vpn:openvpn_server

Настройка сервера OpenVPN

emerge net-misc/openvpn app-crypt/easy-rsa
cd /etc/init.d/
ln -sndf openvpn openvpn.server
rc-update add openvpn.server default
mkdir -p /etc/openvpn/server/ccd
touch /etc/openvpn/server.conf
cd /etc/openvpn/server/
 
cp /usr/share/easy-rsa/vars.example /usr/share/easy-rsa/vars
mcedit /usr/share/easy-rsa/vars
 
ln -sndf /usr/share/easy-rsa/x509-types
ln -sndf /usr/share/easy-rsa/openssl-1.0.cnf
 
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa build-ca nopass
/usr/share/easy-rsa/easyrsa gen-dh
# либо openssl dhparam -out dh4096.pem 4096 т.к. easyrsa gen-dh генерит 2К-ключ
cd pki
openvpn --genkey --secret ta.key
cd ..
 
export KEY_CN="server.fqdn.tld"
/usr/share/easy-rsa/easyrsa build-server-full "${KEY_CN}" nopass
 
mcedit /etc/openvpn/server.conf
/etc/openvpn/server.conf
mode server
tls-server
 
local 1.2.3.4
port 179
proto udp
dev tun
tun-mtu 1400
mtu-disc yes
keepalive 10 60
 
tls-auth        /etc/openvpn/server/pki/ta.key 0
ca              /etc/openvpn/server/pki/ca.crt
dh              /etc/openvpn/server/pki/dh.pem
cert            /etc/openvpn/server/pki/issued/server.fqdn.tld.crt
key             /etc/openvpn/server/pki/private/server.fqdn.tld.key
 
 
persist-key
persist-tun
comp-lzo
 
ifconfig-pool-persist ipp.txt
ifconfig 10.77.96.1 255.255.255.0
ifconfig-pool 10.77.96.2 10.77.96.254
route 10.77.96.0 255.255.255.0 10.77.96.1
 
# route to this VPN server
push "route 1.2.3.4 255.255.255.255 net_gateway"
 
# Philology, Philosophy, History
push "route 1.2.3.0 255.255.255.0 vpn_gateway 100"
push "route 10.77.0.0 255.255.0.0 vpn_gateway 100"
 
client-config-dir server/ccd
 
client-to-client
float
 
duplicate-cn
verb 3
#cipher DES-EDE3-CBC # Тип шифрования.
log-append /var/log/openvpn.log # Лог-файл.
 
user nobody
group nogroup
status openvpn-status.log
/etc/init.d/openvpn.server restart 
mcedit /usr/local/sbin/gen-openvpn-client-profile.sh
chmod +x /usr/local/sbin/gen-openvpn-client-profile.sh
/usr/local/sbin/gen-openvpn-client-profile.sh
#!/bin/bash
 
CLIENT_NAME=$1
KEYS_DIR='/etc/openvpn/keys'
TEMPLATE_DIR='/etc/openvpn'
OUTPUT_DIR='/etc/openvpn'
 
source /usr/share/easy-rsa/vars
/usr/share/easy-rsa/build-key-pkcs12 ${CLIENT_NAME}
 
(
        cat ${TEMPLATE_DIR}/client.ovpn-templates ;
        echo '<ca>'       ; cat ${KEYS_DIR}/ca.crt             ; echo '</ca>' ;
        echo '<cert>'     ; cat ${KEYS_DIR}/${CLIENT_NAME}.crt ; echo '</cert>' ;
        echo '<key>'      ; cat ${KEYS_DIR}/${CLIENT_NAME}.key ; echo '</key>' ;
        echo '<tls-auth>' ; cat ${KEYS_DIR}/ta.key             ; echo '</tls-auth>' ;
) > ${OUTPUT_DIR}/${CLIENT_NAME}.ovpn
/etc/openvpn/client.ovpn-templates
client
dev tun
proto udp
remote server.fqdn.tld 179
resolv-retry infinite
persist-key
persist-tun
ping 10
comp-lzo
tls-client
verb 3
pull
key-direction 1
  • vpn/openvpn_server.txt
  • Последнее изменение: 2020-02-27 23:56
  • Andrew A. Sabitov