added simple openvpn services example on how to use them
This commit is contained in:
Blake Harnden
parent
8d628fbe1c
commit
b55aad9750
1 changed files with 73 additions and 1 deletions
|
|
@ -9,6 +9,78 @@ The security services offer a wide variety of protocols capable of satisfying th
|
|||
|
||||
## Installation
|
||||
|
||||
Libraries needed for some of the security services.
|
||||
|
||||
```shell
|
||||
sudo apt-get install ipsec-tools racoon openvpn
|
||||
sudo apt-get install ipsec-tools racoon
|
||||
```
|
||||
|
||||
## OpenVPN
|
||||
|
||||
Below is a set of instruction for running a very simple OpenVPN client/server scenario.
|
||||
|
||||
### Installation
|
||||
|
||||
```shell
|
||||
# install openvpn
|
||||
sudo apt install openvpn
|
||||
|
||||
# retrieve easyrsa3 for key/cert generation
|
||||
git clone https://github.com/OpenVPN/easy-rsa
|
||||
```
|
||||
|
||||
### Generating Keys/Certs
|
||||
|
||||
```shell
|
||||
# navigate into easyrsa3 repo subdirectory that contains built binary
|
||||
cd easy-rsa/easyrsa3
|
||||
|
||||
# initalize pki
|
||||
./easyrsa init-pki
|
||||
|
||||
# build ca
|
||||
./easyrsa build-ca
|
||||
|
||||
# generate and sign server keypair(s)
|
||||
SERVER_NAME=server1
|
||||
./easyrsa get-req $SERVER_NAME nopass
|
||||
./easyrsa sign-req server $SERVER_NAME
|
||||
|
||||
# generate and sign client keypair(s)
|
||||
CLIENT_NAME=client1
|
||||
./easyrsa get-req $CLIENT_NAME nopass
|
||||
./easyrsa sign-req client $CLIENT_NAME
|
||||
|
||||
# DH generation
|
||||
./easyrsa gen-dh
|
||||
|
||||
# create directory for keys for CORE to use
|
||||
# NOTE: the default is set to a directory that requires using sudo, but can be
|
||||
# anywhere and not require sudo at all
|
||||
KEYDIR=/etc/core/keys
|
||||
sudo mkdir $KEYDIR
|
||||
|
||||
# move keys to directory
|
||||
sudo cp pki/ca.crt $KEYDIR
|
||||
sudo cp pki/issued/*.crt $KEYDIR
|
||||
sudo cp pki/private/*.key $KEYDIR
|
||||
sudo cp pki/dh.pem $KEYDIR/dh1024.pem
|
||||
```
|
||||
|
||||
### Configure Server Nodes
|
||||
|
||||
Add VPNServer service to nodes desired for running an OpenVPN server.
|
||||
|
||||
Modify [sampleVPNServer](../../daemon/examples/services/sampleVPNServer) for the following
|
||||
* Edit keydir key/cert directory
|
||||
* Edit keyname to use generated server name above
|
||||
* Edit vpnserver to match an address that the server node will have
|
||||
|
||||
### Configure Client Nodes
|
||||
|
||||
Add VPNClient service to nodes desired for acting as an OpenVPN client.
|
||||
|
||||
Modify [sampleVPNClient](../../daemon/examples/services/sampleVPNClient) for the following
|
||||
* Edit keydir key/cert directory
|
||||
* Edit keyname to use generated client name above
|
||||
* Edit vpnserver to match the address a server was configured to use
|
||||
|
|
|
|||
Loading…
Reference in a new issue