug 15 12:00:08 2025 GMT (3650 days) | ||
| + | Sign the certificate? [y/n]:y | ||
| − | |||
| − | + | 1 out of 1 certificate requests certified, commit? [y/n]y | |
| − | + | Write out database with 1 new entries | |
| + | Data Base Updated | ||
| + | </pre> | ||
| − | + | Generoi Diffie Helman key exhange parametri. Tässä menee hetki. | |
| + | ./build-dh | ||
| − | + | ==== Asiakas sertifikaatti ==== | |
| − | |||
| − | + | Nyt luodaan OpenVPN asiakkaille sertifikaatti. Jokaisella asiakkaalla tulee olla oma sertifikaatti. Muuta client vastaamaan asiakkaan isäntänimeä. | |
| − | + | ./build-key client | |
| − | |||
| − | + | <pre> | |
| − | + | Generating a 2048 bit RSA private key | |
| − | + | ...................................................................................+++ | |
| − | + | ............+++ | |
| − | + | writing new private key to 'client.key' | |
| − | + | ----- | |
| + | You are about to be asked to enter information that will be incorporated | ||
| + | into your certificate request. | ||
| + | What you are about to enter is what is called a Distinguished Name or a DN. | ||
| + | There are quite a few fields but you can leave some blank | ||
| + | For some fields there will be a default value, | ||
| + | If you enter '.', the field will be left blank. | ||
| + | ----- | ||
| + | Country Name (2 letter code) [US]:FI | ||
| + | State or Province Name (full name) [CA]:Lounais-Suomi | ||
| + | Locality Name (eg, city) [SanFrancisco]:Turku | ||
| + | Organization Name (eg, company) [Fort-Funston]:Taistowiki | ||
| + | Organizational Unit Name (eg, section) [changeme]:Labs client | ||
| + | Common Name (eg, your name or your server's hostname) [client]: | ||
| + | Name [changeme]:Taistowiki | ||
| + | Email Address [[email protected]]:support@taisto.org | ||
| − | + | Please enter the following 'extra' attributes | |
| − | + | to be sent with your certificate request | |
| − | + | A challenge password []: | |
| + | An optional company name []: | ||
| + | Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf | ||
| + | Check that the request matches the signature | ||
| + | Signature ok | ||
| + | The Subject's Distinguished Name is as follows | ||
| + | countryName :PRINTABLE:'FI' | ||
| + | stateOrProvinceName :T61STRING:'\0xFFFFFFC3Lounais-Suomi' | ||
| + | localityName :PRINTABLE:'Turku' | ||
| + | organizationName :PRINTABLE:'Taistowiki' | ||
| + | organizationalUnitName:PRINTABLE:'Labs client' | ||
| + | commonName :PRINTABLE:'client' | ||
| + | name :PRINTABLE:'Taistowiki' | ||
| + | emailAddress :IA5STRING:'support@taisto.org' | ||
| + | Certificate is to be certified until Aug 15 12:05:36 2025 GMT (3650 days) | ||
| + | Sign the certificate? [y/n]:y | ||
| − | |||
| − | + | 1 out of 1 certificate requests certified, commit? [y/n]y | |
| + | Write out database with 1 new entries | ||
| + | Data Base Updated | ||
| + | </pre> | ||
| − | + | Kopioi Root, palvelin sekä DH param sertifikaatti tiedostot OpenVPN root hakemistoon: | |
| + | <pre> | ||
| + | cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn | ||
| + | cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn | ||
| + | cp /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem /etc/openvpn | ||
| + | cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn | ||
| + | cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn | ||
| + | </pre> | ||
| − | + | ==== Kumoa sertifikaatti ==== | |
| − | + | Seuraavilla komennoilla voit kumota käyttäoikeuden palvelimeen. Muuta client1 nimeä asiakasnimeksi minkä oikeuden haluat peruuttaa. | |
| − | |||
| − | + | . /etc/openvpn/easy-rsa/2.0/vars | |
| − | + | . /etc/openvpn/easy-rsa/2.0/revoke-full client1 | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | === Palvelimen konfigurointi === | ||
| − | + | Pura ZIP tiedosto | |
| − | + | gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | |
| − | |||
| − | |||
| − | |||
| − | + | Kopioi esimerkki palvelin konfigurointi tiedosto /etc/openvpn hakemistoon | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn | |
| − | + | Sinun tulee vielä muokata server.conf tiedostossa muutama kohta ennen kuin voidaan ottaa OpenVPN palvelin käyttöön: | |
| + | nano /etc/openvpn/server.conf | ||
| − | + | * Oikeat avain tiedostot ja niiden polku | |
| + | <pre> | ||
| + | # SSL/TLS root certificate (ca), certificate | ||
| + | # (cert), and private key (key). Each client | ||
| + | # and the server must have their own cert and | ||
