root@server:/etc/openvpn/easy-rsa# cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa
root@server:/etc/openvpn/easy-rsa# cd /etc/openvpn/easy-rsa
Измените / etc / openvpn / easy-rsa / vars и заполните соответствующие значения root@server:/etc/openvpn/easy-rsa# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
root@server:/etc/openvpn/easy-rsa# ./clean-all
root@server:/etc/openvpn/easy-rsa# ./build-ca
Generating a 1024 bit RSA private key
......................++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [OpenVPN-CA]:
Name [OpenVPN-CA]:
Email Address [test@example.com]:
root@server:/etc/openvpn/easy-rsa# ./build-key-server server
Generating a 1024 bit RSA private key
...............++++++
..........++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [server]:
Name [OpenVPN-CA]:
Email Address [test@example.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'HK'
stateOrProvinceName :PRINTABLE:'New Territories'
localityName :PRINTABLE:'Tuen Mun'
organizationName :PRINTABLE:'Home'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'server'
name :PRINTABLE:'OpenVPN-CA'
emailAddress :IA5STRING:'test@example.com'
Certificate is to be certified until Mar 18 13:18:09 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@server:/etc/openvpn/easy-rsa# ./build-key client
Generating a 1024 bit RSA private key
..........++++++
...................................................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [HK]:
State or Province Name (full name) [New Territories]:
Locality Name (eg, city) [Tuen Mun]:
Organization Name (eg, company) [Home]:
Organizational Unit Name (eg, section) [changeme]:
Common Name (eg, your name or your server's hostname) [client]:
Name [OpenVPN-CA]:
Email Address [test@example.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'HK'
stateOrProvinceName :PRINTABLE:'New Territories'
localityName :PRINTABLE:'Tuen Mun'
organizationName :PRINTABLE:'Home'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'client'
name :PRINTABLE:'OpenVPN-CA'
emailAddress :IA5STRING:'test@example.com'
Certificate is to be certified until Mar 18 13:20:00 2022 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@server:/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
............................................................................+..................+...........+...........................+..............+..............................................................+......................................................................................................+......................................................................................+..............................................................................+..................+.................+..................................................................+.........................................+...........+..........................................................................................+..............................................+....................................+...................+....+..+................+.+.........+..............................................................+....................................................................................................................+...........+.....................................................................................................................................+.........................................................+...........................................................+.......................................................................................................................................................................................................................................+..............+..............................................................................................................................................+............................+..........................................+....................................................................................................................................++*++*++*
скопируйте необходимые файлы из / etc / openvpn / easy-rsa / keys на сервере в / etc / openvpn для сервера: ca.crt dh1024.pem server.crt server.key для клиента: ca.crt client.crt client.key скопируйте соответствующие образцы файлов конфигурации из / usr / share / doc / openvpn / examples / sample-config-files / to / etc / openvpn и распаковать их server: server.conf.gz client: client.conf Файл конфигурации сервера должен быть работоспособен по умолчанию, отредактируйте «remote» "на клиенте /etc/openvpn/client.conf Введите имя / IP-адрес сервера. Никаких других изменений не требуется. Откройте UDP 1194 на брандмауэре сервера. Служба готова к запуску сейчас, сервер находится в 10.8.0.1. Я предполагаю, что вам нужно только получить доступ к серверу, необходимо выполнить дополнительную работу, если вы хотите доступ к другим внутренним сетям. настроить samba для прослушивания на 10.8.0.0/24 Все должно быть сделано, оставляйте комментарий здесь, если что-то пойдет не так.