OpenVPN の設定
- 2010年 9月27日(月) 22:16 JST
- 投稿者: akira
- 表示回数 115
手順は
[edit vars with your site-specific info]
source ./vars
./clean-all
./build-dh -> takes a long time, consider backgrounding
./pkitool --initca
./pkitool --server myserver
./pkitool client1 パスワードなしの場合
./pkitool --pass client2 パスワードありの場合
これを実際にやってみたところ、thinkpadでエラーを出している。
前のデータとかち合ったか?
クライアント側で必要なファイルは、
・client1.crt …クライアント証明書
・client1.key …クライアント秘密鍵
windowsで標準インストールの場合は、C:\Program Files\OpenVPN\configに置く
となるらしい。
/usr/share/doc/openvpn/examples/easy-rsa
を以下にコピー
/etc/openvpn
root@siduxbox:/etc/openvpn/easy-rsa/2.0# cd easy-rsa/2.0
root@siduxbox:/etc/openvpn/easy-rsa/2.0# vi vars
root@siduxbox:/etc/openvpn/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./clean-all
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................+....+...............................+..................+...............................................................................................................+........+.........................+.....................................................................+....................................................................+................+.........................................................................................+...............................................................................+.................................+...+..................................+............................................+.........................................................................................................................................+.....................................+..................................................................................................................................+...................................................................................+.....+....................................................................+.........................................................................+........................................................+...+.............................................................+.......................................................................++*++*++*
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --initca
Using CA Common Name: Craine Fort-Funston CA
Generating a 1024 bit RSA private key
.................................................++++++
......................++++++
writing new private key to 'ca.key'
-----
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --server server
Generating a 1024 bit RSA private key
................................++++++
...............++++++
writing new private key to 'server.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:00:34 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool kitao1
Generating a 1024 bit RSA private key
...................................++++++
.................................................++++++
writing new private key to 'kitao1.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'kitao1'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:00:56 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass client1
Generating a 1024 bit RSA private key
.....++++++
.........................++++++
writing new private key to 'client1.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:02:52 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn# ln -s easy-rsa/2.0/keys keys
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool thinkpad
Generating a 1024 bit RSA private key
................++++++
...............++++++
writing new private key to 'thinkpad.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'thinkpad'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:06:33 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass thinkpad
Generating a 1024 bit RSA private key
............................................................++++++
....................................++++++
writing new private key to 'thinkpad.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'thinkpad'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:07:01 2020 GMT (3650 days)
failed to update database
TXT_DB error number 2
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass kitao2
Generating a 1024 bit RSA private key
.............++++++
................................++++++
writing new private key to 'kitao2.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'kitao2'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:09:38 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn#
[edit vars with your site-specific info]
source ./vars
./clean-all
./build-dh -> takes a long time, consider backgrounding
./pkitool --initca
./pkitool --server myserver
./pkitool client1 パスワードなしの場合
./pkitool --pass client2 パスワードありの場合
これを実際にやってみたところ、thinkpadでエラーを出している。
前のデータとかち合ったか?
クライアント側で必要なファイルは、
・client1.crt …クライアント証明書
・client1.key …クライアント秘密鍵
windowsで標準インストールの場合は、C:\Program Files\OpenVPN\configに置く
となるらしい。
/usr/share/doc/openvpn/examples/easy-rsa
を以下にコピー
/etc/openvpn
root@siduxbox:/etc/openvpn/easy-rsa/2.0# cd easy-rsa/2.0
root@siduxbox:/etc/openvpn/easy-rsa/2.0# vi vars
root@siduxbox:/etc/openvpn/easy-rsa/2.0# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./clean-all
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
................+....+...............................+..................+...............................................................................................................+........+.........................+.....................................................................+....................................................................+................+.........................................................................................+...............................................................................+.................................+...+..................................+............................................+.........................................................................................................................................+.....................................+..................................................................................................................................+...................................................................................+.....+....................................................................+.........................................................................+........................................................+...+.............................................................+.......................................................................++*++*++*
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --initca
Using CA Common Name: Craine Fort-Funston CA
Generating a 1024 bit RSA private key
.................................................++++++
......................++++++
writing new private key to 'ca.key'
-----
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --server server
Generating a 1024 bit RSA private key
................................++++++
...............++++++
writing new private key to 'server.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:00:34 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool kitao1
Generating a 1024 bit RSA private key
...................................++++++
.................................................++++++
writing new private key to 'kitao1.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'kitao1'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:00:56 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass client1
Generating a 1024 bit RSA private key
.....++++++
.........................++++++
writing new private key to 'client1.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:02:52 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn# ln -s easy-rsa/2.0/keys keys
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool thinkpad
Generating a 1024 bit RSA private key
................++++++
...............++++++
writing new private key to 'thinkpad.key'
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'thinkpad'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:06:33 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass thinkpad
Generating a 1024 bit RSA private key
............................................................++++++
....................................++++++
writing new private key to 'thinkpad.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'thinkpad'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:07:01 2020 GMT (3650 days)
failed to update database
TXT_DB error number 2
root@siduxbox:/etc/openvpn/easy-rsa/2.0# ./pkitool --pass kitao2
Generating a 1024 bit RSA private key
.............++++++
................................++++++
writing new private key to 'kitao2.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:'Kanagawa'
localityName :PRINTABLE:'Isehara'
organizationName :PRINTABLE:'Craine Fort-Funston'
commonName :PRINTABLE:'kitao2'
emailAddress :IA5STRING:'akira@craine.ne.jp'
Certificate is to be certified until Sep 24 13:09:38 2020 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
root@siduxbox:/etc/openvpn#