| + | # key file. The server and all clients will | ||
| + | # use the same ca file. | ||
| + | # | ||
| + | # See the "easy-rsa" directory for a series | ||
| + | # of scripts for generating RSA certificates | ||
| + | # and private keys. Remember to use | ||
| + | # a unique Common Name for the server | ||
| + | # and each of the client certificates. | ||
| + | # | ||
| + | # Any X509 key management system can be used. | ||
| + | # OpenVPN can also use a PKCS #12 formatted key file | ||
| + | # (see "pkcs12" directive in man page). | ||
| + | ca ca.crt | ||
| + | cert server.crt | ||
| + | key server.key # This file should be kept secret | ||
| − | + | # Diffie hellman parameters. | |
| + | # Generate your own with: | ||
| + | # openssl dhparam -out dh1024.pem 1024 | ||
| + | # Substitute 2048 for 1024 if you are using | ||
| + | # 2048 bit keys. | ||
| + | dh dh2028.pem | ||
| + | </pre> | ||
| − | + | Lopuksi käynnistä VPN palvelu uudelleen | |
| − | + | service openvpn restart | |
| − | + | === Asiakkaan konfigurointi === | |
| − | + | Kopioi OpenVPN palvelimelta client.conf tiedosto omaan kotihakemistoon ja siirrä omalle asiakaslaitteelle | |
| − | + | cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/ | |
| − | + | Kopioi lisäksi ca (ca.crt) ja client sertifikaatit (client.crt) sekä privaattiavain (client.key) asiakaslaitteelle. | |
| − | + | Avaa client.conf tiedosto | |
| − | + | nano ~/client.conf | |
| − | + | Muokkaa tämä tiedosto seuraavanlaiseksi: | |
| − | + | * Määritä OpenVPN palvelimen osoite sekä portti, oletus 1194 | |
| + | <pre> | ||
| + | # The hostname/IP and port of the server. | ||
| + | # You can have multiple remote entries | ||
| + | # to load balance between the servers. | ||
| + | remote my-server-1 1194 | ||
| + | ;remote my-server-2 1194 | ||
| + | </pre> | ||
| − | + | * Määritä sertifikaattien polku | |
| + | <pre> | ||
| + | # SSL/TLS parms. | ||
| + | # See the server config file for more | ||
| + | # description. It's best to use | ||
| + | # a separate .crt/.key file pair | ||
| + | # for each client. A single ca | ||
| + | # file can be used for all clients. | ||
| + | ca ca.crt | ||
| + | cert client.crt | ||
| + | key client.key | ||
| + | </pre> | ||
Nykyinen versio 17. syyskuuta 2015 kello 21.49
OpenVPN is an open source software application for VPN tunneling. It's one of the safest in the world. OpenVPN differs from other VPN protocols in the way that it requires a separate client program to connect to the server.
OpenVPN on avoimella lähdekoodilla toimiva VPN. Tämä on yksi maailman turvallisimmista VPN protokollista. OpenVPN eroaa muista VPN protokollista, että vaatii erillisen asiakasohjelman muodostaakseen yhteyden palvelimeen.
Sisällysluettelo
Asennus
Asenna OpenVPN paketti pakettihallinnasta palvelin ja asiakaslaitteille. Windowssille löytyy erillinen paketti täältä.
aptitude install openvpn
Konfigurointi
Sertifikaatit
Asennuksen jälkeen sinun tulee kopioida oletushakemistosta tiedostoja jotta palvelin voi lukea niitä
cp -r /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn
Tämän jälkeen siirrytään generoimaan RSA avaimet VPN palvelua varten.
cd /etc/openvpn/easy-rsa/2.0/
Muokkaa tämän jälkeen vars tiedostoa
nano /etc/openvpn/easy-rsa/2.0/vars
vars - tiedostossa muuta export KEY_SIZE 1024 -> 2048
# Increase this to 2048 if you # are paranoid. This will slow # down TLS negotiation performance # as well as the one-time DH parms # generation process. export KEY_SIZE=2048
Voit halutessasi kirjoittaa valmiiksi konfiguroinnit tähän tiedostoon.
Tallenna ja sulje tiedosto sekä käynnistä openvpn palvelu uudelleen
service openvpn restart
Määritetään konfigurointitiedosto ./vars ja tyhjennetään vanhat avaimet
source ./vars
./clean-all
Root sertifikaatti
Luodaan root sertifikaatti
./build-ca
Tämän jälkeen vastaa ohjattuun velhoon:
Generating a 2048 bit RSA private key ..+++ ..................................................+++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:FI State or Province Name (full name) [CA]:Lounais-Suomi Locality Name (eg, city) [SanFrancisco]:Turku Organization Name (eg, company) [Fort-Funston]:Taistowiki Organizational Unit Name (eg, section) [changeme]:Labs Common Name (eg, your name or your server's hostname) [changeme]:vpn.taisto.org Name [changeme]:Taistowiki VPN Email Address [[email protected]]:[email protected]
Palvelin sertifikaatti
Sertifikaatin genroimisen jälkeen luodaan privaattiavain palvelimelle. Muuta vpn.taisto.org vastaamaan palvelimesi nimeä.
../build-key-server vpn.taisto.org
Tämän jälkeen vastaa jälleen seuraa velhoa
Generating a 2048 bit RSA private key .................................................+++ .............................................................+++ writing new private key to 'vpn.taisto.org.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:FI State or Province Name (full name) [CA]:Lounais-Suomi Locality Name (eg, city) [SanFrancisco]:Turku Organization Name (eg, company) [Fort-Funston]:Taistowiki Organizational Unit Name (eg, section) [changeme]:Labs Common Name (eg, your name or your server's hostname) [vpn.taisto.org]: Name [changeme]:Taistowiki Email Address [[email protected]]:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'FI' stateOrProvinceName :PRINTABLE:'Lounais-Suomi' localityName :PRINTABLE:'Turku' organizationName :PRINTABLE:'Taistowiki' organizationalUnitName:PRINTABLE:'Labs' commonName :PRINTABLE:'vpn.taisto.org' name :PRINTABLE:'Taistowiki' emailAddress :IA5STRING:'[email protected]' Certificate is to be certified until Aug 15 12:00:08 2025 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
Generoi Diffie Helman key exhange parametri. Tässä menee hetki.
./build-dh
Asiakas sertifikaatti
Nyt luodaan OpenVPN asiakkaille sertifikaatti. Jokaisella asiakkaalla tulee olla oma sertifikaatti. Muuta client vastaamaan asiakkaan isäntänimeä.
./build-key client
Generating a 2048 bit RSA private key ...................................................................................+++ ............+++ writing new private key to 'client.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]:FI State or Province Name (full name) [CA]:Lounais-Suomi Locality Name (eg, city) [SanFrancisco]:Turku Organization Name (eg, company) [Fort-Funston]:Taistowiki Organizational Unit Name (eg, section) [changeme]:Labs client Common Name (eg, your name or your server's hostname) [client]: Name [changeme]:Taistowiki Email Address [[email protected]]:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'FI' stateOrProvinceName :T61STRING:'\0xFFFFFFC3Lounais-Suomi' localityName :PRINTABLE:'Turku' organizationName :PRINTABLE:'Taistowiki' organizationalUnitName:PRINTABLE:'Labs client' commonName :PRINTABLE:'client' name :PRINTABLE:'Taistowiki' emailAddress :IA5STRING:'[email protected]' Certificate is to be certified until Aug 15 12:05:36 2025 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
Kopioi Root, palvelin sekä DH param sertifikaatti tiedostot OpenVPN root hakemistoon:
cp /etc/openvpn/easy-rsa/2.0/keys/ca.crt /etc/openvpn cp /etc/openvpn/easy-rsa/2.0/keys/ca.key /etc/openvpn cp /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem /etc/openvpn cp /etc/openvpn/easy-rsa/2.0/keys/server.crt /etc/openvpn cp /etc/openvpn/easy-rsa/2.0/keys/server.key /etc/openvpn
Kumoa sertifikaatti
Seuraavilla komennoilla voit kumota käyttäoikeuden palvelimeen. Muuta client1 nimeä asiakasnimeksi minkä oikeuden haluat peruuttaa.
. /etc/openvpn/easy-rsa/2.0/vars . /etc/openvpn/easy-rsa/2.0/revoke-full client1
Palvelimen konfigurointi
Pura ZIP tiedosto
gunzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
Kopioi esimerkki palvelin konfigurointi tiedosto /etc/openvpn hakemistoon
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn
Sinun tulee vielä muokata server.conf tiedostossa muutama kohta ennen kuin voidaan ottaa OpenVPN palvelin käyttöön:
nano /etc/openvpn/server.conf
- Oikeat avain tiedostot ja niiden polku
# SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca ca.crt cert server.crt key server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh dh2028.pem
Lopuksi käynnistä VPN palvelu uudelleen
service openvpn restart
Asiakkaan konfigurointi
Kopioi OpenVPN palvelimelta client.conf tiedosto omaan kotihakemistoon ja siirrä omalle asiakaslaitteelle
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/
Kopioi lisäksi ca (ca.crt) ja client sertifikaatit (client.crt) sekä privaattiavain (client.key) asiakaslaitteelle.
Avaa client.conf tiedosto
nano ~/client.conf
Muokkaa tämä tiedosto seuraavanlaiseksi:
- Määritä OpenVPN palvelimen osoite sekä portti, oletus 1194
# The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote my-server-1 1194 ;remote my-server-2 1194
- Määritä sertifikaattien polku
# SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt cert client.crt key client.key
Mainos / Advertisement:
